Question
86.2% complete
Question
A company identifies the need to monitor and secure applications, third-party software, libraries, and dependencies. Which of the following practices directly support this endeavor? (Select the three best options.)
A.Software package monitoring
B.Software Bill of Materials
C.Software composition analysis
D.Credentialed vulnerability scans
Question
A company identifies the need to monitor and secure applications, third-party software, libraries, and dependencies. Which of the following practices directly support this endeavor? (Select the three best options.)
A.Software package monitoring
B.Software Bill of Materials
C.Software composition analysis
D.Credentialed vulnerability scans
Answers
GPT-4o mini
To effectively monitor and secure applications, third-party software, libraries, and dependencies, the following three practices are the best options:
A. **Software package monitoring** - This involves keeping track of software packages used within applications to identify any vulnerabilities or updates needed, which is essential for security.
B. **Software Bill of Materials** - A Software Bill of Materials (SBOM) provides a detailed list of components, including open-source and third-party libraries, which helps in understanding what is included in the software and aids in vulnerability management.
C. **Software composition analysis** - This practice analyzes the software components and their licenses, helping to identify vulnerabilities and license compliance issues, making it vital for securing applications with various dependencies.
D. **Credentialed vulnerability scans** - While useful, this practice focuses more on scanning for broader vulnerabilities across systems rather than specifically monitoring and securing software components and dependencies.
Thus, the three best options are:
- A. Software package monitoring
- B. Software Bill of Materials
- C. Software composition analysis
A. **Software package monitoring** - This involves keeping track of software packages used within applications to identify any vulnerabilities or updates needed, which is essential for security.
B. **Software Bill of Materials** - A Software Bill of Materials (SBOM) provides a detailed list of components, including open-source and third-party libraries, which helps in understanding what is included in the software and aids in vulnerability management.
C. **Software composition analysis** - This practice analyzes the software components and their licenses, helping to identify vulnerabilities and license compliance issues, making it vital for securing applications with various dependencies.
D. **Credentialed vulnerability scans** - While useful, this practice focuses more on scanning for broader vulnerabilities across systems rather than specifically monitoring and securing software components and dependencies.
Thus, the three best options are:
- A. Software package monitoring
- B. Software Bill of Materials
- C. Software composition analysis