Which of the following statements about SBOM is most accurate?

Prepare for the GitHub Advanced Security Certification Test. Practice with multiple choice questions, detailed explanations, and hints. Achieve success on your first attempt!

Multiple Choice

Which of the following statements about SBOM is most accurate?

Explanation:
SBOM centers on inventorying all components and dependencies in a piece of software so you know exactly what’s inside and where it came from. That visibility is what enables you to assess risk and compliance across the software supply chain. You can identify which open-source libraries and third-party components are included, check for known vulnerabilities, track licensing obligations, and verify provenance. Encrypting dependencies would hide information and defeat the purpose of visibility. While an SBOM may carry license information as part of its data, its main value is not simply tracking licenses but giving a complete view of components for risk and compliance. It also doesn’t handle who can access dependencies—that’s a separate access-control concern.

SBOM centers on inventorying all components and dependencies in a piece of software so you know exactly what’s inside and where it came from. That visibility is what enables you to assess risk and compliance across the software supply chain. You can identify which open-source libraries and third-party components are included, check for known vulnerabilities, track licensing obligations, and verify provenance. Encrypting dependencies would hide information and defeat the purpose of visibility. While an SBOM may carry license information as part of its data, its main value is not simply tracking licenses but giving a complete view of components for risk and compliance. It also doesn’t handle who can access dependencies—that’s a separate access-control concern.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy