Which artifact lists the components, versions, and licenses of a software product to support supply-chain transparency?
A CISSP practice question covering Domain 8: Software Development Security. Try answering before reading the explanation below.
Show options & answer
Why "SBOM — Software Bill of Materials" is the right answer
SBOMs (SPDX, CycloneDX) declare every component, version, and license — adopted under U.S. EO 14028 for federal software. Critical for vulnerability response (e.g., 'are we affected by Log4Shell?').
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.