Reduce OSS Risks Learning Path
Knowledge Check Summary
0 of 20 Questions completed
Questions:
Information
You have already completed the knowledge check before. Hence you can not start it again.
Knowledge Check is loading…
You must sign in or sign up to start the knowledge check.
You must first complete the following:
Results
Results
0 of 20 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
-
Thanks for trying. You didn’t quite score high enough to earn your certificate this time around. Hike back through the learning path, then try again.
-
Congratulations! Your hike on the path was fruitful. You learned a lot, and earned the certificate of achievement.
-
Wow! You are amazing! You hiked the learning path and earned the certificate of achievement. Thanks for traveling along with us.
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 20
1. Question
1. The list of security vulnerabilities the researchers discovered in devices made by four vendors includes (select all that apply):
CorrectIncorrect -
Question 2 of 20
2. Question
2. Select all that are true. An OSS license:
CorrectIncorrect -
Question 3 of 20
3. Question
3. Vulnerabilities can include:
CorrectIncorrect -
Question 4 of 20
4. Question
4. The originator of the open source software license cannot stipulate that any changes made to the software must be published to the public.
CorrectIncorrect -
Question 5 of 20
5. Question
5. Licenses can change over time. A version of software may have originally had a ‘good’ evaluation, and later versions may introduce components added that are deemed ‘risky’ by your organization’s policies.
CorrectIncorrect -
Question 6 of 20
6. Question
6. Sonatype’s free OSS Index provides the ability for developers to check if any library has known, disclosed vulnerabilities.
CorrectIncorrect -
Question 7 of 20
7. Question
7. OSS Index is a free catalog of open source components and scanning tools to help developers identify vulnerabilities, understand risk, and keep their software safe.
CorrectIncorrect -
Question 8 of 20
8. Question
8. Where does the vulnerability information come from that is reported in the OSS Index? (select all that apply)
CorrectIncorrect -
Question 9 of 20
9. Question
9. The OSS index has limitations. (select all that apply)
CorrectIncorrect -
Question 10 of 20
10. Question
10.You used the Nexus Vulnerability Scanner to scan your applications and produce a Software Bill of Materials (SBOM). From the SBOM you are able to view policy alerts, security issues, and a license analysis, helping you understand your level of open source risk.
CorrectIncorrect -
Question 11 of 20
11. Question
11. The data gathered in the OSS Index is derived from public sources, and does not include human curated intelligence nor expert remediation guidance.
CorrectIncorrect -
Question 12 of 20
12. Question
12. Which of the following are key benefits of Nexus Firewall:
CorrectIncorrect -
Question 13 of 20
13. Question
13. Which of the following are key benefits of Nexus Lifecycle:
CorrectIncorrect -
Question 14 of 20
14. Question
14. While Lifecycle indicates vulnerabilities found during the development process, Auditor indicates risk found in production applications.
CorrectIncorrect -
Question 15 of 20
15. Question
15. Sonatype’s Nexus platform integrations provide universal support for many of your favorite languages and packages.
CorrectIncorrect -
Question 16 of 20
16. Question
16. Nexus IQ server provides data with virtually no false-positives and no false-negatives by using a combination of automated identification and human research that eliminates false positives and negatives.
CorrectIncorrect -
Question 17 of 20
17. Question
17. An SBOM is important in any and all phases of the SDLC. You are able to generate one using Sonatype’s free tools and with Sonatype paid tools. A few key advantages of using Sonatype’s paid tools are that you receive additional human-curated intelligence data and remediation advice. These are not part of an SBOM generated via the free tools.
CorrectIncorrect -
Question 18 of 20
18. Question
18. Nexus IQ will enable you to identify:
CorrectIncorrect -
Question 19 of 20
19. Question
19. In order to evaluate an application that is packaged as a war, tar, zip, file, etc., you don’t have to include the configuration points.
CorrectIncorrect -
Question 20 of 20
20. Question
20. Sonatype provides free offerings to support you. Match the following support resource with the definition:
Sort elements
- Find answers and collaborate with other Sonatype users
- Learn from Nexus Platform experts through self-paced online courses
- Quick-start and technical guides for the Nexus Platform
- View the Knowledge Base or open a support ticket
- Reference documentation for Sonatype products
-
Community
-
Learn
-
Guides
-
Support
-
Docs
CorrectIncorrect