0 of 20 Questions completed
Questions:
You have already completed the knowledge check before. Hence you can not start it again.
Knowledge Check is loading…
You must sign in or sign up to start the knowledge check.
You must first complete the following:
0 of 20 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Thanks for trying. You didn’t quite score high enough to earn your certificate this time around. Hike back through the learning path, then try again.
Congratulations! Your hike on the path was fruitful. You learned a lot, and earned the certificate of achievement.
Wow! You are amazing! You hiked the learning path and earned the certificate of achievement. Thanks for traveling along with us.
1. The list of security vulnerabilities the researchers discovered in devices made by four vendors includes (select all that apply):
2. Select all that are true. An OSS license:
3. Vulnerabilities can include:
4. The originator of the open source software license cannot stipulate that any changes made to the software must be published to the public.
5. Licenses can change over time. A version of software may have originally had a ‘good’ evaluation, and later versions may introduce components added that are deemed ‘risky’ by your organization’s policies.
6. Sonatype’s free OSS Index provides the ability for developers to check if any library has known, disclosed vulnerabilities.
7. OSS Index is a free catalog of open source components and scanning tools to help developers identify vulnerabilities, understand risk, and keep their software safe.
8. Where does the vulnerability information come from that is reported in the OSS Index? (select all that apply)
9. The OSS index has limitations. (select all that apply)
10.You used the Nexus Vulnerability Scanner to scan your applications and produce a Software Bill of Materials (SBOM). From the SBOM you are able to view policy alerts, security issues, and a license analysis, helping you understand your level of open source risk.
11. The data gathered in the OSS Index is derived from public sources, and does not include human curated intelligence nor expert remediation guidance.
12. Which of the following are key benefits of Nexus Firewall:
13. Which of the following are key benefits of Nexus Lifecycle:
14. While Lifecycle indicates vulnerabilities found during the development process, Auditor indicates risk found in production applications.
15. Sonatype’s Nexus platform integrations provide universal support for many of your favorite languages and packages.
16. Nexus IQ server provides data with virtually no false-positives and no false-negatives by using a combination of automated identification and human research that eliminates false positives and negatives.
17. An SBOM is important in any and all phases of the SDLC. You are able to generate one using Sonatype’s free tools and with Sonatype paid tools. A few key advantages of using Sonatype’s paid tools are that you receive additional human-curated intelligence data and remediation advice. These are not part of an SBOM generated via the free tools.
18. Nexus IQ will enable you to identify:
19. In order to evaluate an application that is packaged as a war, tar, zip, file, etc., you don’t have to include the configuration points.
20. Sonatype provides free offerings to support you. Match the following support resource with the definition:
Community
|
|
Learn
|
|
Guides
|
|
Support
|
|
Docs
|
|