Home » Master Class » 3rd TPRM Master Class by International TPRM Alliance

News/Events@HB

3rd TPRM Master Class by International TPRM Alliance

0%
5

TPRM Master Class Series by ITA

3rd TPRM Master Class

Please enter your full name, email address and location for certificate/score-generations! You will receive a certificate only if you score above 70%.

1 / 28

Category: 3rd-TPRMMasterclass

1. A security engineer detects that a library declared in the SBOM at build time is not present when observing runtime behavior. Which RBOM capability directly addresses this scenario?

2 / 28

Category: 3rd-TPRMMasterclass

2. What was the CVE identifier associated with the XZ Utils backdoor incident in March 2024?

3 / 28

Category: 3rd-TPRMMasterclass

3. What does DORA require specifically for the financial sector?

4 / 28

Category: 3rd-TPRMMasterclass

4. In the context of vulnerability correlation in the SBOM maturity pipeline, which scoring systems are applied?

5 / 28

Category: 3rd-TPRMMasterclass

5. What does RBOM stand for?

6 / 28

Category: 18th RT-International TPRM Alliance

How would you rate the overall experience of the event?

  • 6. Highly insightful and engaging
  • Informative and valuable
  • Average / satisfactory
  • Lengthy but useful
  • Too long and less engaging
  • Not relevant / could be improved

7 / 28

Category: 3rd-TPRMMasterclass

7. why do zombie dependencies remain in production undetected?

8 / 28

Category: 3rd-TPRMMasterclass

8. When did the EU Cyber Resilience Act enter into force?

9 / 28

Category: 3rd-TPRMMasterclass

9. A threat actor injects malicious code into a trusted npm package, which is then published through the normal registry. A downstream enterprise application that pins to a version range automatically picks up the compromise. Which two phases of the supply chain attack anatomy from the presentation are directly demonstrated here?

10 / 28

Category: 3rd-TPRMMasterclass

10. What is the primary characteristic that makes a dependency a 'zombie dependency'?

11 / 28

Category: 3rd-TPRMMasterclass

11. What root cause made the XZ Utils attack pattern particularly dangerous and scalable according to the presentation?

12 / 28

Category: 3rd-TPRMMasterclass

12. What is the key difference between static SBOM and Runtime Bill of Materials (RBOM)?

13 / 28

Category: 18th RT-International TPRM Alliance

Which topics would you like to see covered in future roundtables or masterclasses?
e.g.,

  • 13. Third-Party Cyber Risk & Continuous Monitoring
  • AI Risk in Vendor Ecosystems
  • Cloud & SaaS Risk Management
  • Regulatory Compliance (e.g., outsourcing, data protection)
  • Fourth-Party / Concentration Risk
  • Incident & Breach Management involving vendors
  • Other (please specify): __________

14 / 28

Category: 3rd-TPRMMasterclass

14. According to the Supply Chain Security Roadmap, what activities are included in the 'Foundation' phase (0–3 months)?

15 / 28

Category: 3rd-TPRMMasterclass

15. What does SBOM stand for?

16 / 28

Category: 3rd-TPRMMasterclass

16. Which attestation frameworks are mentioned for verifying SBOM provenance?

17 / 28

Category: 3rd-TPRMMasterclass

17. According to the presentation, what is the global cost of supply chain attacks in 2025?

18 / 28

Category: 3rd-TPRMMasterclass

18. According to the SBOM Best Practices slide, what is the purpose of pairing SBOMs with VEX documents?

19 / 28

Category: 3rd-TPRMMasterclass

19. According to the NTIA Minimum Elements, which of the following is a required field in an SBOM?

20 / 28

Category: 3rd-TPRMMasterclass

20. An enterprise security team is evaluating whether to standardize on CycloneDX or SPDX for their SBOM format. What guidance does the presentation provide, and why is format standardization critical?

21 / 28

Category: 3rd-TPRMMasterclass

21. Which US legislation established SBOM as a national security priority in 2021?

22 / 28

Category: 3rd-TPRMMasterclass

22. According to the 'SBOMs as Mandatory Evidence' , which regulatory frameworks specifically drive the requirement to embed signed, versioned SBOMs?

23 / 28

Category: 18th RT-International TPRM Alliance

23. Please share your feedback on the event

  • What did you find most valuable?
  • What could be improved?
  • Any suggestions for future sessions?

24 / 28

Category: 3rd-TPRMMasterclass

24. How does the 'Optimize 12+ months' phase of the Supply Chain Security Roadmap differ from the 'Mature 6-12 months' phase?

25 / 28

Category: 3rd-TPRMMasterclass

25. What is the first stage in the anatomy of a supply chain attack?

26 / 28

Category: 3rd-TPRMMasterclass

26. Which open-source tools are mentioned for creating SBOMs during builds?

27 / 28

Category: 3rd-TPRMMasterclass

27. An organization wants to reduce triage time when a new critical CVE is disclosed. How does the combination of SBOM and RBOM achieve this according to the presentation?

28 / 28

Category: 3rd-TPRMMasterclass

28. During the XZ Utils backdoor attack, how was the threat ultimately discovered?

Your score is

0%

Exit