Home » Master Class » 3rd TPRM Master Class by International TPRM Alliance

News/Events@HB

3rd TPRM Master Class by International TPRM Alliance

0%
5

TPRM Master Class Series by ITA

3rd TPRM Master Class

Please enter your full name, email address and location for certificate/score-generations! You will receive a certificate only if you score above 70%.

1 / 28

Category: 3rd-TPRMMasterclass

1. why do zombie dependencies remain in production undetected?

2 / 28

Category: 3rd-TPRMMasterclass

2. What is the first stage in the anatomy of a supply chain attack?

3 / 28

Category: 18th RT-International TPRM Alliance

How would you rate the overall experience of the event?

  • 3. Highly insightful and engaging
  • Informative and valuable
  • Average / satisfactory
  • Lengthy but useful
  • Too long and less engaging
  • Not relevant / could be improved

4 / 28

Category: 3rd-TPRMMasterclass

4. How does the 'Optimize 12+ months' phase of the Supply Chain Security Roadmap differ from the 'Mature 6-12 months' phase?

5 / 28

Category: 3rd-TPRMMasterclass

5. What does SBOM stand for?

6 / 28

Category: 3rd-TPRMMasterclass

6. According to the SBOM Best Practices slide, what is the purpose of pairing SBOMs with VEX documents?

7 / 28

Category: 18th RT-International TPRM Alliance

7. Please share your feedback on the event

  • What did you find most valuable?
  • What could be improved?
  • Any suggestions for future sessions?

8 / 28

Category: 3rd-TPRMMasterclass

8. What is the primary characteristic that makes a dependency a 'zombie dependency'?

9 / 28

Category: 3rd-TPRMMasterclass

9. In the context of vulnerability correlation in the SBOM maturity pipeline, which scoring systems are applied?

10 / 28

Category: 3rd-TPRMMasterclass

10. During the XZ Utils backdoor attack, how was the threat ultimately discovered?

11 / 28

Category: 3rd-TPRMMasterclass

11. An enterprise security team is evaluating whether to standardize on CycloneDX or SPDX for their SBOM format. What guidance does the presentation provide, and why is format standardization critical?

12 / 28

Category: 3rd-TPRMMasterclass

12. What root cause made the XZ Utils attack pattern particularly dangerous and scalable according to the presentation?

13 / 28

Category: 3rd-TPRMMasterclass

13. According to the 'SBOMs as Mandatory Evidence' , which regulatory frameworks specifically drive the requirement to embed signed, versioned SBOMs?

14 / 28

Category: 3rd-TPRMMasterclass

14. Which US legislation established SBOM as a national security priority in 2021?

15 / 28

Category: 3rd-TPRMMasterclass

15. According to the presentation, what is the global cost of supply chain attacks in 2025?

16 / 28

Category: 3rd-TPRMMasterclass

16. Which attestation frameworks are mentioned for verifying SBOM provenance?

17 / 28

Category: 3rd-TPRMMasterclass

17. What does RBOM stand for?

18 / 28

Category: 3rd-TPRMMasterclass

18. When did the EU Cyber Resilience Act enter into force?

19 / 28

Category: 3rd-TPRMMasterclass

19. What does DORA require specifically for the financial sector?

20 / 28

Category: 3rd-TPRMMasterclass

20. What is the key difference between static SBOM and Runtime Bill of Materials (RBOM)?

21 / 28

Category: 3rd-TPRMMasterclass

21. Which open-source tools are mentioned for creating SBOMs during builds?

22 / 28

Category: 3rd-TPRMMasterclass

22. What was the CVE identifier associated with the XZ Utils backdoor incident in March 2024?

23 / 28

Category: 18th RT-International TPRM Alliance

Which topics would you like to see covered in future roundtables or masterclasses?
e.g.,

  • 23. Third-Party Cyber Risk & Continuous Monitoring
  • AI Risk in Vendor Ecosystems
  • Cloud & SaaS Risk Management
  • Regulatory Compliance (e.g., outsourcing, data protection)
  • Fourth-Party / Concentration Risk
  • Incident & Breach Management involving vendors
  • Other (please specify): __________

24 / 28

Category: 3rd-TPRMMasterclass

24. According to the NTIA Minimum Elements, which of the following is a required field in an SBOM?

25 / 28

Category: 3rd-TPRMMasterclass

25. An organization wants to reduce triage time when a new critical CVE is disclosed. How does the combination of SBOM and RBOM achieve this according to the presentation?

26 / 28

Category: 3rd-TPRMMasterclass

26. A security engineer detects that a library declared in the SBOM at build time is not present when observing runtime behavior. Which RBOM capability directly addresses this scenario?

27 / 28

Category: 3rd-TPRMMasterclass

27. According to the Supply Chain Security Roadmap, what activities are included in the 'Foundation' phase (0–3 months)?

28 / 28

Category: 3rd-TPRMMasterclass

28. A threat actor injects malicious code into a trusted npm package, which is then published through the normal registry. A downstream enterprise application that pins to a version range automatically picks up the compromise. Which two phases of the supply chain attack anatomy from the presentation are directly demonstrated here?

Your score is

0%

Exit