Connecting the needy | A Team of Changemakers | President of India appreciated No-to profit organization (NGO)| Inspired by ISO 26000
Home » Master Class
June 27, 2026
TPRM Master Class Series by ITA
3rd TPRM Master Class
Please enter your full name, email address and location for certificate/score-generations! You will receive a certificate only if you score above 70%.
1 / 28
Category: 3rd-TPRMMasterclass
1. What root cause made the XZ Utils attack pattern particularly dangerous and scalable according to the presentation?
2 / 28
2. During the XZ Utils backdoor attack, how was the threat ultimately discovered?
3 / 28
3. What does SBOM stand for?
4 / 28
4. What does DORA require specifically for the financial sector?
5 / 28
5. why do zombie dependencies remain in production undetected?
6 / 28
6. According to the NTIA Minimum Elements, which of the following is a required field in an SBOM?
7 / 28
7. How does the 'Optimize 12+ months' phase of the Supply Chain Security Roadmap differ from the 'Mature 6-12 months' phase?
8 / 28
8. What is the primary characteristic that makes a dependency a 'zombie dependency'?
9 / 28
9. What is the key difference between static SBOM and Runtime Bill of Materials (RBOM)?
10 / 28
10. An enterprise security team is evaluating whether to standardize on CycloneDX or SPDX for their SBOM format. What guidance does the presentation provide, and why is format standardization critical?
11 / 28
Category: 18th RT-International TPRM Alliance
How would you rate the overall experience of the event?
12 / 28
12. According to the Supply Chain Security Roadmap, what activities are included in the 'Foundation' phase (0–3 months)?
13 / 28
13. According to the presentation, what is the global cost of supply chain attacks in 2025?
14 / 28
14. According to the SBOM Best Practices slide, what is the purpose of pairing SBOMs with VEX documents?
15 / 28
15. What is the first stage in the anatomy of a supply chain attack?
16 / 28
16. Which US legislation established SBOM as a national security priority in 2021?
17 / 28
17. Which open-source tools are mentioned for creating SBOMs during builds?
18 / 28
18. A security engineer detects that a library declared in the SBOM at build time is not present when observing runtime behavior. Which RBOM capability directly addresses this scenario?
19 / 28
19. A threat actor injects malicious code into a trusted npm package, which is then published through the normal registry. A downstream enterprise application that pins to a version range automatically picks up the compromise. Which two phases of the supply chain attack anatomy from the presentation are directly demonstrated here?
20 / 28
20. An organization wants to reduce triage time when a new critical CVE is disclosed. How does the combination of SBOM and RBOM achieve this according to the presentation?
21 / 28
21. Please share your feedback on the event
22 / 28
22. According to the 'SBOMs as Mandatory Evidence' , which regulatory frameworks specifically drive the requirement to embed signed, versioned SBOMs?
23 / 28
23. When did the EU Cyber Resilience Act enter into force?
24 / 28
24. In the context of vulnerability correlation in the SBOM maturity pipeline, which scoring systems are applied?
25 / 28
25. Which attestation frameworks are mentioned for verifying SBOM provenance?
26 / 28
Which topics would you like to see covered in future roundtables or masterclasses? e.g.,
27 / 28
27. What was the CVE identifier associated with the XZ Utils backdoor incident in March 2024?
28 / 28
28. What does RBOM stand for?
Your score is
Restart quiz Exit
May 23, 2026
The quiz has expired!
May 9, 2026