CAS-001 Question #394: Real Exam Question with Answer & Explanation

The correct answer is C: Remote attestation. Ann needs assurance that her application has not been modified between publication and execution on a mobile device. Option C, remote attestation, is the correct mechanism. Remote attestation uses cryptographic signing: Ann's software is signed with her private key, and the mobil

Question

Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices. Which of the following should Ann implement to stop modified copies of her software form running on mobile devices?

Options

ASingle sign-on
BIdentity propagation
CRemote attestation
DSecure code review

Explanation

Ann needs assurance that her application has not been modified between publication and execution on a mobile device. Option C, remote attestation, is the correct mechanism. Remote attestation uses cryptographic signing: Ann's software is signed with her private key, and the mobile device (or a trusted third party) verifies the signature against her public key before allowing the software to run. If the software has been tampered with, the cryptographic hash will not match the signature, and execution is blocked. This is the foundational security mechanism used by app stores and mobile OS platforms (e.g., Android's APK signing, Apple's code signing). Single sign-on (A) handles identity authentication for users, not software integrity. Identity propagation (B) relates to forwarding user credentials across systems, not code integrity. Secure code review (D) is a development-time practice that examines source code for vulnerabilities - it cannot prevent post-publication modification of a compiled binary.

Community Discussion

No community discussion yet for this question.

Full CAS-001 Practice