CAS-005 · Question #303
CAS-005 Question #303: Real Exam Question with Answer & Explanation
The correct answer is A: Code signing. A security team seeks to address risks within their pipeline related to unauthorized code changes and the inability to independently verify software modules.
Question
A security team determines that the most significant risks within the pipeline are: - Unauthorized code changes - The current inability to perform independent verification of software modules Which of the following best addresses these concerns?
Options
- ACode signing
- BDigital signatures
- CNon-repudiation
- DLightweight cryptography
Explanation
A security team seeks to address risks within their pipeline related to unauthorized code changes and the inability to independently verify software modules.
Common mistakes.
- B. Digital signatures are the underlying technology for code signing, but 'code signing' is the more specific and complete solution for verifying the integrity and authenticity of software modules.
- C. Non-repudiation is the assurance that an action cannot be denied, a property enabled by digital signatures, but it is not a direct mechanism for preventing unauthorized code changes or verifying software modules on its own.
- D. Lightweight cryptography refers to encryption algorithms designed for resource-constrained environments and does not directly address unauthorized code changes or software module verification.
Concept tested. Code integrity and authenticity
Reference. https://learn.microsoft.com/en-us/windows-hardware/drivers/install/driver-signing
Community Discussion
No community discussion yet for this question.