nerdexam
(ISC)2

CISSP · Question #1155

A system developer has a requirement for an application to check for a secure digital signature before the application is accessed on a user's laptop. Which security mechanism addresses this requireme

The correct answer is C. Trusted Platform Module (TPM). This question tests knowledge of hardware-based security mechanisms that verify application integrity using digital signatures before execution on a laptop.

Submitted by andreas_gr· Mar 5, 2026Security Architecture and Engineering

Question

A system developer has a requirement for an application to check for a secure digital signature before the application is accessed on a user's laptop. Which security mechanism addresses this requirement?

Options

  • AHardware encryption
  • BCertificate revocation list (CRL) policy
  • CTrusted Platform Module (TPM)
  • DKey exchange

How the community answered

(18 responses)
  • A
    11% (2)
  • B
    6% (1)
  • C
    83% (15)

Why each option

This question tests knowledge of hardware-based security mechanisms that verify application integrity using digital signatures before execution on a laptop.

AHardware encryption

Hardware encryption protects data confidentiality by encrypting stored data at rest, but does not provide a mechanism to verify or validate digital signatures on applications before execution.

BCertificate revocation list (CRL) policy

A Certificate Revocation List (CRL) policy is used to check whether a digital certificate has been revoked, not to enforce digital signature verification as a prerequisite for application access on a local device.

CTrusted Platform Module (TPM)Correct

A Trusted Platform Module (TPM) is a dedicated hardware chip embedded in a device that stores cryptographic keys and performs secure digital signature verification. TPM enables platform integrity checks by measuring and validating software components before they are executed, ensuring only trusted, signed applications are allowed to run. This satisfies the requirement of checking for a secure digital signature before application access.

DKey exchange

Key exchange is a cryptographic process used to securely share encryption keys between parties during communication sessions, and is unrelated to verifying application digital signatures before local execution.

Concept tested: TPM-based application digital signature verification

Source: https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/trusted-platform-module-overview

Topics

#Trusted Platform Module (TPM)#secure boot#digital signature verification#endpoint security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice