CISSP · Question #1329
Which of the following mobile code security models relies only on trust?
The correct answer is A. Code signing. Mobile code security models control how untrusted code is executed; code signing relies purely on trust in the signer's identity rather than technical execution constraints.
Question
Options
- ACode signing
- BClass authentication
- CSandboxing
- DType safety
How the community answered
(21 responses)- A81% (17)
- B5% (1)
- C5% (1)
- D10% (2)
Why each option
Mobile code security models control how untrusted code is executed; code signing relies purely on trust in the signer's identity rather than technical execution constraints.
Code signing authenticates the origin and integrity of code using digital certificates and cryptographic signatures, but it provides no technical enforcement once the code runs - the system simply trusts that signed code from a known publisher is safe. This model is entirely trust-based: if the signing authority or developer is compromised or malicious, there is no additional technical barrier preventing harmful execution.
Class authentication is not a widely recognized standalone mobile code security model and does not represent a trust-only paradigm; it is a distractor not grounded in standard security frameworks.
Sandboxing is a technical isolation mechanism that restricts what resources and system calls mobile code can access regardless of trust, making it an enforcement-based model rather than a trust-based one.
Type safety is a language-level technical control (used in languages like Java) that prevents certain classes of memory and type errors at compile or runtime, enforcing security through technical constraints rather than relying on trust.
Concept tested: Mobile code security models and trust-based controls
Source: https://csrc.nist.gov/publications/detail/sp/800-28/version-2/final
Topics
Community Discussion
No community discussion yet for this question.