nerdexam
(ISC)2

CISSP · Question #1329

Which of the following mobile code security models relies only on trust?

The correct answer is A. Code signing. Mobile code security models control how untrusted code is executed; code signing relies purely on trust in the signer's identity rather than technical execution constraints.

Submitted by devops_kid· Mar 5, 2026Software Development Security

Question

Which of the following mobile code security models relies only on trust?

Options

  • ACode signing
  • BClass authentication
  • CSandboxing
  • DType safety

How the community answered

(21 responses)
  • A
    81% (17)
  • B
    5% (1)
  • C
    5% (1)
  • D
    10% (2)

Why each option

Mobile code security models control how untrusted code is executed; code signing relies purely on trust in the signer's identity rather than technical execution constraints.

ACode signingCorrect

Code signing authenticates the origin and integrity of code using digital certificates and cryptographic signatures, but it provides no technical enforcement once the code runs - the system simply trusts that signed code from a known publisher is safe. This model is entirely trust-based: if the signing authority or developer is compromised or malicious, there is no additional technical barrier preventing harmful execution.

BClass authentication

Class authentication is not a widely recognized standalone mobile code security model and does not represent a trust-only paradigm; it is a distractor not grounded in standard security frameworks.

CSandboxing

Sandboxing is a technical isolation mechanism that restricts what resources and system calls mobile code can access regardless of trust, making it an enforcement-based model rather than a trust-based one.

DType safety

Type safety is a language-level technical control (used in languages like Java) that prevents certain classes of memory and type errors at compile or runtime, enforcing security through technical constraints rather than relying on trust.

Concept tested: Mobile code security models and trust-based controls

Source: https://csrc.nist.gov/publications/detail/sp/800-28/version-2/final

Topics

#Mobile code security#Code signing#Trust models#Software security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice