Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

A deployment tool downloads a vendor-supplied patch file that is protected with a digital signature. To confirm the file's integrity before installation, which step must the tool perform as part of signature validation?

  • Hash the downloaded file and compare the result with the hash value obtained by decrypting the signature with the vendor's public key.

  • Verify that the vendor's X.509 certificate chain and timestamp are valid, assuming integrity if both checks succeed.

  • Encrypt the entire downloaded file with the vendor's public key and verify that the ciphertext length matches the original signature length.

  • Compare the file's size and an unsigned checksum published on the vendor's HTTPS web page.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Concepts
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot