Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

A vendor distributes quarterly firmware updates to customers' industrial controllers over the Internet. The update files must stay confidential while in transit, and customers must be able to confirm that each file is authentic and unaltered before installing it. Which approach BEST satisfies all of these security requirements?

  • Compress the firmware and include a SHA-256 checksum file for customers to compare before installation

  • Encrypt the firmware with AES-256 and apply a digital signature using the vendor's private signing key

  • Encrypt the firmware using the vendor's private key so customers can decrypt it with the public key

  • Encrypt the firmware with AES-256 and email the symmetric key to each customer

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Concepts
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot