ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
An auditor reviewing your software release process notes that compiled installers are distributed to customers via an HTTPS-protected portal. Customers often move the files onto isolated production networks before installation. Which security principle is still insufficiently protected, and what control would best mitigate the gap?
Replicate the download portal across multiple geographic regions using a CDN to improve availability.
Encrypt the binaries with AES-256 before storing them on the portal to strengthen confidentiality.
Digitally sign each release package with the organization's private code-signing certificate to preserve integrity.
Require mutual TLS with client certificates for all customer downloads to enhance authentication.
HTTPS already provides confidentiality and integrity while the files are in transit, and authenticated access to the portal establishes who initiated the download. Once the binaries leave the portal, however, customers have no cryptographic proof that they remain unaltered or truly originated from the publisher. That open issue concerns the principle of integrity (with authenticity and non-repudiation as collateral benefits). Applying a digital code-signing certificate to each release embeds a signature created with the publisher's private key. Customers can later validate the signature with the corresponding public key-even on an offline or air-gapped network-to confirm the software has not been modified. Strengthening portal authentication, storing the files encrypted, or adding redundancy helps other principles (confidentiality, availability) but does not allow customers to detect post-download tampering.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a code-signing certificate, and how does it ensure integrity?
Open an interactive chat with Bash
How can customers verify the authenticity of code-signed software on air-gapped or offline networks?
Open an interactive chat with Bash
What are the benefits of using HTTPS for file delivery, and why is it insufficient for integrity?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Concepts
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .