ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During a pipeline review, the DevOps team needs a control that lets production servers confirm that every compiled microservice binary genuinely came from the trusted build system and was not modified in transit or at rest. Which measure best satisfies this requirement?
Publish a SHA-256 checksum for every binary on an internal wiki so operators can manually compare values after deployment.
Digitally sign each release with the build server's private key and have deployment hosts verify the signature using a trusted public certificate before execution.
Store build artifacts in a read-only directory within the version-control system that only release engineers can access.
Transfer the binaries to production over HTTPS to prevent interception during network transit.
Digitally signing an executable binds a cryptographic hash of the file to the build system's private signing key. At deployment time the production host verifies the signature with the corresponding trusted public certificate; if any bit in the binary has changed or the file originated elsewhere, the verification fails, preventing execution. HTTPS (TLS) only protects data in transit and offers no assurance once the file is stored. Posting checksums on a wiki relies on manual effort and is susceptible to tampering unless the checksums themselves are signed. Storing artifacts in a read-only repository limits casual changes but does not give the runtime a way to detect undetected alteration after storage. Therefore, code signing is the most effective anti-tampering control for assuring both integrity and authenticity of build artifacts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is digital signing and how does it ensure the authenticity and integrity of files?
Open an interactive chat with Bash
Why is transferring binaries over HTTPS not enough for securing production pipelines?
Open an interactive chat with Bash
What is a cryptographic hash and how is it involved in digital signing?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Implementation
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .