Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During an automated deployment, a DevSecOps engineer retrieves a JAR file from the company's artifact repository and must prove it is identical to the file produced by yesterday's signed build before promoting it to production. Which approach provides the strongest assurance of both integrity and authenticity in this situation?

  • Rely on the repository's HTTPS connection so the download cannot be modified in transit.

  • Recalculate the JAR's SHA-256 hash on the deployment host and compare it to the hash stored in a CI-generated manifest whose signature is verified first.

  • Compress the JAR with a lossless algorithm before transfer to reduce the chance of corruption during transport.

  • Run a static application security test (SAST) on the JAR before release to ensure no malicious code is present.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Deployment, Operations, Maintenance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot