ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During the design of an implantable medical device, engineers must ensure unauthorized firmware cannot be executed either at power-on or during field upgrades performed by clinicians. Which architectural control BEST satisfies both secure boot and secure update requirements?
Encrypt each firmware image with a symmetric key stored in on-device flash memory to keep its contents confidential
Require clinicians to perform multifactor authentication before initiating any firmware update procedure
Add a cyclic redundancy check (CRC) after each update to detect any corruption of the newly written firmware
Incorporate a hardware root of trust that validates a digital signature on the bootloader and every firmware package before it is executed or installed
A hardware-based root of trust can securely store a device-unique key pair that signs the initial bootloader and verifies a digital signature on every subsequent stage, including over-the-air or clinical updates. Because the processor will only execute code whose signature matches a trusted root certificate, attackers cannot install or run malicious firmware-even if they have physical access. Merely encrypting firmware (distractor) protects confidentiality but not authenticity; an attacker who learns or replaces the key could still run altered code. Requiring multifactor authentication controls who may start an update but does not validate the code itself. Simple CRC checks detect random corruption, not deliberate tampering, because they are not cryptographically strong. Therefore, incorporating a hardware root of trust that enforces signature verification is the most effective measure for both secure boot and secure update.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a hardware root of trust?
Open an interactive chat with Bash
How does digital signature verification work in secure boot and updates?
Open an interactive chat with Bash
Why is encryption alone not enough to secure firmware updates?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Architecture and Design
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .