Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your organization distributes container images through an internal registry. Each image is digitally signed by computing a SHA-256 digest of the tarball and encrypting that digest with the registry's RSA private key. To verify a freshly pulled image, what is the first cryptographic operation the deployment server should perform?

  • Download the current certificate revocation list for the registry's certificate before performing any cryptographic processing.

  • Encrypt the downloaded image with the deployment server's own private key and return it to the registry for confirmation.

  • Decrypt the attached signature with the registry's public key to obtain the signer's SHA-256 digest of the image.

  • Compute a new SHA-256 hash of the image and then encrypt that hash with the registry's public key.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Concepts
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot