ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your organization is developing a standard operating procedure for patching Linux application servers across staging and production. To minimize the chance that an attacker can inject malicious code while updates move from the vendor to internal repositories, which control should be mandatory in the patch-deployment workflow?

Download patches through an encrypted SSH tunnel but disable signature verification to speed deployment
Mirror the vendor's public repository locally with unauthenticated file synchronization to avoid direct internet access
Have senior administrators manually approve each patch only after it has been installed in production
Validate the vendor's digital signature or checksum on every patch before it is accepted into the internal repository

Report Issue

Answer Description

Requiring the package manager to validate vendor-supplied digital signatures or cryptographic hash values ensures each patch's authenticity and integrity before it ever reaches test or production systems. This closes a key supply-chain attack surface: tampered update files delivered over compromised mirrors or man-in-the-middle channels. Simply tunneling traffic (encrypted transport), mirroring repositories without authentication, or relying on post-installation human approval does not prove the code itself is untampered. Signature and hash verification provide automated, deterministic assurance and are recommended by standards such as NIST SP 800-40 and the CIS Controls for secure patch management.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.