ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
Your team hosts internal source code on a self-managed Git server that must meet regulatory requirements for change traceability and tamper resistance. Which control most effectively strengthens the version control process to satisfy these requirements?
Disable all server-side Git hooks to reduce repository complexity and improve performance.
Enable force-push so developers can rewrite repository history to correct errors quickly.
Permit unauthenticated read-only cloning of repositories to simplify cross-team collaboration.
Enforce GPG-signed commits and protect main branches by requiring pull-request reviews before merges.
Requiring developers to cryptographically sign every commit ensures each change is linked to a verified individual and cannot be modified undetected. Combining this with protected branches that mandate peer review before merges guarantees an auditable history and prevents direct alterations to important code lines, aligning with regulatory expectations for traceability and integrity. Allowing force-push to rewrite history undermines audit trails and can hide unauthorized changes. Unauthenticated read-only access removes accountability and may expose sensitive code. Disabling server-side hooks reduces-not increases-security by eliminating mechanisms that can enforce policy checks such as commit signing and review requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are GPG-signed commits, and why are they important for regulatory compliance?
Open an interactive chat with Bash
How do protected branches improve version control security?
Open an interactive chat with Bash
Why are server-side Git hooks important for enforcing security policies?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)