Which practice helps verify that a software component originated from a trusted source and was not altered?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the AFSC Cyberspace Operations Officer Exam. Engage with detailed questions and explanations to enhance your understanding and improve your exam readiness. Pass with confidence!

Multiple Choice

Which practice helps verify that a software component originated from a trusted source and was not altered?

Explanation:
Code signing is the practice that verifies both where a software component came from and that it hasn’t been altered. When a publisher signs a component, they apply a digital signature using their private key. That signature is packaged with the software and can be checked with the publisher’s public key (via a trusted certificate). If the code has been tampered after signing, the signature won’t verify, signaling that the artifact’s integrity was broken. This process also ties the artifact to a known, trusted source, providing provenance. An SBOM lists the components present in a product but doesn’t prove who published each one or whether it has been modified since publication. Vendor risk management focuses on evaluating risks associated with suppliers, not on validating the authenticity or integrity of individual software artifacts. Code review examines the code itself for quality and security, but it doesn’t confirm the artifact’s provenance or whether it has been altered in transit.

Code signing is the practice that verifies both where a software component came from and that it hasn’t been altered. When a publisher signs a component, they apply a digital signature using their private key. That signature is packaged with the software and can be checked with the publisher’s public key (via a trusted certificate). If the code has been tampered after signing, the signature won’t verify, signaling that the artifact’s integrity was broken. This process also ties the artifact to a known, trusted source, providing provenance.

An SBOM lists the components present in a product but doesn’t prove who published each one or whether it has been modified since publication. Vendor risk management focuses on evaluating risks associated with suppliers, not on validating the authenticity or integrity of individual software artifacts. Code review examines the code itself for quality and security, but it doesn’t confirm the artifact’s provenance or whether it has been altered in transit.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy