A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.
Which of the following would be BEST for the developer to perform? (Choose two.)
A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.
Which of the following would be BEST for the developer to perform? (Choose two.)
To maintain the integrity of each module of a program and ensure the code cannot be altered by malicious users, the developer should utilize code signing by a trusted third party and make the Discretionary Access Control List (DACL) read-only. Code signing ensures that the code has not been tampered with since it was signed, providing a way to verify its authenticity and integrity. Making the DACL read-only prevents unauthorized users from modifying the program files, thereby safeguarding the code against malicious alterations. Together, these measures help in both verifying the code's integrity and preventing unauthorized modifications.
I think the most suitable answer is AB as the keyword "A developer wants to maintain". So it shud be something to do with implementation prevention control.
Maintaining and implementing are not the same thing.
A and C both directly address the goal of ensuring code integrity and detecting unauthorized modifications by providing ways to validate that the code has not been altered since it was signed or hashed. Certificate-based authentication focuses on verifying the identity of users or systems involved in a communication but does not check the integrity of the code itself.
I'm changing my answer to A and B. MD5 hashes are not effective in maintaining code integrity because they are easily modified. Certificate-based authentication can help maintain the integrity of each module by ensuring only authorized users can access and modify the code
Utilize code signing by a trusted third party (Option A): Code signing ensures authenticity and integrity by providing a digital signature. Make the DACL read-only (Option F): Restricting write access via DACL helps prevent unauthorized modifications to the code.
Reviewed this question again with some research and ChatGPT run-throughs. The second part of the question is focused on ensuring that malicious users cannot make any modification. So Making DACL read only will help with this but then no one can alter it. Looking at this perspective we would want to make sure that ONLY authorized users can alter the code, which would be B. Implement certificate-based authentication
Take a close look at question 233. The question is nearly identical, and the answer choices are identical. Note that: in question 68, the developer wants to "ensure the code cannot be altered" but in question 233 the developer wants "detect unauthorized code modification." These two goals are nearly identical. Usually you want to detect unauthorized code modification in order to prevent unauthorized code modification. If you detect an unauthorized change, you will know not to use that code. Maybe I will go with AF for question 68, and AC for question 233. In the real world, F is impractical because it would not allow authorized changes. But question 68 only state the developer wants to "ensure the code cannot be altered by malicious users." I hate such ambiguous questions. No matter how closely you study them, you can never be completely certain of the answer
The arguments for C not "preventing" also applies to A. As for finding a MD5 collision, good luck with that while keeping the module valid.
The correct answers are (A and C)
Developer wants to: 1-maintain integrity to each module of a program and 2-ensure the code cannot be altered by malicious users. A. Utilize code signing by a trusted third party: Code signing digitally signs executable files with a cryptographic signature. By obtaining a code signing certificate from a trusted third party, the developer signs each module of the program, ensuring integrity. When users run the program, their systems can verify the signature to ensure the code has not been altered since it was signed. Code signing is widely used to establish trust in software distribution channels and mitigate the risk of code tampering. F. Make the DACL read-only: DACL (Discretionary Access Control List) specifies access permissions to securable objects, such as files or directories, on Windows systems. Making the DACL read-only restricts write access to the program's files, maintaining integrity by preventing malicious users from altering them.
For a developer aiming to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users, the best choices would be: A. Utilize code signing by a trusted third party. Code signing involves signing the code with a cryptographic signature, and this signature is verified by the operating system or runtime environment. It ensures that the code has not been tampered with since it was signed. A trusted third party enhances the credibility of the signature. C. Verify MD5 hashes. MD5 hashes can be used to verify the integrity of files. The developer can compute the MD5 hash of each module and provide the computed hashes. Users can then independently calculate the MD5 hash of the downloaded modules and compare them to ensure integrity.
why not F ?
A. Utilize code signing by a trusted third party. Code signing involves digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. This process uses a trusted third-party certificate authority (CA) to ensure the authenticity and integrity of the code. C. Verify MD5 hashes. Verifying hashes involves calculating a hash of the program's code and comparing it to a known good hash. While MD5 is not the most secure hash function (SHA-256 is preferred for stronger security), using hashes in general helps ensure that the code has not been altered. Regularly verifying these hashes can help detect any unauthorized changes to the code.
To maintain the integrity of each module in a program and prevent malicious alteration, the developer should consider the following two options: A. Utilize code signing by a trusted third party: This creates a digital signature for each module using a certificate from a trusted authority. Any modification to the code will invalidate the signature, alerting users and preventing execution. E. Encrypt with 3DES: While considered less secure than modern algorithms like AES, 3DES encryption can still provide a layer of protection against unauthorized modification. Decrypting would require the attacker to possess the encryption key, adding a barrier to tampering.
Leaning towards AC. Everybody agrees on A. Everybody also agrees that the possible choices are: AB, AC, or AF. If A is done, then B is also effectively done. So B is probably not the best choice. If DACL is made read-only across the board, then authorized users could not alter the code. By default, the best choice seems to be: AC.
After looking at question 233, I think I will change my answer to AF. I think CompTIA wants the test taker to understand that MD5 is used for detection, and DACL prevents code from being modified. So AC for 233 and AF for 68.
What is the right answer? Did anyone take exams
correcting to AB
A. Utilize code signing by a trusted third party: Code signing involves digitally signing the code with a certificate issued by a trusted third party. This helps in verifying the authenticity of the code and ensures that it hasn't been tampered with since it was signed. C. Verify MD5 hashes: Using cryptographic hash functions like MD5 to generate hashes of the code or modules can help in verifying their integrity. Users can compare the computed hash values with the original hashes to detect any alterations in the code. The other options like implementing certificate-based authentication, compressing the program with a password, encrypting with 3DES, and making the DACL (Discretionary Access Control List) read-only might contribute to security but may not directly address the requirement of maintaining the integrity of the code against alterations by malicious users.
AF seem best to me. B seems to be outside of the scope of the question and MD5 isn't considered secure.
I am between AB or AF and here is my why. A. Code signing certificates allow customers to verify that your code is authentic and has not been tampered with B. Certificate-based authentication is the process of establishing your identity using electronic documents known as digital certificates. A digital certificate is like an electronic passport used to prove your identity by confirming your ownership of a private key. Digital certificates contain: Identification data. F. DACL identifies the trustees that are allowed or denied access to a securable object. When a process tries to access a securable object, the system checks the ACEs in the object's DACL to determine whether to grant access to it. Why not C, D, E: MD5 Hash can be altered. As for compressing the program with a password, the password could potentially be hacked. 3DES is weak cryptography. And DACL identifies the trustees that are allowed or denied access to a securable object but if the .
Disregard the last sentence in the why not part of my answer as DACL is part of my why it could be explanation.
A&B: The question is asking about prevention. MD5 is a detection mechanism.