A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users. Which of the following would be BEST for the developer to perform? (Choose two.)
I think the most suitable answer is AB as the keyword "A developer wants to maintain". So it shud be something to do with implementation prevention control.
A and C both directly address the goal of ensuring code integrity and detecting unauthorized modifications by providing ways to validate that the code has not been altered since it was signed or hashed.
Certificate-based authentication focuses on verifying the identity of users or systems involved in a communication but does not check the integrity of the code itself.
I'm changing my answer to A and B. MD5 hashes are not effective in maintaining code integrity because they are easily modified. Certificate-based authentication can help maintain the integrity of each module by ensuring only authorized users can access and modify the code
A and C
Question wants integrity, signing attests, hash confirms
Other answers are for other purposes such as confidentiality and authentication which is not what was asked
A. Utilize code signing by a trusted third party
Explanation: Code signing ensures that the modules are authenticated and have not been altered. It provides a digital signature verifying that the code is genuine.
C. Verify MD5 hashes
Explanation: Hashing helps ensure code integrity. By generating an MD5 hash for each module and verifying it, the developer can detect if the code has been modified. However, stronger hash functions (e.g., SHA-256) are often recommended.
F. Make the DACL read-only: This restricts file access permissions but does not prevent the alteration of the source code itself. a malicious actor or advanced user might still:
Change Permissions: If they have elevated privileges, they could change the permissions from read-only to read-write.
Copy and Alter: Create a copy of the file, modify the copy, and then overwrite the original if they can escalate privileges or bypass certain restrictions.
A. Utilize code signing by a trusted third party.
Code signing ensures that the code’s integrity is verified and that it has not been altered since it was signed. It provides a way to confirm that the code is from a trusted source and has not been tampered with. (Request number 1 of the problem - Assure integrity)
F. Make the DACL read-only.
Making the DACL (Discretionary Access Control List) read-only helps prevent unauthorized or malicious users from altering the code (Request Number 2 of the problem). This access control measure directly addresses the issue of unauthorized alterations by restricting write access to the code.
However, a malicious actor or advanced user might still:
Change Permissions: If they have elevated privileges, they could change the permissions from read-only to read-write.
Copy and Alter: Create a copy of the file, modify the copy, and then overwrite the original if they can escalate privileges or bypass certain restrictions.
B is related to user authentication, not code integrity.
C has security limitations (MD5 is weak).
D and E do not ensure integrity, only confidentiality.
A. Utilize code signing by a trusted third party.
Code signing involves digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. This process uses a trusted third-party certificate authority (CA) to ensure the authenticity and integrity of the code.
C. Verify MD5 hashes.
Verifying hashes involves calculating a hash of the program's code and comparing it to a known good hash. While MD5 is not the most secure hash function (SHA-256 is preferred for stronger security), using hashes in general helps ensure that the code has not been altered. Regularly verifying these hashes can help detect any unauthorized changes to the code.
Developer wants to:
1-maintain integrity to each module of a program and
2-ensure the code cannot be altered by malicious users.
A. Utilize code signing by a trusted third party:
Code signing digitally signs executable files with a cryptographic signature.
By obtaining a code signing certificate from a trusted third party, the developer signs each module of the program, ensuring integrity.
When users run the program, their systems can verify the signature to ensure the code has not been altered since it was signed.
Code signing is widely used to establish trust in software distribution channels and mitigate the risk of code tampering.
F. Make the DACL read-only:
DACL (Discretionary Access Control List) specifies access permissions to securable objects, such as files or directories, on Windows systems.
Making the DACL read-only restricts write access to the program's files, maintaining integrity by preventing malicious users from altering them.
To maintain the integrity of each module in a program and prevent malicious alteration, the developer should consider the following two options:
A. Utilize code signing by a trusted third party: This creates a digital signature for each module using a certificate from a trusted authority. Any modification to the code will invalidate the signature, alerting users and preventing execution.
E. Encrypt with 3DES: While considered less secure than modern algorithms like AES, 3DES encryption can still provide a layer of protection against unauthorized modification. Decrypting would require the attacker to possess the encryption key, adding a barrier to tampering.
Leaning towards AC.
Everybody agrees on A. Everybody also agrees that the possible choices are:
AB, AC, or AF.
If A is done, then B is also effectively done. So B is probably not the best
choice.
If DACL is made read-only across the board, then authorized users could not
alter the code.
By default, the best choice seems to be: AC.
After looking at question 233, I think I will change my answer to AF. I think CompTIA wants the test taker to understand that MD5 is used for detection, and DACL prevents code from being modified. So AC for 233 and AF for 68.
For a developer aiming to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users, the best choices would be:
A. Utilize code signing by a trusted third party.
Code signing involves signing the code with a cryptographic signature, and this signature is verified by the operating system or runtime environment. It ensures that the code has not been tampered with since it was signed. A trusted third party enhances the credibility of the signature.
C. Verify MD5 hashes.
MD5 hashes can be used to verify the integrity of files. The developer can compute the MD5 hash of each module and provide the computed hashes. Users can then independently calculate the MD5 hash of the downloaded modules and compare them to ensure integrity.
Utilize code signing by a trusted third party (Option A): Code signing ensures authenticity and integrity by providing a digital signature.
Make the DACL read-only (Option F): Restricting write access via DACL helps prevent unauthorized modifications to the code.
Take a close look at question 233. The question is nearly identical, and the answer choices are identical.
Note that: in question 68, the developer wants to "ensure the code cannot be altered" but in question 233 the developer wants "detect unauthorized code modification."
These two goals are nearly identical. Usually you want to detect unauthorized code modification in order to prevent unauthorized code modification. If you detect an unauthorized change, you will know not to use that code.
Maybe I will go with AF for question 68, and AC for question 233.
In the real world, F is impractical because it would not allow authorized changes. But question 68 only state the developer wants to "ensure the code cannot be altered by malicious users."
I hate such ambiguous questions. No matter how closely you study them, you can never be completely certain of the answer
Reviewed this question again with some research and ChatGPT run-throughs. The second part of the question is focused on ensuring that malicious users cannot make any modification. So Making DACL read only will help with this but then no one can alter it. Looking at this perspective we would want to make sure that ONLY authorized users can alter the code, which would be B. Implement certificate-based authentication
This section is not available anymore. Please use the main Exam Page.CAS-004 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
iosnet
Highly Voted 3 years, 2 months agoFoxTrotDG
2 years, 1 month agoFoxTrotDG
Highly Voted 2 years, 1 month agoFoxTrotDG
2 years, 1 month ago881cfb8
Most Recent 5 months agodeeden
5 months, 3 weeks agodeeden
5 months, 3 weeks agoIT_Master_Tech
6 months agogrelaman
6 months, 3 weeks agodeeden
5 months, 3 weeks agodeeden
5 months, 3 weeks ago23169fd
9 months, 4 weeks agocyspec
10 months, 1 week agoloucrass
1 year agosurfuganda
1 year, 1 month agoTayfay
1 year, 2 months agoD1960
1 year, 3 months agoD1960
1 year, 3 months agoDelab202
1 year, 3 months agoThe_Lucifer
1 year, 4 months agosmoothAzure
1 year, 4 months agoAnarckii
1 year, 4 months agoAnarckii
1 year, 4 months agoD1960
1 year, 3 months agoAnarckii
1 year, 4 months ago