I think the most suitable answer is AB as the keyword "A developer wants to maintain". So it shud be something to do with implementation prevention control.

A and C both directly address the goal of ensuring code integrity and detecting unauthorized modifications by providing ways to validate that the code has not been altered since it was signed or hashed. Certificate-based authentication focuses on verifying the identity of users or systems involved in a communication but does not check the integrity of the code itself.

Developer wants to: 1-maintain integrity to each module of a program and 2-ensure the code cannot be altered by malicious users. A. Utilize code signing by a trusted third party: Code signing digitally signs executable files with a cryptographic signature. By obtaining a code signing certificate from a trusted third party, the developer signs each module of the program, ensuring integrity. When users run the program, their systems can verify the signature to ensure the code has not been altered since it was signed. Code signing is widely used to establish trust in software distribution channels and mitigate the risk of code tampering. F. Make the DACL read-only: DACL (Discretionary Access Control List) specifies access permissions to securable objects, such as files or directories, on Windows systems. Making the DACL read-only restricts write access to the program's files, maintaining integrity by preventing malicious users from altering them.

To maintain the integrity of each module in a program and prevent malicious alteration, the developer should consider the following two options: A. Utilize code signing by a trusted third party: This creates a digital signature for each module using a certificate from a trusted authority. Any modification to the code will invalidate the signature, alerting users and preventing execution. E. Encrypt with 3DES: While considered less secure than modern algorithms like AES, 3DES encryption can still provide a layer of protection against unauthorized modification. Decrypting would require the attacker to possess the encryption key, adding a barrier to tampering.

Leaning towards AC. Everybody agrees on A. Everybody also agrees that the possible choices are: AB, AC, or AF. If A is done, then B is also effectively done. So B is probably not the best choice. If DACL is made read-only across the board, then authorized users could not alter the code. By default, the best choice seems to be: AC.

For a developer aiming to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users, the best choices would be: A. Utilize code signing by a trusted third party. Code signing involves signing the code with a cryptographic signature, and this signature is verified by the operating system or runtime environment. It ensures that the code has not been tampered with since it was signed. A trusted third party enhances the credibility of the signature. C. Verify MD5 hashes. MD5 hashes can be used to verify the integrity of files. The developer can compute the MD5 hash of each module and provide the computed hashes. Users can then independently calculate the MD5 hash of the downloaded modules and compare them to ensure integrity.

why not F ?

What is the right answer? Did anyone take exams

correcting to AB

Utilize code signing by a trusted third party (Option A): Code signing ensures authenticity and integrity by providing a digital signature. Make the DACL read-only (Option F): Restricting write access via DACL helps prevent unauthorized modifications to the code.

A. Utilize code signing by a trusted third party: Code signing involves digitally signing the code with a certificate issued by a trusted third party. This helps in verifying the authenticity of the code and ensures that it hasn't been tampered with since it was signed. C. Verify MD5 hashes: Using cryptographic hash functions like MD5 to generate hashes of the code or modules can help in verifying their integrity. Users can compare the computed hash values with the original hashes to detect any alterations in the code. The other options like implementing certificate-based authentication, compressing the program with a password, encrypting with 3DES, and making the DACL (Discretionary Access Control List) read-only might contribute to security but may not directly address the requirement of maintaining the integrity of the code against alterations by malicious users.

AF seem best to me. B seems to be outside of the scope of the question and MD5 isn't considered secure.

I am between AB or AF and here is my why. A. Code signing certificates allow customers to verify that your code is authentic and has not been tampered with B. Certificate-based authentication is the process of establishing your identity using electronic documents known as digital certificates. A digital certificate is like an electronic passport used to prove your identity by confirming your ownership of a private key. Digital certificates contain: Identification data. F. DACL identifies the trustees that are allowed or denied access to a securable object. When a process tries to access a securable object, the system checks the ACEs in the object's DACL to determine whether to grant access to it. Why not C, D, E: MD5 Hash can be altered. As for compressing the program with a password, the password could potentially be hacked. 3DES is weak cryptography. And DACL identifies the trustees that are allowed or denied access to a securable object but if the .

A&B: The question is asking about prevention. MD5 is a detection mechanism.

The question/scenario states "ensure the code cannot be altered by malicious users"...MD5 hashes detect, not prevent, therefore C is not it.

If you have A done B is inherently done. so A is the inclusive Answer for integrity. Preventing alteration is also DACL F. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

Chap GBT say AB