ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 172 discussion

Actual exam question from CompTIA's CAS-004
Question #: 172
Topic #: 1
[All CAS-004 Questions]

A software development company makes its software version available to customers from a web portal. On several occasions, hackers were able to access the software repository to change the package that is automatically published on the website. Which of the following would be the technique to ensure the software the users download is the official software released by the company?

  • A. Distribute the software via a third-party repository.
  • B. Close the web repository and deliver the software via email.
  • C. Email the software link to all customers.
  • D. Display the SHA checksum on the website.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Ckl22 at Nov. 14, 2022, 4:17 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Mr_BuCk3th34D
Highly Voted 2 years, 4 months ago
Selected Answer: D
D is correct. Hackers have access the software repository to change the package, which is automatically published on the website, they didn't compromise the website itself to change the checksum value. Distributing the software via a third-party repository (option A) or emailing the software link to all customers (option C) would not necessarily ensure that customers are downloading the official software released by the company.
upvoted 7 times
...
Ckl22
Highly Voted 2 years, 5 months ago
Selected Answer: A
If they can change a file in the repository, then they can change the SHA checksum listed for verification. A trusted third-party provider should be used to host the software.
upvoted 5 times
...
awskkw
Most Recent 5 months, 2 weeks ago
Selected Answer: D
D. Display the SHA checksum on the website. Explanation: Displaying the SHA checksum (a cryptographic hash value) on the website allows users to verify the integrity of the software they are downloading. The checksum can be calculated for the software package that has been officially released by the company. Users can then compare the checksum of the downloaded file with the one displayed on the website. If the checksums match, it confirms that the downloaded file is authentic and hasn't been tampered with.
upvoted 2 times
...
ThatGuyOverThere
1 year, 6 months ago
Selected Answer: D
Definitely D
upvoted 1 times
...
isaphiltrick
1 year, 8 months ago
I believe the question is focused around integrity ("ensure the software the users download is the official software") and even though outsourcing to a 3rd party repository might be a good option, the only answer dealing with integrity is displaying the SHA checksum, regardless of how "weak" this method may be.
upvoted 2 times
...
BiteSize
1 year, 9 months ago
Selected Answer: A
If you can't do security properly and it is a recurring problem, outsource hosting the application to a trusted 3rd party that has the security you don't. The SHA is a great method and the standard when you aren't always being hacked. The key phrase I see is "automatically publish to website" This means that the hackers don't even need access to the website to change the SHA posted because automation in place will do it for you. :) Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
upvoted 1 times
...
Geofab
2 years, 1 month ago
Selected Answer: D
D seems the most logical to me
upvoted 3 times
...
FoxTrotDG
2 years, 2 months ago
Selected Answer: D
Customers can compare the SHA checksum displayed on the website with the SHA checksum of the downloaded file to ensure that the software is the official software released by the company.
upvoted 4 times
...
hidady
2 years, 4 months ago
A is correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago