CompTIA SY0-701 Exam - Topic 2 Question 13 Discussion

Actual exam question for CompTIA's SY0-701 exam

Question #: 13
Topic #: 2

A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from. Which of the following is the best way for the company to confirm this information?

AValidate the code signature.

BExecute the code in a sandbox.

CSearch the executable for ASCII strings.

DGenerate a hash of the files.

Show Suggested Answer

Suggested Answer: A

Validating the code signature is the best way to verify software authenticity, as it ensures that the software has not been tampered with and that it comes from a verified source. Code signatures are digital signatures applied by the software vendor, and validating them confirms the software's integrity and origin. Reference: CompTIA Security+ SY0-701 course content and official CompTIA study resources.

by Brunilda at Apr 28, 2024, 12:43 AM

Limited Time Offer

25%

Off

Get Premium SY0-701 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Herschel

3 months ago

C is kinda pointless for this situation, right?

upvoted 0 times

...

Glen

3 months ago

B is useful for testing, but not for verifying the source.

upvoted 0 times

...

Lonny

3 months ago

Wait, can you really trust the signature? Seems risky.

upvoted 0 times

...

Merissa

4 months ago

I think D is also important, hashing can help too!

upvoted 0 times

...

Cherri

4 months ago

Definitely A, validating the code signature is key.

upvoted 0 times

...

Amalia

4 months ago

Generating a hash sounds familiar, but I thought that was more for integrity checks rather than verifying the vendor.

upvoted 0 times

...

Valda

4 months ago

I feel like executing the code in a sandbox could help, but it doesn't directly confirm the source of the software, right?

upvoted 0 times

...

Ivan

4 months ago

I remember practicing a similar question where hashing was involved, but I can't recall if it was specifically for verifying vendor software.

upvoted 0 times

...

Carey

5 months ago

I think validating the code signature is the right approach, but I'm not entirely sure if it's the only method we should consider.

upvoted 0 times

...

Rebecka

5 months ago

I think validating the code signature is the best approach here. That's the most direct way to verify the software came from the vendor you purchased it from.

upvoted 0 times

...

Skye

5 months ago

Generating a hash of the files seems like a solid strategy to me. That would allow you to compare the hash to the vendor's to ensure the software hasn't been tampered with.

upvoted 0 times

...

Josephine

5 months ago

Hmm, I'm not sure about this one. Executing the code in a sandbox could also be a good way to verify the source, but I'm not confident that's the best option.

upvoted 0 times

...

Annmarie

5 months ago

This seems like a straightforward question. I think the best approach is to validate the code signature to confirm the software came from the vendor.

upvoted 0 times

...

Ashanti

5 months ago

I'm a bit confused by this question. Searching for ASCII strings in the executable doesn't seem like it would be the most reliable way to confirm the source.

upvoted 0 times

...

Lorenza

5 months ago

Ah, I think I've got it! The user needs the appropriate permissions to actually run the reports, not just view them. So the answer is likely to configure the SQL database permissions for the role, rather than just the privileges.

upvoted 0 times

...

Felix

5 months ago

Hmm, I'm not entirely sure about this one. I'll need to think through the different factors that can impact service satisfaction to determine the best answer.

upvoted 0 times

...