CompTIA CASP+ (CAS-003) — Question 389

A software company is releasing a new mobile application to a broad set of external customers. Because the software company is rapidly releasing new features, it has built in an over-the-air software update process that can automatically update the application at launch time. Which of the following security controls should be recommended by the company's security architect to protect the integrity of the update process? (Choose two.)

Answer options

• A. Validate cryptographic signatures applied to software updates
• B. Perform certificate pinning of the associated code signing key
• C. Require HTTPS connections for downloads of software updates
• D. Ensure there are multiple download mirrors for availability
• E. Enforce a click-through process with user opt-in for new features

Correct answer: A, B

Explanation

Validating cryptographic signatures (Option A) ensures that the updates are from a trusted source and have not been tampered with. Certificate pinning (Option B) protects against man-in-the-middle attacks by ensuring that the application only trusts a specific certificate for code signing. The other options, while useful, do not specifically address the integrity of the update process.