CompTIA SecurityX (CAS-005) — Question 10

A software development company wants to ensure that users can confirm the software is legitimate when installing it. Which of the following is the best way for the company to achieve this security objective?

Answer options

• A. Code signing
• B. Non-repudiation
• C. Key escrow
• D. Private keys

Correct answer: A

Explanation

Code signing is the best method because it allows developers to digitally sign their software, thereby providing users with a way to verify its legitimacy. Non-repudiation is a broader concept related to ensuring that a party cannot deny the authenticity of their signature, but it does not specifically address software installation. Key escrow involves storing keys with a third party, which does not help with software authenticity, while private keys are used in the signing process but do not provide verification on their own.