CompTIA Security+ (SY0-601) — Question 683

An application developer accidentally uploaded a company's code-signing certificate private key to a public web server. The company is concerned about malicious use of its certificate. Which of the following should the company do FIRST?

Answer options

• A. Delete the private key from the repository.
• B. Verify the public key is not exposed as well.
• C. Update the DLP solution to check for private keys.
• D. Revoke the code-signing certificate.

Correct answer: D

Explanation

The correct first step is to revoke the code-signing certificate to prevent any malicious activity using the private key. Simply deleting the key or verifying the public key does not mitigate the risk already posed by the exposed private key. Updating DLP solutions is also important but should come after revoking the certificate.