CompTIA Security+ (SY0-701) — Question 183

A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from. Which of the following is the best way for the company to confirm this information?

Answer options

• A. Validate the code signature.
• B. Execute the code in a sandbox.
• C. Search the executable for ASCII strings.
• D. Generate a hash of the files.

Correct answer: A

Explanation

Validating the code signature is the most reliable method to confirm the software's origin, as it checks the authenticity and integrity of the code against the vendor's signature. Executing code in a sandbox does not guarantee its source, while searching for ASCII strings and generating file hashes do not provide assurance of vendor verification.