🔥 3-day streak
CompTIA SecurityX (CAS-005)39 / 120
Question 39 of 120

A software vendor distributes signed installers to millions of customers. During an audit, security discovers the code-signing private key is stored on a build server's disk and reused across all releases for the past three years. A recent near-miss showed an attacker with build-server access could have exfiltrated the key and signed malware trusted by every customer. The team must redesign the signing process to minimize the blast radius of a key compromise while preserving the ability to validate previously released software. Which approach BEST meets these goals?

Reviewed for accuracy · Report an issueNext question