Practise the standard verbs for signing and verifying release artifacts.
0 / 5 completed
1 / 5
Fill in: 'We ___ every release binary before it's published so consumers can verify its origin.'
We 'sign a binary' — the standard, established collocation for cryptographically attesting to an artifact. The other options aren't the recognised term here.
2 / 5
Fill in: 'A compromised build server can ___ malicious code into an artifact that still looks legitimate.'
We say a compromised server will 'inject' malicious code — the standard collocation for the supply-chain attack. The other options aren't idiomatic here.
3 / 5
Fill in: 'We ___ the signature at install time so tampered artifacts get rejected automatically.'
We 'verify a signature' — the standard, established collocation for confirming authenticity. The other options aren't the recognised term here.
4 / 5
Fill in: 'We ___ signing keys in a hardware security module rather than a plain config file.'
We 'store' keys — the standard, simple collocation for persisting sensitive credentials securely. The other options are less idiomatic here.
5 / 5
Fill in: 'We ___ signing keys periodically so a leaked one has a limited window of usefulness.'
We 'rotate' keys — the standard, established security collocation for replacing credentials on a schedule. The other options aren't the recognised term here.