$X$ adds his digital signature$:$ In order to identify the authentic user, $X$ uses his Private Key to encrypt his signature.
$X$ then encrypts the whole message with the digital signature$:\ X$ uses $Y's$ Public Key to encrypt the message so that $Y$ can decipher it when it reaches to him using his private key.
Message then reaches $Y$.
$Y$ then uses his Private key to decrypt the message, and extracts the message and along with the signature.
But as the signature has been encrypted using $X's$ private key so$:$
$Y$ uses $X's$ Public Key to see the signature if it matches $X's$ actual signature (this step ensures that no one can fake as $X$ and sends a message to $Y$ ).
Nobody can tamer the message as in order to do that he/she has to first know $Y's$ private key to decipher the message extract the signature and then change the signature and then recreate that using $X's$ private key which is not with him.
So, sequence of operations:
$X's$ Private Key$\Rightarrow$Y's public key$\Rightarrow$Y's Private key$\Rightarrow$X's public Key.
Answer is option (D).