$X$ adds his digital signature$:$ In order to identify the authentic user, $X$ uses his
Private Key to encrypt his signature.
$X$ then encrypts the whole message with the digital signature$:\ X$ uses $Y's$
Public Key to encrypt the message so that $Y$ can decipher it when it reaches
to him using his private key.
Message then reaches $Y$.
$Y$ then uses his Private key to decrypt the message, and extracts the message
and along with the signature.
But as the signature has been encrypted using $X's$ private key so$:$
$Y$ uses $X's$ Public Key to see the signature if it matches $X's$ actual signature
(this step ensures that no one can fake as $X$ and sends a message to $Y$ ).
Nobody can tamer the message as in order to do that he/she has to first know
$Y's$ private key to decipher the message extract the signature and then change
the signature and then recreate that using $X's$ private key which is not with him.
So sequence of operations:
$X's$ Private Key$\Rightarrow$Y's public key$\Rightarrow$Y's Private key$\Rightarrow$X's public Key.
Ans is option (D).