CompTIA CASP+ (CAS-002) — Question 10

A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs. Which of the following will meet this goal without requiring any hardware pass-through implementations?

Answer options

• A. vTPM
• B. HSM
• C. TPM
• D. INE

Correct answer: A

Explanation

The vTPM (virtual Trusted Platform Module) can securely store cryptographic keys within a virtualized environment, making it suitable for type 1 and type 2 VMs without requiring hardware pass-through. HSM (Hardware Security Module) and TPM (Trusted Platform Module) are not designed for direct use in this context as they typically require physical hardware interfaces. INE does not relate to cryptographic key storage.