CompTIA CASP+ (CAS-003) — Question 202

A security engineer is working to secure an organization's VMs. While reviewing the workflow for creating VMs on demand, the engineer raises a concern about the integrity of the secure boot process of the VM guest.
Which of the following would BEST address this concern?

Answer options

• A. Configure file integrity monitoring of the guest OS.
• B. Enable the vTPM on a Type 2 hypervisor.
• C. Only deploy servers that are based on a hardened image.
• D. Protect the memory allocation of a Type 1 hypervisor.

Correct answer: B

Explanation

Enabling the vTPM on a Type 2 hypervisor enhances the secure boot process by providing a trusted platform module, which helps ensure that the VM's boot process is secure and unaltered. The other options, while they may improve security in different ways, do not directly address the integrity of the secure boot process as effectively as enabling vTPM does.