CompTIA CASP+ (CAS-003) — Question 259

A security architect has designated that a server segment of an enterprise network will require each server to have secure and measured boot capabilities. The architect now wishes to ensure service consumers and peers can verify the integrity of hosted services. Which of the following capabilities must the architect consider for enabling the verification?

Answer options

• A. Centralized attestation server
• B. Enterprise HSM
• C. vTPM
• D. SIEM

Correct answer: B

Explanation

The correct answer is B, as an Enterprise HSM (Hardware Security Module) provides secure key management and can help in verifying the integrity of the services. The other options, such as a Centralized attestation server, vTPM, and SIEM, do not directly provide the same level of secure key management and integrity verification required for this scenario.