CompTIA CASP+ (CAS-004) — Question 23

A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.
Which of the following would provide the BEST boot loader protection?

Answer options

• A. TPM
• B. HSM
• C. PKI
• D. UEFI/BIOS

Correct answer: D

Explanation

The UEFI/BIOS firmware provides a robust mechanism for boot loader protection by enabling secure boot features that help prevent unauthorized code from running during the boot process. TPM (A), HSM (B), and PKI (C) offer security in other contexts but do not provide direct protection to the boot loader in the same way that UEFI/BIOS does.