CompTIA SecurityX (CAS-005) — Question 308

A security engineer is implementing security measures on new hardware in preparation for its launch. During the development phase, a risk related to protections at the UEFI level was found. Which of the following should the engineer recommend to reduce this risk?

Answer options

• A. Configuring paravirtualization protection
• B. Enabling Secure Boot
• C. Installing cryptography at the operational system level
• D. Implementing hardware root of trust

Correct answer: B

Explanation

Enabling Secure Boot is the correct answer because it helps ensure that only trusted software can be loaded during the boot process, which directly addresses UEFI-level risks. The other options, while beneficial for security, do not specifically target the vulnerabilities associated with UEFI protections.