CompTIA CySA+ (CS0-001) — Question 34

An administrator has been investigating the way in which an actor had been exfiltrating confidential data from a web server to a foreign host. After a thorough forensic review, the administrator determined the server's BIOS had been modified by rootkit installation. After removing the rootkit and flashing the BIOS to a known good state, which of the following would BEST protect against future adversary access to the BIOS, in case another rootkit is installed?

Answer options

• A. Anti-malware application
• B. Host-based IDS
• C. TPM data sealing
• D. File integrity monitoring

Correct answer: C

Explanation

TPM data sealing is the best option as it provides a secure method to protect sensitive data and system integrity against unauthorized changes, including those made by rootkits. Anti-malware applications and host-based IDS may not specifically address BIOS vulnerabilities. File integrity monitoring is useful but does not prevent BIOS modifications from being made in the first place.