CompTIA CySA+ (CS0-002) — Question 240
A network appliance manufacturer is building a new generation of devices and would like to include chipset security improvements. The management team wants the security team to implement a method to prevent security weaknesses that could be reintroduced by downgrading the firmware version on the chipset. Which of the following would meet this objective?
Answer options
- A. UEFI
- B. A hardware security module
- C. eFUSE
- D. Certificate signed updates
Correct answer: C
Explanation
The correct answer is eFUSE, as it allows for one-time programmable fuses that can prevent firmware downgrades by locking the state of the firmware once it has been updated. UEFI, while providing secure boot capabilities, does not inherently prevent downgrades. A hardware security module and certificate signed updates also offer security features but do not specifically address the issue of preventing firmware downgrades.