CompTIA Security+ (SY0-601) — Question 35

A company recently experienced an inside attack using a corporate machine that resulted in data compromise. Analysis indicated an unauthorized change to the software circumvented technological protection measures. The analyst was tasked with determining the best method to ensure the integrity of the systems remains intact and local and remote boot attestation can take place. Which of the following would provide the BEST solution?

Answer options

• A. HIPS
• B. FIM
• C. TPM
• D. DLP

Correct answer: C

Explanation

The best solution is TPM (Trusted Platform Module) because it provides hardware-based security features that ensure the integrity of the system and supports boot attestation. HIPS (Host Intrusion Prevention System) and DLP (Data Loss Prevention) focus more on monitoring and preventing intrusions and data leaks, while FIM (File Integrity Monitoring) is primarily concerned with changes to files rather than system integrity at the hardware level.