nerdexam
ExamsCAS-003Questions#952
CompTIA

CAS-003 · Question #952

CAS-003 Question #952: Real Exam Question with Answer & Explanation

The correct answer is A: Implementing remote attestation. Remote attestation is the process by which a hypervisor (or any platform) cryptographically proves its current state and configuration to a remote verifier, typically using a TPM to generate measurements (hashes) of the boot chain and software stack. This allows administrators to

Question

A company is planning to undergo a P2V project to improve resource utilisation redundancy, and failover across its two datacenters. A consultant has provided a private cloud design that uses a specific Type 1 hypervisor based on Linux. The security manager is concerned about the integrity of the hypervisor. Which of the following should the consultant suggest to address the security manager's concerns?

Options

  • AImplementing remote attestation
  • BEnabling the vTPM
  • CUsing a secure enclave
  • DTransition to a Type 2 hypervisor configuration

Explanation

Remote attestation is the process by which a hypervisor (or any platform) cryptographically proves its current state and configuration to a remote verifier, typically using a TPM to generate measurements (hashes) of the boot chain and software stack. This allows administrators to verify that the hypervisor has not been tampered with, rootkitted, or modified since it was last known-good. This directly addresses integrity concerns. Enabling a vTPM (B) provides TPM functionality to guest VMs, not the hypervisor itself. A secure enclave (C) protects specific workloads in memory but does not attest the hypervisor's overall integrity. Switching to a Type 2 hypervisor (D) introduces more attack surface by adding a host OS layer, which is worse for security.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice