nerdexam
CompTIA

SY0-301 · Question #255

Which of the following should be enabled in a laptop's BIOS prior to full disk encryption?

The correct answer is D. TPM. TPM (Trusted Platform Module) is a dedicated hardware chip on the motherboard that must be enabled in the BIOS before full disk encryption (such as BitLocker) can be used. The TPM stores the encryption keys and performs platform integrity checks at boot time, ensuring the system

General security concepts

Question

Which of the following should be enabled in a laptop's BIOS prior to full disk encryption?

Options

  • AUSB
  • BHSM
  • CRAID
  • DTPM

How the community answered

(27 responses)
  • B
    4% (1)
  • C
    4% (1)
  • D
    93% (25)

Explanation

TPM (Trusted Platform Module) is a dedicated hardware chip on the motherboard that must be enabled in the BIOS before full disk encryption (such as BitLocker) can be used. The TPM stores the encryption keys and performs platform integrity checks at boot time, ensuring the system hasn't been tampered with before releasing the decryption key. Without TPM enabled, many FDE solutions cannot securely seal and unseal the encryption key. Option A (USB) is a peripheral interface. Option B (HSM - Hardware Security Module) is an external enterprise device, not a BIOS setting. Option C (RAID) is a storage redundancy technology unrelated to encryption.

Topics

#TPM#full disk encryption#BIOS security#hardware security module

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice