Which of the following should be enabled in a laptop’s BIOS prior to full disk encryption?
A.
USB
B.
HSM
C.
RAID
D.
TPM
Explanation:
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps
with hash key generation and stores cryptographic keys, passwords, or certificates.
Incorrect Answers:
A: USB support can be enabled or disabled in a system’s BIOS but it is not required for full-disk encryption.
B: Hardware Security Module (HSM) hardware-based encryption solution that is usually used in conjunction with PKI to enhance security with certification
authorities (CAs). It is available as an expansion card and can cryptographic keys, passwords, or certificates. As HSM is not embedded in the motherboards, it is
not enabled or disable in BIOS.
C: Random Array of Independent Disks (RAID) is a fault-tolerant storage solution that consists of two or more hard disks. It is not required for full-disk encryption.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 237, 238