Which of the following would BEST address this concern?

A security engineer is working to secure an organization’s VMs. While reviewing the workflow for creating VMs on demand, the engineer raises a concern about the integrity of the secure boot process of the VM guest.
Which of the following would BEST address this concern?
A. Configure file integrity monitoring of the guest OS.
B. Enable the vTPM on a Type 2 hypervisor.
C. Only deploy servers that are based on a hardened image.
D. Protect the memory allocation of a Type 1 hypervisor.

How to PASS CAS-004 in First Attempt?

FULL Printable PDF and Software. VALID exam to help you PASS.

comptia-exams

2 thoughts on “Which of the following would BEST address this concern?

  1. saw a similar question on quizlet under the “sec+” topic, and the answer is A. Might need to further investigate on the topic, help is appreciated.

    1. Integrity monitoring, yes, but not the file integrity monitoring: https://cloud.google.com/compute/shielded-vm/docs/shielded-vm#integrity-monitoring

      Integrity monitoring uses Measured Boot produced PCR values to store info about components and their load order, known as good boot sequence. Based on that baseline, it produces pass/fail reports during every boot. But, that is different from “FILE” integrity monitoring, this is not file level.

      Hence, the correct answer is B, vTPM.

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.