Which of the following should be enabled in a laptop’s BIOS prior to full disk encryption?
A. USB B. HSM C. RAID D. TPM
Correct Answer: D Section: Application, Data and Host Security
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key
generation and stores cryptographic keys, passwords, or certificates.
A: USB support can be enabled or disabled in a system’s BIOS but it is not required for full-disk encryption.
B: Hardware Security Module (HSM) hardware-based encryption solution that is usually used in conjunction with PKI to enhance security with certification authorities (CAs). It is
available as an expansion card and can cryptographic keys, passwords, or certificates. As HSM is not embedded in the motherboards, it is not enabled or disable in BIOS.
C: Random Array of Independent Disks (RAID) is a fault-tolerant storage solution that consists of two or more hard disks. It is not required for full-disk encryption.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 237, 238