An organization maintains a large inventory of user devices and wants a process that regularly verifies their trust level. Which method best supports verifying each device’s current state while limiting unauthorized modifications?
Recording device details in a spreadsheet maintained by the security team
Relying on user feedback to update device trust level when issues are reported
Implementing hardware-based checks that measure device boot integrity and store the results in a protected ledger
Using local logs on each device for self-reported status with no external validation
Hardware-based trust measurements—such as TPM-verified boot integrity or UEFI Secure Boot—validate device state at startup and store the results in an immutable ledger. This ensures reliable, tamper-resistant verification at scale. Manual records, self-reported logs, or user feedback lack consistency and are vulnerable to manipulation or error, making them unsuitable for enterprise-wide trust assurance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is TPM-verified boot integrity, and how does it work?
Open an interactive chat with Bash
What is UEFI Secure Boot, and how does it ensure device trust?
Open an interactive chat with Bash
What is an immutable ledger, and why is it crucial for trust verification?