During a security architecture review, the chief information security officer wants to ensure company laptops cannot release BitLocker recovery keys even if the operating system is compromised. The security architect recommends enabling the motherboard's Trusted Platform Module (TPM), which offers several hardware protections. Which TPM capability BEST satisfies this requirement?
Securely storing cryptographic keys and other authentication material in tamper-resistant hardware
Off-loading hash computations to improve CPU performance
Performing firmware integrity checks during each system start-up
Isolating operating system memory pages from malicious processes
A Trusted Platform Module is a dedicated microcontroller that serves as a hardware root of trust. Its most fundamental role is to generate and keep private cryptographic keys, certificates, and other authentication data inside a tamper-resistant boundary so they cannot be read or exported. BitLocker and similar technologies can decrypt a drive only after the TPM releases the appropriate key, so preventing key release directly meets the requirement in the scenario. The chip can also participate in measured boot, perform signing operations, or provide random numbers, but all of those rely on its ability to keep secret keys safe; therefore secure key storage is considered the primary-and most relevant-capability. The other options describe capabilities provided by other technologies (CPU acceleration, trusted execution environments, secure or measured boot) or secondary TPM uses, so they do not BEST satisfy the stated need.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What specific types of cryptographic keys are stored in a TPM?
Open an interactive chat with Bash
How does a TPM support secure boot processes?
Open an interactive chat with Bash
Can a TPM be used with software like BitLocker? If so, how?
Open an interactive chat with Bash
ISC2 CISSP
Security Architecture and Engineering
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .