ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
An organization is implementing a zero-trust VPN that must allow access only from corporate laptops whose boot process and disk encryption status have not been altered. All laptops are equipped with discrete TPM 2.0 chips. Which specific TPM capability enables the VPN gateway to confirm each laptop's current firmware and disk state before establishing the connection?
Hardware random-number generation for challenge-response authentication
TPM-protected key storage used by full-disk encryption software
Remote attestation that signs current PCR measurements for verification
Sealed storage that encrypts data to specific PCR values
Remote attestation is a core TPM capability in which the module uses an Attestation Identity Key to sign the current values of its Platform Configuration Registers (PCRs). These signed "quotes" are sent to a remote verifier, such as a VPN gateway, which compares the reported measurements against approved baselines to confirm that the BIOS, boot loader, OS, and even disk-encryption status have not been tampered with. Sealed storage protects data but does not by itself prove the system's runtime integrity to a remote party. TPM-backed key storage supports technologies like BitLocker, yet it still cannot attest to integrity without a remote attestation protocol. The TPM's random-number generator supplies entropy for cryptographic operations but offers no information about system health. Therefore, remote attestation is the feature that directly satisfies the requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Platform Configuration Registers (PCRs) in TPM?
Open an interactive chat with Bash
How does the Attestation Identity Key (AIK) work in remote attestation?
Open an interactive chat with Bash
What distinguishes remote attestation from sealed storage in TPM functionality?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .