A systems administrator is performing initial hardware hardening on a new server prior to OS installation. A strong UEFI password has already been set. Which of the following BEST describes the primary security reason for configuring the boot order to place the internal hard drive first?
To mitigate the risk of an unauthorized user booting the server from removable media.
To enable the Trusted Platform Module (TPM) for full disk encryption.
To activate the Secure Boot feature and validate the OS bootloader.
To decrease the server's boot time by skipping the check for other bootable devices.
The correct answer is that setting the internal storage as the first boot device mitigates the risk of an unauthorized user booting the server from removable media. This is a critical server hardening step. If a malicious actor has physical access, they could boot the server from a USB drive or other removable device containing a live operating system or special tools. This would allow them to bypass the security controls of the installed operating system, potentially accessing or modifying data, or installing malware. While changing the boot order might slightly decrease boot time, this is a minor performance benefit and not the primary security reason. Enabling Secure Boot and enabling a Trusted Platform Module (TPM) are separate, though related, hardware hardening techniques configured within the UEFI/BIOS, but they are not directly accomplished by setting the boot order.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is booting from removable media a security concern?
Open an interactive chat with Bash
What is UEFI and how does it enhance security?
Open an interactive chat with Bash
How does Secure Boot differ from setting the boot order?