A systems administrator is performing initial hardware hardening on a new server prior to OS installation. A strong UEFI password has already been set. Which of the following BEST describes the primary security reason for configuring the boot order to place the internal hard drive first?
To mitigate the risk of an unauthorized user booting the server from removable media.
To enable the Trusted Platform Module (TPM) for full disk encryption.
To decrease the server's boot time by skipping the check for other bootable devices.
To activate the Secure Boot feature and validate the OS bootloader.
The correct answer is that setting the internal storage as the first boot device mitigates the risk of an unauthorized user booting the server from removable media. This is a critical server hardening step. If a malicious actor has physical access, they could boot the server from a USB drive or other removable device containing a live operating system or special tools. This would allow them to bypass the security controls of the installed operating system, potentially accessing or modifying data, or installing malware. While changing the boot order might slightly decrease boot time, this is a minor performance benefit and not the primary security reason. Enabling Secure Boot and enabling a Trusted Platform Module (TPM) are separate, though related, hardware hardening techniques configured within the UEFI/BIOS, but they are not directly accomplished by setting the boot order.