Alice, a security administrator, needs to verify that the servers in her organization are in a known and trusted state before they process sensitive data. The process involves generating a set of measurements that reflect the current state of the servers and comparing them against a set of known good values provided by the vendor. Which of the following best describes the process Alice should implement to meet this requirement?
Setting BIOS passwords to prevent unauthorized changes to hardware settings
Implementing a Trusted Platform Module (TPM) to perform remote attestation of the servers during boot-up
Hashing system files at startup and sending the hashes to a central server for comparison
Configuring the servers to enable remote wiping in case they fail a security check
Attestation involves creating a secure baseline of system components which are then compared against current system measurements to verify integrity. The verification step compares the current state against a set of known good values (trusted baseline) that could include measurements from binary files, configuration settings, or patches. Remote attestation extends this concept by allowing a system to report its state to a remote verifier. Hashing system files at startup and sending them to a central server compares current file states against known good hashes, but it is not specifically considered remote attestation which implies a challenge-response mechanism between a local and remote entity. Remote wiping a device and BIOS password protection are security controls to prevent unauthorized access and do not attest to the current state of the system's hardware or software.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Trusted Platform Module (TPM)?
Open an interactive chat with Bash
What does remote attestation mean in cybersecurity?
Open an interactive chat with Bash
How do hashing and attestation differ in security verification?