An organization maintains a large inventory of user devices and wants a process that regularly verifies their trust level. Which method best supports verifying each device’s current state while limiting unauthorized modifications?
Using local logs on each device for self-reported status with no external validation
Implementing hardware-based checks that measure device boot integrity and store the results in a protected ledger
Recording device details in a spreadsheet maintained by the security team
Relying on user feedback to update device trust level when issues are reported
Hardware-based trust measurements—such as TPM-verified boot integrity or UEFI Secure Boot—validate device state at startup and store the results in an immutable ledger. This ensures reliable, tamper-resistant verification at scale. Manual records, self-reported logs, or user feedback lack consistency and are vulnerable to manipulation or error, making them unsuitable for enterprise-wide trust assurance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is TPM and how does it contribute to boot integrity?
Open an interactive chat with Bash
What is UEFI Secure Boot, and why is it important for device trust?
Open an interactive chat with Bash
What is an immutable ledger, and how does it support hardware-based trust verification?