Your organization is rolling out a new line of laptops to employees who handle sensitive data. These devices will be storing encryption keys, digital certificates, and passwords. The IT department is required to ensure that the keys used for disk encryption are stored in a way that is resistant to tampering and can provide platform integrity verification. What embedded solution on the laptops should be utilized to achieve this level of security?
Implement a Secure Enclave within the laptop's central processing unit.
Integrate a separate Hardware Security Module (HSM) for each laptop.
Use the Trusted Platform Module (TPM) on the laptops.
Apply a Key Management System for all user credentials.
The correct answer is 'Use the Trusted Platform Module (TPM) on the laptops.' A TPM is a specialized chip on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication. The keys stored in the TPM are used for different security applications, such as disk encryption, which is critical for securing sensitive data on employee laptops. Moreover, the TPM can provide platform integrity verification, enhancing the overall security posture. While an HSM and Secure Enclave can offer secure storage for keys and perform cryptographic operations, they are typically external devices or isolated areas within a CPU, not embedded solutions specifically tailored for endpoint devices like laptops. A Key Management System is more of an overarching system to manage cryptographic keys throughout their lifecycle and does not provide the hardware-level storage necessary for this scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What exactly is a Trusted Platform Module (TPM)?
Open an interactive chat with Bash
How does the TPM provide platform integrity verification?
Open an interactive chat with Bash
What is the difference between a TPM and a Hardware Security Module (HSM)?