What is measured boot? (TPM)
A TPM process that checks hashes of critical boot components.
What happens if TPM detects tampering?
System integrity validation fails (may block boot or trigger alert).
Difference between TPM and encryption?
TPM stores cryptographic keys and verifies integrity; encryption scrambles data.
What does HSM stand for and what does it do?
Hardware Security Module.
It securely stores cryptographic keys.
How is an HSM different from TPM?
HSM stores and protects keys externally; TPM verifies system integrity and stores keys on the motherboard.
What does a boot password do?
Requires authentication before the OS loads.
Does a boot password verify firmware integrity?
No.
Does encryption verify firmware during boot?
No.
Which component helps protect BitLocker keys?
TPM
Where is TPM typically located?
On the motherboard (or firmware-based in modern systems).
Exam keyword: compares hashes during boot = ?
TPM
Exam trap: secure key storage USB device = ?
HSM
Exam trap: requires password before OS loads = ?
Boot password
Exam trap: scrambles data to prevent reading = ?
Encryption
What does PXE stand for?
Preboot Execution Environment
What is PXE used for?
Booting a computer over the network from a server.
Where is PXE configured?
In BIOS/UEFI boot order settings.
Exam keyword: boot from network adapter = ?
PXE
Exam keyword: prevents boot-level malware = ?
Secure Boot
What does TPM primarily do?
Stores cryptographic keys and verifies system integrity.
Does TPM stop malware from loading?
No. It measures integrity but does not block execution.
What is the difference between TPM and Secure Boot?
TPM measures and stores keys; Secure Boot blocks unauthorized boot code.
What does a boot password do?
Requires authentication before OS loads.
Does a boot password prevent bootloader malware?
No.
