Question

A security architect has designated that a server segment of an enterprise network will require each server to have secure and measured boot capabilities. The architect now wishes to ensure service consumers and peers can verify the integrity of hosted services.

Which of the following capabilities must the architect consider for enabling the verification?

A. Centralized attestation server
B. Enterprise HSM
C. vTPM
D. SIEM

Answer 1

A Centralized attestation server is the component the security architect should consider for ensuring service consumers can verify the integrity of hosted services, as it acts as a trusted entity that verifies the integrity of server states.

Step-by-step explanation:

The student is asking about mechanisms to ensure integrity verification of services in a server environment with secure and measured boot capabilities. Given the requirements, the capability that the architect should consider is a Centralized attestation server. This type of server serves as a trusted entity that verifies the integrity measurements of the servers, which are taken at boot and during runtime, to ensure they are in a known good state and have not been compromised. Third parties can then use the attestations provided by the centralized server to trust the integrity of the services hosted on the servers. Other options like Enterprise Hardware Security Modules (HSM), virtual TPM (vTPM), or Security Information and Event Management (SIEM) systems serve different roles such as key management, isolated cryptographic operations, and monitoring and analysis of security events, respectively, and are not directly responsible for facilitating integrity verification of hosted services.