Which of the following should be enabled in a laptop’s BIOS prior to full disk encryption?

A.
USB

B.
HSM

C.
RAID

D.
TPM

Explanation:
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the
system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores
cryptographic keys, passwords, or certificates.
Incorrect Answers:A: USB support can be enabled or disabled in a system’s BIOS but it is not required for full-disk
encryption.
B: Hardware Security Module (HSM) hardware-based encryption solution that is usually used in
conjunction with PKI to enhance security with certification authorities (CAs). It is available as an expansion
card and can cryptographic keys, passwords, or certificates. As HSM is not embedded in the
motherboards, it is not enabled or disable in BIOS.
C: Random Array of Independent Disks (RAID) is a fault-tolerant storage solution that consists of two or
more hard disks. It is not required for full-disk encryption.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 237, 238