CySA+ CS0-001 – Q. 038


An administrator has been investigating the way in which an actor had been exfiltrating confidential data from a web server to a foreign host. After a thorough forensic review, the administrator determined the servers BIOS had been modified by rootkit installation. After removing the rootkit and flashing the BIOS to a known good state, which of the following would BEST protect against future adversary access to the BIOS, in case another rootkit is installed?

 Anti-malware application
B. Host-based IDS
C. TPM data sealing
D. File integrity monitoring