Comprehensive and Detailed Explanation From Exact Extract (Aligned With CompTIA A+ 220-1201 Study Guide)
To run Secure Boot, the system must have:
✔ UEFI firmware (not legacy BIOS)
Secure Boot is a UEFI feature that validates bootloaders using digitally signed keys stored in secure firmware.
✔ TPM (Trusted Platform Module)
The TPM stores cryptographic keys in tamper-resistant hardware, enabling secure key management that cannot be altered by normal users.
CompTIA materials describe TPM as essential for enhanced platform security and for storing validated boot keys when Secure Boot is enabled.
Together, UEFI + TPM provide:
Verified boot loader
Hardware-level key protection
Prevention of unauthorized OS tampering
Non-user-controllable secure key storage
Why the other options are incorrect
A. VDI – Virtual desktops; unrelated to Secure Boot hardware requirements.
B. BIOS password – Helps protect firmware settings but is not required for Secure Boot.
E. Disabled boot drive – Irrelevant to Secure Boot.
F. USB permissions – Not part of Secure Boot requirements.
Final Answer: C, D
