3.5 Flashcards
You have a server that runs Windows Server 2012 R2.
You want to protect all of the files on the hard drive to prevent unauthorized access. You want to prevent
access to any file on the hard drive, even if the hard drive is moved to another computer.
Which feature should you implement?
Smart card with PIV
InPrivate
EFS
DirectAccess
BitLocker
BitLocker
You have a server that runs Windows Server 2012 R2. The server is a member of the domain.
You would like to protect the data on your server to meet the following requirements:
All operating system and user data should be encrypted.
All user data should be inaccessible (unreadable) if the hard disk is removed and connected to a
different computer.
The computer should not boot unless a special key is found.
The computer should not boot if a change is detected in the boot files.
You need to implement a solution to meet the stated requirements. What should you do?
Encrypt the volume using the Encrypting File System (EFS)
Implement BitLocker without a TPM
Implement BitLocker with a TPM
Encrypt the user profile folder using the Encrypting File System (EFS)
Implement BitLocker with a TPM
You have a new laptop that you want to configure with Windows 8 Professional.
You would like to use BitLocker on the laptop to protect the volume used for the operating system and all
user data. Your laptop does not have a Trusted Platform Module (TPM) chip on the the motherboard.
You need to configure the computer to use BitLocker. What should you do?
Configure BitLocker to use a startup key on a USB drive.
Configure BitLocker to start without requiring a PIN or USB drive.
Configure BitLocker to require a PIN for startup.
Install Windows 8 Enterprise on the laptop.
Configure BitLocker to use a startup key on a USB drive.
You are getting ready to install Windows Server 2012 R2.
You would like to configure the server to use BitLocker. The server should start up without requiring a PIN or
a USB device during startup.
What should you do? (Select two. Each choice is a required part of the solution.)
Disable the TPM.
Create two partitions on the hard disk. Put boot files on the first partition, and operating system files and data on the second partition.
Install two hard disks. Put boot and operating system files on the first disk, and user data on the second disk.
Enable the TPM.
Create two partitions on the hard disk. Put boot files on the first partition, and operating system files and data on the second partition.
Enable the TPM.
You have two computers that run Windows Server 2012 R2: Server 1 and Server 2. Both computers are
configured with BitLocker. Both computers have a TPM installed.
Because of a hardware failure, Server 1 will not boot. You need to access the data on the drive where
BitLocker was enabled as quickly as possible.
What should you do?
Move the hard disk from Server 1 to Server 2. Insert the USB drive containing the startup key from
Server 2 and reboot Server 2.
Move the hard disk from Server 1 to Server 2. Use the recovery key from Server 1 to gain access to the
encrypted volume.
Move the hard disk from Server 1 to Server 2. Use the recovery key from Server 2 to gain access to the
encrypted volume.
Move the hard disk from Server 1 to Server 2. Insert the USB drive containing the startup key from
Server 1 and reboot Server 2.
Move the hard disk from Server 1 to Server 2. Use the recovery key from Server 1 to gain access to the
encrypted volume.
You have previously installed Windows Server 2012 R2 on two new servers and configured both servers with
BitLocker. Both servers have a TPM installed.
Because of a hardware failure, one of the servers will not boot. You replace the failed hardware, but now
BitLocker is preventing the system from starting because it has failed the startup system integrity checks.
Which of the following would you use to reconfigure BitLocker so the system will start?
PIN
TPM owner password
Startup key
Recovery key
Recovery key
You have a laptop that runs Windows 8. The computer is a member of a domain.
You want to use BitLocker on the laptop. Your implementation should meet the following requirements:
The computer should start up automatically without user intervention.
To meet security requirements, USB support must be disabled on the laptop.
You want to automatically generate recovery keys and store those keys in a central location.
You need to implement a solution to meet the stated requirements. What should you do? (Select two. Each
choice is a required part of the solution.)
Save the recovery key as a password. Store all passwords on a network share.
Configure Group Policy to store recovery keys in Active Directory.
Save the recovery key as a file. Store all recovery keys on a network share.
Implement BitLocker with a TPM.
Implement BitLocker without a TPM.
Configure Group Policy to store recovery keys in Active Directory.
Implement BitLocker with a TPM.
You have a server running Windows Server 2012 R2.
The hard drive has been protected using BitLocker. You need to update the BIOS on the computer.
What should you do first?
Run cipher /r
Run manage-bde -off
Run BdeHdCfg.exe
Run cipher /d /s
Run manage-bde -pause
Run manage-bde -pause
You have a server that runs Windows Server 2012 R2.
The hard drive has been encrypted using BitLocker. BitLocker uses a TPM with a PIN and a startup key.
You have lost the USB device containing the startup key. You also find that you are unable to locate the
recovery key. You need to be able to boot the computer.
What should you do?
Disable the TPM, then re-enable it.
Move the drive to another computer. Boot the computer and run manage-bde -off for the volume.
Reformat the hard drive and reinstall Windows.
Boot the computer using the installation disc to the Recovery Console. Open a command prompt and run manage-bde -off.
Reformat the hard drive and reinstall Windows.
You are the server manager for the westsim.com domain. Your company is opening a branch office in a
neighboring city.
Because the branch office will have only a few users, you will install a single server in the branch office and
configure it with a Server Core installation. The server will provide Active Directory Domain Services (AD DS)
and file and print services.
You are concerned about the security of the server in the branch office. Specifically, you want to meet the
following requirements:
If the hard disk is removed from the server, none of the Active Directory or user files should be
readable.
When the server boots, a PIN must be manually entered at the server console for the boot process to
complete. You will designate two people in the branch office who know this PIN.
If the PIN is not supplied, the server should not boot.
You need to implement a solution to meet the stated requirements. What should you do?
Encrypt the volume with EFS using an encryption key assigned to the server. Configure Group Policy to
prevent startup without a PIN.
Implement BitLocker without a TPM.
Have one of the authorized users encrypt the volume using EFS. Add the second user as an additional user.
Implement BitLocker with a TPM.
Implement BitLocker with a TPM.
You are the server and workstation manager for the westsim.com domain.
Members of the Sales team use Windows 8 laptops while traveling. You would like to use BitLocker on each
computer to protect the volume used for the operating system and all user data. None of the laptops have a
Trusted Platform Module (TPM).
You need to configure the computers to use BitLocker. What should you do?
Install a TPM module in each laptop.
Configure BitLocker to start without requiring a PIN or USB drive.
Configure BitLocker to use a startup key on a USB drive.
Configure BitLocker to require a PIN for startup.
Configure BitLocker to use a startup key on a USB drive.
You are the server and workstation manager for the westsim.com domain.
You are implementing Windows Server 2012 R2 on a new server. You would like to configure the server to
use BitLocker. The servers should start up without requiring a PIN or a USB device during startup.
What should you do? (Select two. Each choice is a required part of the solution.)
Disable the TPM.
Enable the TPM.
Create two partitions on the hard disk. Put boot files on the first partition, and operating system files and data on the second partition.
Install two hard disks. Put boot and operating system files on the first disk, and user data on the second disk.
Enable the TPM.
Create two partitions on the hard disk. Put boot files on the first partition, and operating system files and data on the second partition.
You are the server manager for the westsim.com domain. You have previously installed Windows Server
2012 R2 on two new servers, ServerA and ServerB. You configure both servers with BitLocker. Both servers
have a TPM installed.
Because of a hardware failure, ServerA will not boot. You need to access the data on the drive where
BitLocker was enabled as quickly as possible.
What should you do?
Move the hard disk from ServerA to ServerB. Insert the USB drive containing the startup key from ServerA and reboot ServerB.
Move the hard disk from ServerA to ServerB. Use the recovery key from ServerA to gain access to the encrypted volume.
Move the hard disk from ServerA to ServerB. Use the recovery key from ServerB to gain access to the encrypted volume.
Move the hard disk from ServerA to ServerB. Insert the USB drive containing the startup key from ServerB and reboot ServerB.
Move the hard disk from ServerA to ServerB. Use the recovery key from ServerA to gain access to the encrypted volume.
You are the server manager for the westsim.com domain. You have previously installed Windows Server
2012 R2 on two new servers, and configured both servers with BitLocker. Both servers have a TPM installed.
Because of a hardware failure, one of the servers will not boot. You replace the failed hardware, but now
BitLocker is preventing the system from starting because it has failed the startup system integrity checks.
Which of the following would you use to reconfigure BitLocker so the system will start?
PIN
TPM owner password
Recovery key
Startup key
Recovery key
You are the server manager for the westsim.com domain. You need to install 15 new servers, all running
Windows Server 2012 R2. You want to use BitLocker on all new servers.
Your implementation should meet the following requirements:
Servers should start up automatically without user intervention.
To meet security requirements, USB support must be disabled on each server.
You want to automatically generate recovery keys and store those keys in a central location.
You need to implement a solution to meet the stated requirements. What should you do? (Select two. Each
choice is a required part of the solution.)
Configure Group Policy to store recovery keys in Active Directory.
Save the recovery key as a password. Store all passwords on a network share.
Implement BitLocker without a TPM.
Implement BitLocker with a TPM.
Save the recovery key as a file. Store all recovery keys on a network share.
Configure Group Policy to store recovery keys in Active Directory.
Implement BitLocker with a TPM.
