Lesson 10: Manage FileVault Flashcards
How does FileVault 2 protect a user’s data?
FileVault 2 protects the entire system volume and all its data by using strong XTS-AES 128 encryption with 256-bit keys.
During system startup, an authorized user must enter his or her password to decrypt the system volume.
What are the system requirements for enabling FileVault?
To enable FileVault, macOS systems must have the hidden macOS Recovery HD volume on the system disk.
Further, any Legacy FileVault accounts must be decrypted and restored as normal accounts before FileVault system volume encryption can be enabled.
Which users are authorized to unlock a FileVault-protected system?
Any user that is FileVault enabled is authorized to unlock a system protected by FileVault.
This includes any local or cached network user account that was enabled when FileVault was set up or created after FileVault was enabled.
Further, administrators may return to Security & Privacy preferences to enable additional accounts.
When enabling FileVault in Security & Privacy preferences, what two methods can be used to save the FileVault recovery key?
When enabling FileVault in the Security & Privacy preferences, you can either manually save the FileVault recovery key using your own devices, or save the recovery key on Apple’s servers via an iCloud account.
How can you unlock a system protected by FileVault when all user accounts have lost their passwords?
A system protected by FileVault can be unlocked using the recovery key that was generated during the FileVault setup process.
This key can be entered manually during system startup or automatically via an iCloud account authenticated in the Reset Password Assistant application in macOS Recovery.
Once the recovery key successfully unlocks the system volume, the system allows you to reset the user’s account password.