unit 18
What options do you have for implementing BitLocker Drive Encryption?
1) Encrypt entire drive 2) Encrypt used disk space only
You attempt to enable BitLocker Drive Encryption to protect the operating system drive on a Windows 8 computer but are unable to complete the process. What could be contributing to the problem? List four.
1) For BitLocker to use the system integrity check provided by a TPM, the computer must have a TPM version 1.2. 2) A computer with a TPM must also have a Trusted Computing Group (TCG)-compliant BIOS. 3) The system BIOS (for TPM and non-TPM computers) must support the USB mass storage device class, including reading small files on a USB flash drive in the pre-operating system environment. 4) The hard disk must be partitioned with at least two drives.
Which of the following can be used to protect files after someone has successfully booted into a shared Windows 8 computer and logged in using an authorized user account?
1) NTFS 2) EFS
BitLocker to Go can be used to encrypt removable storage data drives that are formatted with which of the following file systems?
1) NTFS 2) FAT32 3) exFAT
Put the following steps into the correct order to enable BitLocker to encrypt the system partition.
1) Open the BitLocker Drive Encryption control panel application 2) On the operating system drive, select Turn on BitLocker. 3) Enter a password when prompted to do 4) Save the recovery key to a USB drive 5) Place a copy of the recovery key in another location 6) Reboot the computer when prompted 7) Provide the password when requested
When you encrypt the drive where the Windows operating system is installed, BitLocker must store the keys it uses to encrypt/decrypt on a separate piece of hardware. Where can the keys be stored?
1) TPM v1.2 or later chip 2) USB flash drive
In order of first to last, specify the six steps used to encrypt a removable drive using BitLocker To Go.
1) Type BitLocker Drive Encryption from the Windows 8 start menu and select it from the results list. 2) Select Turn on BitLocker for the removable drive. 3) Choose how you want to unlock the drive. 4) Choose where to back up the recovery key. 5) Choose how much of the drive to encrypt. 6) Start encrypting the drive.
Amanda Killingsworth is the network administrator for a small company that upgraded its Windows 7 mobile devices to Windows 8 for its sales staff. It also upgraded its Exchange server to Exchange Server 2013 and can use the Microsoft Outlook Web app. The sales staff travels a lot for the company and has in the past left the devices at the airport. In a few cases, the devices have been stolen. What recommendations would you make to protect the sensitive data based on what you know about the network? Give 2 recommendations.
1) the web outlook app can be used to remote wipe devices 2) Exchange server to Exchange Server
In order to use BitLocker Drive Encryption, how much free space will be required on your system partition?
100 MB
To use BitLocker to encrypt the drive that contains your operating system, which of the following drives supports this goal?
200 MB system partition
How many characters make up a BitLocker recovery key?
48
When using BitLocker to Go, which of the following that is typically associated with BitLocker is not required to unlock the drive?
A TPM chip
A Windows Server role that provides a certificate infrastructure for a network.
Active Directory Certificate Services (ADCS)
Which Group Policy setting for BitLocker to Go would you need to configure to ensure that FAT-formatted BitLocker to Go drives are accessible on older versions of Windows?
Allow Access To BitLocker-Protected Removable Data Drives From Earlier Versions of Windows
A feature included with the Windows 7 Enterprise and Ultimate editions that Microsoft designed to address the problem of compromised data that happens when a computer is lost or stolen.
BitLocker Drive Encryption
Used to encrypt entire volumes and drives.
BitLocker Drive Encryption
BitLocker Drive Encryption on removable data drives.
BitLocker To Go
Encryption feature designed to protect removable USB devices.
BitLocker To Go
It is a Sunday afternoon and after arriving home from lunch with a friend, you discover your Windows 8 mobile device was stolen. It was configured to connect to your company's Active Directory domain. What is the quickest way to protect sensitive information on the device?
Connect using your Outlook Web app from another device and perform a remote wipe on your device.
With BitLocker To Go enabled on a data volume for additional protection, to disable it because there is no longer any sensitive data stored on the volume, what tool would you use?
Control Panel > Manage BitLocker
What user account can be authorized to recover BitLocker drives for an entire organization?
Data Recovery Agent
A user account that an administrator has authorized to recover BitLocker drives for an entire organization with a digital certificate on a smart card.
Data Recovery Agent (DRA)
A Windows feature that enables users to protect specific files and folders, so that no one else can access them.
Encrypting File System (EFS)
A protocol that is designed to not only synchronize email, contacts, calendars, and tasks but also provide the ability to perform mobile device management.
Exchange ActiveSync
A BitLocker feature that automatically unlocks an operating system volume at reboot if the computer is connected to a domain.
Network Unlock
What is a 4- to 20-digit number that you create when enabling BitLocker, which must be entered each time you start your system?
PIN
A 4- to 20-digit number you create and enter each time you start.
Personal Identification Number (PIN)
In BitLocker, a 4- to 20-digit number you choose that is stored on your computer and must be entered each time you start the system.
Personal Identification Number (PIN)
Information that can be used to uniquely identify, contact, or locate an individual.
Personally Identifiable Information (PII)
A removable storage medium that you can protect using BitLocker To Go.
Secure Digital (SD) cards
Which key is used to encrypt/decrypt the drive and must be entered each time you boot your computer?
Startup key
Of the listed BitLocker authentication methods, which is considered to be the least secure?
Startup key only
Which BitLocker authentication method requires a PIN code to be entered before the system will be allowed to fully boot?
TPM + startup PIN
Of the listed BitLocker authentication methods, which is considered to be the most secure?
TPM + startup PIN + startup key
Which BitLocker authentication method requires the entry of a PIN code and the presence of a USB drive containing the startup key?
TPM + startup PIN + startup key
Which BitLocker authentication method stores the BitLocker encryption key on the TPM chip and requires an administrator to use a USB drive containing the startup key before the system can unlock?
TPM + startup key
Which of the following represents the most secure authentication option?
TPM + startup key
To support BitLocker Drive Encryption on the drive that contains your operating system, you need which of the following?
TPM only
Which BitLocker authentication method allows BitLocker to automatically access the encryption key if the boot environment is determined to be unmodified?
TPM only
When using TPM with BitLocker, what mode will your users most likely prefer due to relatively little impact on them, including no changes to the login process?
TPM-Only mode
What option does BitLocker give you to allow system maintenance to be performed, such as the installation of software or updating of firmware, without BitLocker interfering?
The Suspend protection option
A dedicated cryptographic processor chip that the system uses to store the BitLocker encryption keys.
Trusted Platform Module (TPM)
Dedicated cryptographic processor chip that the system uses to store BitLocker Drive Encryption keys.
Trusted Platform Module (TPM)
How many partitions, at a minimum, will you need to use BitLocker Drive Encryption?
Two
A Windows 8 component that generates geographic data regarding the location of the computer.
Windows Location Provider (WLP)
What is the disadvantage of choosing a USB flash drive for the storage of the BitLocker keys?
You have to insert the USB drive at each startup
An electronic document that contains a private encryption key, one-half of the public key infrastructure used by the owner.
certificates
A software program that verifies, stores, and issues digital certificates.
certification authorities
To disable the location settings for all users in your Active Directory domain, which option allows you to do this with the least administrative effort?
gpmc.msc
A form of encryption that uses its own dedicated processor, located on the encrypted drive.
hardware-based encryption
Data used by some Windows apps and desktop apps to provide you with information that is specific to your current location.
location settings
A 48-digit number that can provide access to a BitLocker drive if the startup key is lost.
recovery key
A 48-digit number used when you lose/forget your startup key.
recovery key
A Windows 8 feature that enables a user to remotely trigger a reset of the computer back to factory default settings.
remote wipe
A form of encryption that relies on the computer's resources and processor to encrypt data.
software-based encryption
A mathematical value that you create the first time you enable BitLocker on a drive. The startup key is used to encrypt/decrypt the drive.
startup key