Which cmdlet should you run next?

You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the
nodes have BitLocker Drive Encryption (BitLocker) enabled.You enable BitLocker on a Cluster Shared Volume (CSV). You need to ensure that all of the cluster nodes can
access the CSV.
Which cmdlet should you run next?

You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the
nodes have BitLocker Drive Encryption (BitLocker) enabled.You enable BitLocker on a Cluster Shared Volume (CSV). You need to ensure that all of the cluster nodes can
access the CSV.
Which cmdlet should you run next?

A.
Unblock-Tpm

B.
Add-BitLockerKeyProtector

C.
Remove-BitLockerKeyProtector

D.
Enable BitLockerAutoUnlock

Explanation:
4. Add an Active Directory Security Identifier (SID) to the CSV disk using the Cluster Name Object (CNO) The
Active Directory protector is a domain security identifier (SID) based protector for protecting clustered volumes
held within the Active Directory infrastructure. It can be bound to a user account, machine account or group.
When an unlock request is made for a protected volume, the BitLocker service interrupts the request and uses
the BitLocker protect/unprotect APIs to unlock or deny the request. For the cluster service to selfmanage
BitLocker enabled disk volumes, an administrator must add the Cluster Name Object (CNO), which is the
Active Directory identity associated with the Cluster Network name, as a BitLocker protector to the target disk
volumes.
Add-BitLockerKeyProtector <drive letter or CSV mount point> -ADAccountOrGroupProtector –
ADAccountOrGroup $cno



Leave a Reply 0

Your email address will not be published. Required fields are marked *