HOTSPOT
Your network contains one Active Directory domain named contoso.com. The domain contains 10 file servers
that run Windows Server 2012 R2.
You plan to enable BitLocker Drive Encryption (BitLocker) for the operating system drives of the file servers.
You need to configure BitLocker policies for the file servers to meet the following requirements:
Ensure that all of the servers use a startup PIN for operating system drives encrypted with BitLocker.
Ensure that the BitLocker recovery key and recovery password are stored in Active Directory.
Which two Group Policy settings should you configure? To answer, select the appropriate settings in the
answer area.
Hot Area:
Explanation:
* Choice 1: Require additional authentication at startup
This policy setting is used to control which unlock options are available for operating system drives.
You can set this option to Require startup PIN with TPM
Choice 2: Choose how BitLocker-protected operating system drives can be recovered
This policy setting is used to configure recovery methods for operating system drives.
In Save BitLocker recovery information to Active Directory Domain Services, choose which BitLocker recovery
information to store in Active Directory Domain Services (AD DS) for operating system drives. If you select
Store recovery password and key packages, the BitLocker recovery password and the key package are stored
in AD DS. Storing the key package supports recovering data from a drive that is physically corrupted. If you
select Store recovery password only, only the recovery password is stored in AD DS.
BitLocker Group Policy Settings
https://technet.microsoft.com/en-us/library/jj679890.aspx#BKMK_unlockpol1