You have a failover cluster that contains five nodes. All of the nodes run Windows Server
2012 R2. All of the nodes have BitLocker Drive Encryption (BitLocker) enabled.
You enable BitLocker on a Cluster Shared Volume (CSV).
You need to ensure that all of the cluster nodes can access the CSV.
Which cmdlet should you run next?
A.
Unblock-Tpm
B.
Add-BitLockerKeyProtector
C.
Remove-BitLockerKeyProtector
D.
Enable BitLockerAutoUnlock
Explanation:
4. Add an Active Directory Security Identifier (SID) to the CSV disk using the Cluster Name
Object (CNO) The Active Directory protector is a domain security identifier (SID) based
protector for protecting clustered volumes held within the Active Directory infrastructure. It
can be bound to a user account, machine account or group. When an unlock request is
made for a protected volume, the BitLocker service interrupts the request and uses the
BitLocker protect/unprotect APIs to unlock or deny the request. For the cluster service to
selfmanage
BitLocker enabled disk volumes, an administrator must add the Cluster Name Object (CNO),
which is the Active Directory identity associated with the Cluster Network name, as a
BitLocker protector to the target disk volumes.
Add-BitLockerKeyProtector <drive letter or CSV mount point> -ADAccountOrGroupProtector
– ADAccountOrGroup $cno
http://technet.microsoft.com/en-us/library/dn383585.aspx
B. Add-BitLockerKeyProtector
you can associate an Active Directory account to unlock.
example.
Add-BitLockerProtector E: -ADAccountOrGroupProtector -ADAccountOrGroup CLUSTER$
yes B
https://technet.microsoft.com/en-us/%5Clibrary/JJ649835%28v=WPS.630%29.aspx
B.
Step 4 of http://blogs.msdn.com/b/clustering/archive/2012/07/20/10332169.aspx