What command should you run?

HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2.
Server1 has the following BitLocker Drive Encryption (BitLocker) settings:

You need to ensure that drive D will unlock automatically when Server1 restarts. What command
should you run? To answer, select the appropriate options in the answer area.

HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2.
Server1 has the following BitLocker Drive Encryption (BitLocker) settings:

You need to ensure that drive D will unlock automatically when Server1 restarts. What command
should you run? To answer, select the appropriate options in the answer area.

Answer:

Show Hint

Leave a Reply 4

Your email address will not be published. Required fields are marked *

2 + 17 =

TDAC

TDAC

Answer is correct.
Add-BitLockerKeyProtector = adds a key protector for a bitlockered volume

-Mountpoint D: = specifies drive D

-ADAccountOrGroup contoso\server1 = Specifies the account to use as the key protector for the volume encryption key

-Service = Indicates that the system account for the server UNLOCKS the encrypted volume.

More info: https://technet.microsoft.com/en-us/library/jj649835(v=wps.630).aspx

Reply

pieter

pieter

Correct indeed:

enable-bitlocker is just fore a volume that does not host a operating system.
here it is given that server 1 (runnen W2k12) host a bitlockervolume

Reply

Sako Pako

Sako Pako

I don’t understand your answers.
Que question is: “You need to ensure that drive D will unlock automatically when Server1 restarts.”
Add-BitLockerKeyProtector: “adds a protector for the volume key of the volume protected with BitLocker Drive Encryption”
https://technet.microsoft.com/es-es/library/jj649835(v=wps.630).aspx
Wouldn’t be better Enable-BitlockerAutoUnlock?: “enables automatic unlocking for a volume protected by BitLocker Disk Encryption” Is not that what the questions says?
https://technet.microsoft.com/en-us/library/jj649838%28v=wps.630%29.aspx?f=255&MSPPError=-2147217396

Anyone can tell me if i am wrong?

Reply

RG

RG

I look at the question and said the same thing, but look at both articles you posted again.

Enable-BitLockerAutoUnlock does not offer the parameters “-ADAccountOrGroup” nor -Service.

In the first article you posted, it says “When a user accesses a drive protected by BitLocker, such as when starting a computer, BitLocker requests the relevant key protector. For example, the user can enter a PIN or provide a USB drive that contains a key. BitLocker retrieves the encryption key and uses it to read data from the drive.”

Hope this clears it up.

Reply