Which four actions should you perform in sequence?

DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains two
domain controllers named DC1 and DC2. The domain contains a server named Server1.
Server1 is a certification authority (CA). All servers run Windows Server 2012 R2.
You plan to deploy BitLocker Drive Encryption (BitLocker) to all client computers. The unique
identifier for your organization is set to Contoso.

You need to ensure that you can recover the BitLocker encrypted data by using a BitLocker data
recovery agent. You must be able to perform the recovery from any administrative computer.
Which four actions should you perform in sequence? To answer, move the appropriate actions from
the list of actions to the answer area and arrange them in the correct order.

DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains two
domain controllers named DC1 and DC2. The domain contains a server named Server1.
Server1 is a certification authority (CA). All servers run Windows Server 2012 R2.
You plan to deploy BitLocker Drive Encryption (BitLocker) to all client computers. The unique
identifier for your organization is set to Contoso.

You need to ensure that you can recover the BitLocker encrypted data by using a BitLocker data
recovery agent. You must be able to perform the recovery from any administrative computer.
Which four actions should you perform in sequence? To answer, move the appropriate actions from
the list of actions to the answer area and arrange them in the correct order.

Answer: See the explanation

Explanation:

Box 1:

Box 2:

Box 3:

Box 4:



Leave a Reply 6

Your email address will not be published. Required fields are marked *


movieman

movieman

Install BitLocker on a domain controller
Copy the basic EFS certificate…….
Request the new certificate and export the certificate as a .cer file
Deploy the data recovery agent by using GPO

jaydub

jaydub

You have to install Bitlocker on the CA (Server1) in order to have the Bitlocker extensions available.

Install BitLocker on Server1
Copy the basic EFS certificate…….
Request the new certificate and export the certificate as a .cer file
Deploy the data recovery agent by using GPO

Wylana

Wylana

Pollo is right.

In his link it clearly states:

“NOTE: In case you do not see attributes listed under the Application polices, you should re-login to the domain controller using a schema admin account and install the Bitlocker feature. The ‘Bitlocker Drive Encryption’ and ‘Bitlocker Data Recovery Agent’ application policies will be listed upon installation of the bitlocker feature.”

So its Install Bitlocker on a Domain Controller!

BluAlien

BluAlien

@Pollo I read your Link and found it very interesting, but the note cited also from @Wylana is false.

I tried it personally in lab. If you install Bitlocker Feature on the Domain Controller (I have only one in my lab) the attribute still aren’t listed under the Application Policy.
After having installed Bitlocker on the CA Server (and removed from DC) I was able to find the Bitlocker Data Recovery Agent and Bitlocker Data Encryption under Application Policy.

Another point, the article explain to use as certificate template the Key Recovery Agent, but in the available answers we have only Basic EFS and finally the article is quite old 2010, which makes me have some dubt.

The article linked down here is much more recent (2016), and explains all the steps. The installation of Bitlocker on the CA server is not directly mentioned but is reported in one of the comments (paulw one):

“If the BitLocker Drive Encryption and BitLocker Data Recovery Agent are missing from Extensions and edit Application Policies Install Bitlocker Drive Encryption from the Server Manager Add Roles and Features on the Server that houses the CA. Reboot and the options will then be there.”

Also in this version the template to copy should be Key Recovery Agent and not Basic EFS as in the answers options.

So finally the correct answer is:

Install BitLocker on Server1
Copy the basic EFS certificate… (Should be Key Recovery Agent)
Request the new certificate and export the certificate as a .cer file
Deploy the data recovery agent by using GPO