Which of the following options would you choose to ensure that you can access the BitLocker volume even if the BitLocker keys are corrupted on the member servers and store the recovery information at a central location?

You are an Enterprise administrator for contoso.com. The company has a head office and five branch offices. The corporate network of the company consists of a single Active Directory domain.

Each office contains Windows 2000 Server domain controller and Windows Server 2008 member servers. The physical security of the member servers was not reliable and servers could be attacked.

Therefore, you decided to implement Windows BitLocker Drive Encryption (BitLocker) on the member servers.

Which of the following options would you choose to ensure that you can access the BitLocker volume even if the BitLocker keys are corrupted on the member servers and store the recovery information at a central location? (Select two. Each correct answer will present a part of the solution.)

A.
Upgrade all domain controllers to Windows Server 2008.

B.
Upgrade the domain controller that has the schema master role to Windows Server 2008.

C.
Upgrade the domain controller that has the primary domain controller (PDC) emulator role to Windows Server 2008.

D.
Use Group Policy to configure Public Key Policies.

E.
Use Group Policy to enable a Data Recovery Agent (DRA).

F.
Use Group Policy to enable Trusted Platform Module (TPM) backups to Active Directory.

Explanation:
To ensure that you can access the BitLocker volume even if the BitLocker keys are corrupted on the member servers and store the recovery information at a central location, you need to upgrade all domain controllers to Windows Server 2008. Use Group Policy to enable Trusted Platform Module (TPM) backups to Active Directory.

By default, no recovery information is backed up. Administrators can configure Group Policy settings to enable backup of BitLocker or TPM recovery information.

All user interfaces and programming interfaces within BitLocker and TPM Management features will adhere to your configured Group Policy settings. When these settings are enabled, recovery information (such as recovery passwords) will be automatically backed up to Active Directory whenever this information is created and changed.

Reference: BitLocker Drive Encryption Configuration Guide: Backing Up BitLocker and TPM Recovery Information to Active Directory
http://technet.microsoft.com/en-us/library/cc766015.aspx



Leave a Reply 0

Your email address will not be published. Required fields are marked *