Your company has one main office and 10 branch offices. The network contains servers that run
Windows Server 2008. The servers are configured as file servers and are located in the branch office.
You need to plan a security policy for the branch office. The policy must meet the following
requirements:
Users must be able to access all files on the servers.
The operating system and the files on the servers must be inaccessible if a server is stolen.
What should you include in your plan?
A.
Use Syskey on the servers.
B.
Use Encrypting File System (EFS) on the servers.
C.
Use Windows BitLocker Drive Encryption (BitLocker) on all servers.
D.
Configure the servers as read-only domain controllers (RODCs).
Explanation:
To create a security policy for the users that would ensure that all users can access all files on the
servers and if a server is stolen the operating system and the files on the servers become
inaccessible, you need to use Windows BitLocker Drive Encryption (BitLocker). BitLocker allows you
to encrypt all data stored on the Windows operating system volume and use the security of using a
Trusted Platform Module (TPM) that helps protect user data and to ensure that a computer running
Windows Server Vista or Server 2008 hav not been tampered with while the system was offline. In
addition, BitLocker offers the option to lock the normal startup process until the user supplies a
personal identification number (PIN) or inserts a removable USB device, such as a flash drive, that
contains a startup key. This process will ensure that all the users can access all files on the servers if
they have the PIN.
BitLocker Drive Encryption Technical Overview
http://technet2.microsoft.com/windowsserver2008/en/library/a2ba17e6-153b-4269-bc46-
6866df4b253c1033.mspx?mfr=true