Your network contains an Active Directory domain. The domain contains client computers
that run Windows 8 Enterprise.
Users frequently use USB drives to store sensitive files that are used on multiple
computers.
Your corporate security policy states that all removable storage devices, such as USB data
drives, must be encrypted.
You need to ensure that if a user forgets the password for a USB disk that is encrypted by
using BitLocker To Go, the user can resolve the issue themself.
What should you do?
A.
Instruct the user to open BitLocker Drive Encryption, select Backup Recovery Key, and
then select Save to your Microsoft account.
B.
Instruct the user to open BitLocker Drive Encryption, select Backup Recovery Key, and
then select Print the recovery key.
C.
Implement the BitLocker Network Unlock feature.
D.
Publish a data recovery agent certificate by using a Group Policy object (GPO).
There’s a policy for Deny write for removable drives unless encrypted…that’s the one I’d choose.
And you need to backup your MBAM settings to external storage. Try not to print the recovery key.
Out of these answers it will be Print the recovery key.
Network unlock or Data recovery agent would have to be initiated by an administrator, ruling out the ability to do it themselves.
The Microsoft account isn’t available to Domain machines as stated in this question. Info found here: http://windows.microsoft.com/en-gb/windows-8/bitlocker-recovery-keys-faq