A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 10
Enterprise.
You are configuring security for a portable client computer that does not have a Trusted Platform Module (TPM)
chip installed.
You need to configure local Group Policy to tum on Windows BitLocker Drive Encryption on the computer.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE Each correct selection is worth one point.
A.
Enable the Enforce drive encryption type on operating system drives policy setting.
B.
Enable the option to allow BitLocker without a compatible TPM.
C.
Enable the Require additional authentication at startup policy setting.
D.
Configure the TPM validation profile to enable Platform Configuration Register indices (PCRs) 0, 2, 4, and
11.
Explanation:
https://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/
agree