Your network contains an Active Directory domain. The domain contains computers that run Windows 10. You must ensure that Windows BitLocker Drive Encryption is enabled on all client computers, even though a Trusted Platform Module (TPM) chip is installed in only some of them. You need to accomplish this goal by using one Group Policy object (GPO). What should you do?

Questions › Category: MD-100 › Your network contains an Active Directory domain. The domain contains computers that run Windows 10. You must ensure that Windows BitLocker Drive Encryption is enabled on all client computers, even though a Trusted Platform Module (TPM) chip is installed in only some of them. You need to accomplish this goal by using one Group Policy object (GPO). What should you do?

0 Vote Up Vote Down

Admin Staff asked 4 months ago

Your network contains an Active Directory domain. The domain contains computers that run Windows 10.
You must ensure that Windows BitLocker Drive Encryption is enabled on all client computers, even though a Trusted Platform Module (TPM) chip is installed in only some of them.
You need to accomplish this goal by using one Group Policy object (GPO).
What should you do?

A. Enable the Allow enhanced PINs for startup policy setting, and select the Allow BitLocker without a compatible TPM check box.

B. Enable the Enable use of BitLocker authentication requiring preboot keyboard input on slates policy setting, and select the Allow BitLocker without a compatible TPM check box.

C. Enable the Require additional authentication at startup policy setting, and select the Allow BitLocker without a compatible TPM check box.

D. Enable the Control use of BitLocker on removable drives policy setting, and select the Allow BitLocker without a compatible TPM check box.

Suggested Answer: C

We need to allow Windows BitLocker Drive Encryption on all client computers (including client computers that do not have Trusted Platform Module (TPM) chip).
We can do this by enabling the option to allow BitLocker without a compatible TPM in the group policy. The "Allow BitLocker without a compatible TPM" option is a checkbox in the "Require additional authentication at startup" group policy setting. To access the "Allow BitLocker without a compatible TPM" checkbox, you need to first select Enabled on the "Require additional authentication at startup" policy setting.
Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-unlockpol4

This question is in MD-100: Windows 10 Exam
For getting Microsoft 365 Certified: Endpoint Administrator Associate Certificate

Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft.
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.

HOTSPOT – You are developing an application that uses Azure Storage Queues. You have the following code: For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:

Recommended

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Fortinet NSE 4 – FortiOS 7.2 certificate

Welcome Back!

Create New Account!

Retrieve your password