AZ-801 Question #19: Real Exam Question with Answer & Explanation

The correct answer is A: Domain Admins. To implement BitLocker on a server, a user generally requires local administrator privileges, and in a domain environment, Domain Admins have the necessary permissions across domain-joined servers.

Secure Windows Server on-premises and hybrid infrastructures

Question

You need to implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege. To which group in Contoso.com should you add User1?

Options

ADomain Admins
BAccount Operators
CSchema Admins
DBackup Operators

Explanation

To implement BitLocker on a server, a user generally requires local administrator privileges, and in a domain environment, Domain Admins have the necessary permissions across domain-joined servers.

Common mistakes.

B. Account Operators can manage user and group accounts in the domain but do not have administrative privileges on servers required to enable BitLocker.
C. Schema Admins can modify the Active Directory schema, a highly privileged role unrelated to enabling BitLocker on a server.
D. Backup Operators can back up and restore files on all domain controllers and member servers but do not have the necessary permissions to configure BitLocker encryption.

Concept tested. BitLocker implementation permissions

Reference. https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-how-to-manage-bitlocker-with-ad-ds

Topics

#BitLocker#Active Directory Permissions#Least Privilege#Server Security

Community Discussion

No community discussion yet for this question.

Full AZ-801 Practice Browse All AZ-801 Questions