AZ-801 · Question #5
AZ-801 Question #5: Real Exam Question with Answer & Explanation
This question tests knowledge of the correct sequence to enable BitLocker encryption on a Cluster Shared Volume (CSV) in a Windows Server Failover Cluster, which requires specific ordering to maintain cluster integrity and security compliance.
Question
You are planning the implementation of Cluster2 to support the on-premises migration plan. You need to ensure that the disks on Cluster2 meet the security requirements. In which order should you perform the actions to answer, move all actions from the list of actions to the answer area and arrange them in the correct order. Actions to order: - Add a disk resource to the cluster. - Enable BitLocker on the volume. - Update the BitLockerProtectorinfo property of the volume. - Create a Cluster Shared Volume (CSV). - Put the disk in maintenance mode.
Explanation
This question tests knowledge of the correct sequence to enable BitLocker encryption on a Cluster Shared Volume (CSV) in a Windows Server Failover Cluster, which requires specific ordering to maintain cluster integrity and security compliance.
Approach. The correct order is: (1) Add a disk resource to the cluster - the physical disk must first be recognized as a cluster resource before any further steps. (2) Create a Cluster Shared Volume (CSV) - the cluster disk is then promoted to a CSV so multiple nodes can access it. (3) Put the disk in maintenance mode - this is mandatory before enabling BitLocker on a CSV; it suspends cluster health monitoring and redirected I/O so the encryption process does not conflict with cluster operations. (4) Enable BitLocker on the volume - with the CSV safely in maintenance mode, BitLocker encryption can be applied. (5) Update the BitLockerProtectorinfo property of the volume - this final step registers the BitLocker key protector metadata with the cluster so that any node that takes ownership of the CSV can automatically unlock the encrypted volume, fulfilling the security requirement across the cluster.
Concept tested. BitLocker encryption on Cluster Shared Volumes (CSV) in Windows Server Failover Clustering - specifically the prerequisite steps (adding disk resource, creating CSV, entering maintenance mode) that must precede encryption, and the post-encryption cluster metadata update (BitLockerProtectorinfo) that enables multi-node key access.
Reference. Microsoft Docs: 'BitLocker: How to enable Network Unlock' and 'Cluster Shared Volumes (CSV) overview' - Windows Server Failover Clustering with BitLocker
Topics
Community Discussion
No community discussion yet for this question.