SY0-501 · Question #554
SY0-501 Question #554: Real Exam Question with Answer & Explanation
The correct answer is B: Ensure the hardware supports TPM, and enable it in the BIOS.. To implement full drive encryption on a Windows server, BitLocker should be enabled on the drives, with its security significantly enhanced by leveraging a Trusted Platform Module (TPM) for key protection.
Question
Due to regulatory requirements, a security analyst must implement full drive encryption on a Windows file server. Which of the following should the analyst implement on the system to BEST meet this requirement? (Choose two.)
Options
- AEnable and configure EFS on the file system.
- BEnsure the hardware supports TPM, and enable it in the BIOS.
- CEnsure the hardware supports VT-X, and enable it in the BIOS.
- DEnable and configure BitLocker on the drives.
Explanation
To implement full drive encryption on a Windows server, BitLocker should be enabled on the drives, with its security significantly enhanced by leveraging a Trusted Platform Module (TPM) for key protection.
Common mistakes.
- A. Encrypting File System (EFS) encrypts individual files and folders, not entire drives, thus failing to meet the full drive encryption requirement.
- C. VT-x (Virtualization Technology) is a hardware feature that enhances virtualization performance and is unrelated to providing or strengthening full drive encryption.
Concept tested. Windows BitLocker full drive encryption with TPM
Reference. https://learn.microsoft.com/en-us/windows/security/encryption/bitlocker/bitlocker-overview
Community Discussion
No community discussion yet for this question.