ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-801 All Questions

View all questions & answers for the AZ-801 exam
Go to Exam

Exam AZ-801 topic 1 question 19 discussion

Actual exam question from Microsoft's AZ-801
Question #: 19
Topic #: 1
[All AZ-801 Questions]

HOTSPOT -
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains a server named Server1 that runs Windows Server.
You run Get-BitLockerVolume -MountPoint C,D | fl *, which generates the following output.


You need to ensure that volume D will be unlocked automatically when Server1 restarts.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Add-BitLockerKeyProtector
From the exhibit we see for volume D that AutoUnlockEnabled is False, and AutoUnlockKeyStored is empty.
The Add-BitLockerKeyProtector cmdlet adds a protector for the volume key of the volume protected with BitLocker Drive Encryption.
Example: The following example adds an ADAccountOrGroup protector to the previously encrypted operating system volume using the SID of the account:
Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup S-1-5-21-3651336348-8937238915-291003330-500
Active Directory-based protectors are normally used to unlock Failover Cluster enabled volumes.

Box 2: Service -
The -Service parameter indicates that the system account for this computer unlocks the encrypted volume.
Add-BitLockerKeyProtector syntax with use of the ADAccountOrGroupProtector parameter:

Add-BitLockerKeyProtector -
[-MountPoint] <String[]>
[-ADAccountOrGroupProtector]
[-ADAccountOrGroup] <String>
[-Service]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Incorrect:
* Enable-BitLockerAutoUnlock
The Enable-BitLockerAutoUnlock cmdlet enables automatic unlocking for a volume protected by BitLocker Disk Encryption.
The command has no -ADAccountOrGroupProtector parameter.
Syntax:

Enable-BitLockerAutoUnlock -
[-MountPoint] <String[]>
[-WhatIf]
[-Confirm]
[<CommonParameters>]
* The Clear-BitLockerAutoUnlock cmdlet removes all automatic unlocking keys used by BitLocker Drive Encryption. BitLocker stores these keys for the fixed data drives of a system on a volume that hosts a BitLocker-enabled operating system volume so that it can automatically unlock the fixed and removable data volumes in a system. This makes it easier for users to access data volumes.
Syntax: Clear-BitLockerAutoUnlock []
Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker https://docs.microsoft.com/en-us/powershell/module/bitlocker/add-bitlockerkeyprotector
by SJHCI at April 7, 2023, 3:07 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BlackCat9588
4 months, 1 week ago
Add-BitlockerKeyProtector -Service
upvoted 1 times
...
starseed
9 months ago
Correct Answer
upvoted 1 times
...
syu31svc
2 years, 1 month ago
https://learn.microsoft.com/en-us/powershell/module/bitlocker/add-bitlockerkeyprotector?view=windowsserver2022-ps -Service Indicates that the system account for this computer unlocks the encrypted volume. Answer is right
upvoted 3 times
...
SJHCI
2 years, 2 months ago
correct
upvoted 3 times
SJHCI
2 years, 2 months ago
https://learn.microsoft.com/en-us/powershell/module/bitlocker/add-bitlockerkeyprotector?view=windowsserver2022-ps
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel