Exam 70-697 topic 2 question 5 discussion

Actual exam question from Microsoft's 70-697

Question #: 5
Topic #: 2

A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 10 Enterprise. Some computers have a Trusted Platform
Module (TPM) chip.
You need to configure a single Group Policy object (GPO) that will allow Windows BitLocker Drive Encryption on all client computers.
Which two actions should you perform? Each correct answer presents part of the solution.

A. Enable the Require additional authentication at startup policy setting.
B. Enable the Enforce drive encryption type on operating system drives policy setting.
C. Enable the option to allow BitLocker without a compatible TPM.
D. Configure the TPM validation profile to enable Platform Configuration Register indices (PCRs) 0, 2, 4, and 11.

Show Suggested Answer

Suggested Answer: AC 🗳️
We need to allow Windows BitLocker Drive Encryption on all client computers (including client computers that do not have Trusted Platform Module (TPM) chip).
We can do this by enabling the option to allow BitLocker without a compatible TPM in the group policy. The Allow BitLocker without a compatible TPM option is a checkbox in the Require additional authentication at startup group policy setting. To access the Allow BitLocker without a compatible TPM checkbox, you need to first select Enabled on the Require additional authentication at startup policy setting.
References:
http://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/

by gomatetu at April 4, 2025, 5:07 p.m.

Comments

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!