ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-100 All Questions

View all questions & answers for the MD-100 exam
Go to Exam

Exam MD-100 topic 3 question 81 discussion

Actual exam question from Microsoft's MD-100
Question #: 81
Topic #: 3
[All MD-100 Questions]

You need to enable BitLocker Drive Encryption (BitLocker) on a computer named Computer1 that runs Windows 10. Computer1 has the following configurations:
✑ Contains only one 200-GB NTFS volume named C:\
✑ Contains 50 GB of unallocated disk space
✑ Is the member of a workgroup
✑ Has TPM enabled
What should you do first?

  • A. Create a VHD.
  • B. Disable TPM.
  • C. Create an additional volume.
  • D. Join Computer1 to an Azure Active Directory (Azure AD) tenant.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Two partitions are required to run BitLocker because pre-startup authentication and system integrity verification must occur on a separate partition from the encrypted operating system drive. This configuration helps protect the operating system and the information in the encrypted drive.
Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq
by AVP_Riga at March 19, 2021, 12:58 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Buruguduystunstugudunstuy
2 years, 1 month ago
Selected Answer: C
The correct answer is C. Create an additional volume. Before enabling BitLocker Drive Encryption on a computer, it is recommended to create an additional volume. The reason for this is that BitLocker requires a certain amount of unencrypted space on the system drive to store boot files and other system files that are required to start the computer. If there is not enough unencrypted space on the system drive, BitLocker will not be able to encrypt the drive. In this scenario, Computer1 has only one 200-GB NTFS volume named C:\ and 50 GB of unallocated disk space. To enable BitLocker on the C:\ volume, you should create an additional volume by shrinking the C:\ volume and creating a new partition with the unallocated space. You can do this using the Disk Management tool in Windows 10. Once you have created an additional volume, you can then enable BitLocker on the C:\ volume using the BitLocker Drive Encryption wizard.
upvoted 1 times
Buruguduystunstugudunstuy
2 years, 1 month ago
Answer A, creating a VHD, is not necessary for enabling BitLocker on the C:\ volume. Answer B, disabling TPM, is not recommended as TPM is required for hardware-based encryption with BitLocker. Answer D, joining Computer1 to an Azure AD tenant, is not necessary for enabling BitLocker on the C:\ volume, as BitLocker can be enabled on computers that are not joined to a domain or Azure AD tenant.
upvoted 1 times
...
...
AVP_Riga
4 years, 1 month ago
I have only one volume and BitLocker enabled. Why we need second drive when we can store Startup keys inside TMP?
upvoted 2 times
Sh1rub10
4 years, 1 month ago
From the referenced article "Two partitions are required to run BitLocker because pre-startup authentication and system integrity verification must occur on a separate partition from the encrypted operating system drive. This configuration helps protect the operating system and the information in the encrypted drive."
upvoted 12 times
AVP_Riga
4 years, 1 month ago
Yes, but I have only one drive and BitLocker is enabled. Maybe it works because was pre-configured during SCCM TS from ram disk X.
upvoted 1 times
Z3r0Wing
3 years, 10 months ago
Check in your computer "disk partitions" inside "Computer Management" and you will find a hidden "system volume" (that volume is asked to be created or automatically created during Windows installation wizard). The question says "you only have a 200gb ntfs partition", so we assume there is no "hidden OS volume" so is needed in this case. Answer is correct from my side.
upvoted 6 times
...
AnoniMouse
3 years, 11 months ago
I have my doubts that you only have 1 volume. Try opening disk management MMC. How many partitions do you see? Depending on your device, UEFI or BIOS, your Windows Explorer might show you only 1 disk (the C drive) but this is a partition within the disk that has other HIDDEN partitions that do not show up in Explorer. Do you confirm you have only one partition occupying the whole disc?
upvoted 5 times
...
Load full discussion...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago