ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-100 All Questions

View all questions & answers for the MD-100 exam
Go to Exam

Exam MD-100 topic 1 question 11 discussion

Actual exam question from Microsoft's MD-100
Question #: 11
Topic #: 1
[All MD-100 Questions]

Your network contains an Active Directory domain. The domain contains computers that run Windows 10.
You must ensure that Windows BitLocker Drive Encryption is enabled on all client computers, even though a Trusted Platform Module (TPM) chip is installed in only some of them.
You need to accomplish this goal by using one Group Policy object (GPO).
What should you do?

  • A. Enable the Allow enhanced PINs for startup policy setting, and select the Allow BitLocker without a compatible TPM check box.
  • B. Enable the Enable use of BitLocker authentication requiring preboot keyboard input on slates policy setting, and select the Allow BitLocker without a compatible TPM check box.
  • C. Enable the Require additional authentication at startup policy setting, and select the Allow BitLocker without a compatible TPM check box.
  • D. Enable the Control use of BitLocker on removable drives policy setting, and select the Allow BitLocker without a compatible TPM check box.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Moderator at Oct. 26, 2021, 1:53 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Buruguduystunstugudunstuy
2 years, 2 months ago
Selected Answer: C
The correct answer is C. Enable the Require additional authentication at the startup policy setting, and select the Allow BitLocker without a compatible TPM check box. Explanation: The Require additional authentication at startup policy setting allows BitLocker to be enabled on a computer without a TPM chip. Additionally, selecting the Allow BitLocker without a compatible TPM check box enables BitLocker to be used on computers that do not have a TPM chip.
upvoted 2 times
Buruguduystunstugudunstuy
2 years, 2 months ago
INCORRECT: Answer A is incorrect because enabling enhanced PINs for a startup does not allow BitLocker to be enabled without a TPM. It simply allows longer PINs or a combination of PINs and startup keys. Answer B is incorrect because enabling BitLocker authentication requiring preboot keyboard input on slates does not apply to all client computers, and it also does not enable BitLocker without a compatible TPM. Answer D is incorrect because it applies to removable drives, not the local hard drive, and it also does not enable BitLocker without a compatible TPM.
upvoted 1 times
...
...
mikl
3 years, 5 months ago
Selected Answer: C
C. Enable the Require additional authentication at startup policy setting, and select the Allow BitLocker without a compatible TPM check box.
upvoted 4 times
...
Moderator
3 years, 6 months ago
Correct answer. This way either a password or a start-up key (on a USB Drive) is required.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago