Home » Microsoft » 70-680 » What should you do?
A company has Windows 7 Enterprise computers that use BitLocker drive encryption on operating system drives.
You need to configure multi-factor authentication before client computers are booted into Windows.
On each client computer, what should you do?
A. Require the use of a startup key.
B. Implement fingerprint authentication.
C. Implement a Dynamic Password Policy.
D. Implement a Dynamic Access Control policy.
E. Configure a TPM PIN.
Correct Answer: E
Explanation/Reference:
BitLocker supports multifactor authentication for operating system drives. If you enable BitLocker on a computer that has a TPM version 1.2, you can use additional forms of authentication with the TPM protection. BitLocker offers the option to lock the normal boot process until the user supplies a personal identification number (PIN) or inserts a USB device (such as a flash drive) that contains a BitLocker startup key, or both the PIN and the USB device can be required. These additional security measures provide multifactor authentication and help ensure that the computer will not start or resume from hibernation until the correct authentication method is presented.