Home » Microsoft » 70-647 » What should you include in your plan?
Your company has one main office and 10 branch offices.
The network contains servers that run Windows Server 2008. The servers are configured as file servers and are located in the branch office.
You need to plan a security policy for the branch office. The policy must meet the following requirements:
Users must be able to access all files on the servers.
The operating system and the files on the servers must be inaccessible if a server is stolen.
What should you include in your plan?
A. Use Syskey on the servers.
B. Use Encrypting File System (EFS) on the servers.
C. Use Windows BitLocker Drive Encryption (BitLocker) on all servers.
D. Configure the servers as read-only domain controllers (RODCs).
Correct Answer: C
Explanation/Reference:
Explanation:
www.certify-me.co.uk 98
Microsoft 70-647 Exam
To create a security policy for the users that would ensure that all users can access all files on the servers and if a server is stolen the operating system and the files on the servers become inaccessible, you need to use Windows BitLocker Drive Encryption (BitLocker).
BitLocker allows you to encrypt all data stored on the Windows operating system volume and use the security of using a Trusted Platform Module (TPM) that helps protect user data and to ensure that a computer running Windows Server Vista or Server 2008 hav not been tampered with while the system was offline.
In addition, BitLocker offers the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable USB device, such as a flash drive, that contains a startup key. This process will ensure that all the users can access all files on the servers if they have the PIN.
Reference: BitLocker Drive Encryption Technical Overview
http://technet2.microsoft.com/windowsserver2008/en/library/a2ba17e6-153b-4269-bc46- 6866df4b253c1033.mspx?mfr=true