Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named Finance that contains the computers in the finance department. You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named
GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
You plan to implement BitLocker Drive Encryption (BitLocker) on the operating system volumes of the application servers.
You need to ensure that the BitLocker recovery keys are stored in Active Directory.
Which Group Policy setting should you configure?
A. System cryptography: Force strong key protection for user keys stored on the computer
B. Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)
C. System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
D. Choose how BitLocker-protected operating system drives can be recovered
D. Choose how BitLocker-protected operating system drives can be recovered
Answer is D.
Option : Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista) is only for Windows 2008 and Windows Vista.
Option : Choose how BitLocker-protected operating system drives can be recovered is for Windows 2008R2/7 or more.
the answer should be D. Choose how BitLocker-protected operating system drives can be recovered.
i was wrong the answer is D, Computer Configuration – Policies – Administrative Templates – Windows Components – BitLocker Drive Encryption – Operating System Drives – Choose how BitLocker-protected operating system drives can be recovered – Enabled and ensure Save BitLocker recovery information to AD DS for operating system drives is checked
Answer is D
Correct
Agreed B is correct
final answer: D. Choose how BitLocker-protected operating system drives can be recovered (for windows 7 and newer)
https://www.itprotoday.com/windows-8/group-policy-settings-required-bitlocker-save-ad
correct GPO:
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Turn on BitLocker backup to Active Directory Domain Services
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies
FFL is not related, not recommended is only FFL =2003
All client computers run Windows 10.
so answer is:
D. Choose how BitLocker-protected operating system drives can be recovered