Home » Microsoft » 70-688 » Which two actions should you perform?
You administer computers that run Windows 8 Enterprise and are members of an Active Directory domain.
Some volumes on the computers are encrypted with BitLocker. The BitLocker recovery passwords are stored in Active Directory. A user forgets the BitLocker password to local drive E: and is unable to access the protected volume.
You need to provide a BitLocker recovery key to unlock the protected volume. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Ask the user to run the manage-bde -protectors -disable e: command.
B. Ask the user for a recovery key ID for the protected drive.
C. Ask the user for his or her logon name.
D. Ask the user for his or her computer name.
Correct Answer: BD
Explanation/Reference:
BitLocker Drive Encryption Operations Guide: Recovering Encrypted Volumes with AD DS Record the name of the user’s computer
You can use the name of the user’s computer to locate the recovery password in AD DS. If the user does not know the name of the computer, ask the user to read the first word of the Drive Label in the BitLocker Drive Encryption Password Entry user interface. This is the computer name when BitLocker was enabled and is probably the current name of the computer.
Verify the user’s identity
You should verify that the person that is asking for the recovery password is truly the authorized user of that computer. Another option is to verify that the computer with the name the user provided belongs to the user.
Reference:
http://technet.microsoft.com/en-us/library/cc771778(v=ws.10).aspx
http://support.microsoft.com/kb/2855131