Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
15 Cards in this Set
- Front
- Back
|
How to do configure a Data Recovery Agent for EFS
|
cipher /r
Add the Data Recovery Agent to the Default Domain Policy |
|
|
is the feature that computer Vista-Up can use a TPM to store cryptographic info such as encryption keys.
|
BitLocker Drive Encryption(BDE)
|
|
|
Which Bitlocker mode, stores the Bitlocker volume encryption key on the TPM chip, but an administrator must supply a personal pin and insert a USB flash drive containing a startup key before the system can unlock the Bitlocker volume and complete the boot sequence.
|
"TPM + startup PIN + startup key"
|
|
|
Which Bitlocker mode, stores the Bitlocker volume encryption key on the TPM chip, but an administrator must insert a USB flash drive containing a startup key before the system can unlock......
|
"TPM +startup key"
|
|
|
Which bitlocker mode store the Bitlocker volume encryption key on the TPM chip, but an Administrator must supply a pin before the system can unlock.....
|
"TPM + startup pin"
|
|
|
Which bitlocker mode stores a startup key on a USB flash drive, which the administrator must insert each time the system boots. This mode does not require the server to have a TPM chip, but it must have a system BIOS that supports access to the USB flash drive.
|
Startup key only
|
|
|
Which bitlocker mode stores volume encryption key on the TPM chip, and accesses it automatically when the chip has determined that the boot environment is unmodified. This unlocks the protected volume and requires no Administrator interaction.
|
TPM only
|
|
|
This features enables users to encrypt removable media USB devices, such as flash drives or external hdds.
|
Bitlocker To Go
|
|
|
This allows Bitlocker to be enabled before the operating system is installed, The random encryption key is store on disk unprotected, and after Windows is installed, users can fully protect the encryption key for the volume by activating BitLocker and selecting the Bitlocker unlock method
|
Bitlocker Pre-Provisioning
|
|
|
To create a DRA for Bitlocker, what must you do?
|
1.Add the dra account to > COMPUTER CONFIGURATION>POLICIES>WINDOWS SETTINGS>SECURITY SETTINGS>PUBLIC KEY POLICIES>BITLOCKER DRIVE ENCRYPTION....link it to the gpo containing the user or to the system's local security policy(gpedit)
2.Configure the "Provide the unique identifiers for your organization" policy setting in ....>COMPUTER CONFIGURATION>POLICIES>ADMINISTRATIVE TEMPLATES>WINDOWS COMPONENTS>"BITLOCKER DRIVE ENCRYPTION" 3.Enable DRA recovery for each type of Bitlocker resource you want to recover: Ex: OS drives, fixed drives, and removable drives. |
|
|
provides an automatic unlock of operating system volumes at system reboot when connected to a trusted wired corporate network
|
Bitlocker Network-Unlock
|
|
|
Bitlocker Network Unlocker Requirements?
|
Windows 8 installation on UEFI firmware with UEFI DHCP drivers
Bitlocker Network Unlock Feature Windows Server 2012 WDS Role(Network unlock is installed on this server)x.509 certificate DHCP Server separate from the WDS server and DC A Network Unlock certificate Network Unlock Group Policy setting configured |
|
|
cipher /r
|
Generates an EFS recovery agent key and certificate, then writes them to a .pfx file (containing certificate and private key) and a .cer file (containing only the certificate). If /smartcard is specified, it writes the recovery key and certificate to a smart card, and no .pfx file is generated.
|
|
|
Get-Certificate
|
cmdlet can be used to submit a certificate request and install the resulting certificate, install a certificate from a pending certificate request, and enroll for ldap
|
|
|
What is UEFI?
|
Unified Extensible Firmware Interface
is a standard firmware interface for PCs, designed to replace BIOS (basic input/output system). UEFI can support remote diagnostics and repair of computers, even without another operating system Better security by helping to protect the pre-startup—or pre-boot—process against bootkit attacks. • Faster startup times and resuming from hibernation. • Support for drives larger than 2.2 terabytes (TB). • Support for modern, 64-bit firmware device drivers that the system can use to address more than 17.2 billion gigabytes (GB) of memory during startup. •Capabililty to use BIOS with UEFI hardware. Note All 64-bit versions of PCs running Windows with a logo from the Windows Certification Program will use UEFI instead of BIOS. To learn more about your PC's support of UEFI, see the product info that came with your PC. |
