Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
|
What are the requirements to run BitLocker Drive Encryption?
|
The main requirement is that the computer is running Windows 7 Ultimate or Enterprise edition or Windows Server 2008 R2.
A TPM or Trusted Platform Module version 1.2 microchip is recommended for checking early boot components. It can also be used for storing the BitLocker master key. For a computer that doesn't have a TPM, the startup key can be stored on a USB drive. The next requirement is for a TCG or Trusted Computing Group compliant BIOS that will enable the use of BitLocker on operating system drives. Finally, the BIOS must be configured to boot from the hard disk and not any other device. |
|
|
Abbrev : TPM
|
Trusted Platform Module
|
|
|
Abbrev : TCG
|
Trusted Computing Group
|
|
|
What is the purpose of BitLocker To Go ?
|
BitLocker To Go provides protection for removable media, such as external drives and USB devices.
|
|
|
When is the BitLocker To Go Reader installed on removable media?
|
By default, the BitLocker To Go Reader is installed on the removable media when it is encrypted with BitLocker.
|
|
|
How does the BitLocker To Go Reader help?
|
It helps in providing READ ONLY access to encrypted data of removable device on a computer running Windows XP or Windows Vista.
|
|
|
What is an Offline Attack ?
|
Offline attacks include booting using an alternative operating system in an attempt to recover data stored on the hard disk and removing the computer’s hard disk and connecting it to another computer in an attempt to access the data it contains.
|
|
|
What are the different BitLocker modes ?
|
TPM-only mode
TPM with startup key TPM with PIN (personal identification number) TPM with PIN and startup key BitLocker without a TPM |
|
|
What happens in the TPM-only BitLocker mode ?
|
In TPM-only mode, the user is unaware that BitLocker is functioning and does not have to provide any passwords, PINs, or startup keys to start the computer.
TPM-only mode is the least secure implementation of BitLocker because it does not require additional authentication. |
|
|
Which is the most secure of the BitLocker modes ?
|
TPM with PIN and startup key
|
|
|
When using BitLocker without a TPM certain group policy has to be configured ?
|
Require Additional Authentication At Startup policy
Path= Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Require Additional Authentication At Startup policy |
|
|
Abbrev : (AD DS)
|
Active Directory Domain Services
|
|
|
How can Active Directory Domain Services (AD DS) help in managing TPM ?
|
Using the TPM Management console, you can store TPM
recovery information in Active Directory Domain Services (AD DS) clear the TPM, reset the TPM lockout, and enable or disable the TPM. |
|
|
What are the different Group Policy settings that can be applied to BitLocker ?
|
There are four categories of Group Policy settings used for BitLocker encryption:
* global settings that affect all BitLocker-protected drives * operating system drive settings * fixed data drive settings, and * removable data drive settings |
|
|
Tip
When upgrading from a BitLocker enabled Vista to Windows 7 disable BitLocker and then upgrade. There is no need to decrypt the data. |
Tip
When upgrading from a BitLocker enabled Vista to Windows 7 disable BitLocker and then upgrade. There is no need to decrypt the data. |
|
|
What are Data recovery agents?
|
Data recovery agents are accounts that make use of smart card certificates and public keys to decrypt BitLocker-protected drives.
if the recovery password or keys are lost DRA is used |
|
|
Abbrev :DRA
|
Data Recovery Agents
|
|
|
Location of BitLocker Group policy ?
|
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\
|
|
|
What are the procedures that should be followed to configure DRA for BitLocker?
|
To use data recovery agents, you need to perform certain procedures:
* assign a BitLocker identification field to a BitLocker-protected drive * configure an identification field * verify the identification field has been set on a BitLocker-protected drive * configure the data recovery agent, and * list the data recovery agents configured for a BitLocker-protected drive |
|
|
Which Group policy is used to configure a BitLocker identification field ?
|
Provide the unique identifiers for your organization
|
