You have a client Windows 10 Enterprise computer. The computer is joined to an Active Directory domain. The computer does not have a Trusted Platform Module (TPM) chip installed.You need to configure BitLocker Drive Encryption (BitLocker) on the operating system drive.Which Group Policy object (GPO) setting should you configure?To make use of BitLocker on a drive without TPM, you should run the gpedit.msc command. You must then access the Require additional authentication at startup setting by navigating to Computer ConfigurationAdministrative TemplatesWindows ComponentsBit Locker Drive EncryptionOperating System Drives under Local Computer Policy. You can now enable the feature and tick the Allow BitLocker without a compatible TPM checkbox.Incorrect Answers:A: The Allow access to BitLocker-protected fixed data drives from earlier version of Windows policy setting is used to control whether access to drives is allowed via the BitLocker To Go Reader, and if the application is installed on the drive.C: The Allow network unlock at startup policy allows clients running BitLocker to create the necessary network key protector during encryption.D: The Configure use of hardware-based encryption for operating system drives policy controls how BitLocker reacts when encrypted drives are used as operating system drivesReferences:http://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/https://technet.microsoft.com/en-us/library/jj679890.aspx#BKMK_depopt4
Question:
Which Group Policy object (GPO) setting should you configure?
Options:
Allow access to BitLocker-protected fixed data drives from earlier version of Windows.
Require additional authentication at startup.
Allow network unlock at startup.
Configure use of hardware-based encryption for operating system drives.
Correct Answer
The Correct Answer for this Question is
Require additional authentication at startup.