Question 20 of 119 from exam AZ-801: Configuring Windows Server Hybrid Advanced Services

Question 20 of 119 from exam AZ-801: Configuring Windows Server Hybrid Advanced Services

Question

HOTSPOT -

Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the accounts shown in the following table.

The domain is configured to store BitLocker recovery keys in Active Directory.

Admin1 and Admin2 perform the following configurations:

1. Admin1 turns on BitLocker Drive Encryption (BitLocker) for volume C on Server1.

2. Admin1 moves Server1 to OU1.

3. Admin2 turns on BitLocker for removable volume E on Server2.

4. Admin2 moves removable volume E from Server2 to Server1 and unlocks the volume.

On which Active Directory object can you view each BitLocker recovery key? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Explanations

Box 1: Server1 -

You can configure Group Policies in your domain so that when encrypting any drive with BitLocker, the computer will save the recovery key in its computer object account in AD (like storing a local computer administrator password generated using LAPS).

Box 2: Server2 -

http://woshub.com/store-bitlocker-recovery-keys-active-directory/