ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-801 All Questions

View all questions & answers for the AZ-801 exam
Go to Exam

Exam AZ-801 topic 1 question 20 discussion

Actual exam question from Microsoft's AZ-801
Question #: 20
Topic #: 1
[All AZ-801 Questions]

HOTSPOT -
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the accounts shown in the following table.

The domain is configured to store BitLocker recovery keys in Active Directory.
Admin1 and Admin2 perform the following configurations:
1. Admin1 turns on BitLocker Drive Encryption (BitLocker) for volume C on Server1.
2. Admin1 moves Server1 to OU1.
3. Admin2 turns on BitLocker for removable volume E on Server2.
4. Admin2 moves removable volume E from Server2 to Server1 and unlocks the volume.
On which Active Directory object can you view each BitLocker recovery key? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Server1 -
You can configure Group Policies in your domain so that when encrypting any drive with BitLocker, the computer will save the recovery key in its computer object account in AD (like storing a local computer administrator password generated using LAPS).

Box 2: Server2 -
Reference:
http://woshub.com/store-bitlocker-recovery-keys-active-directory/
by nefaxto at Feb. 10, 2023, 2:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
syu31svc
Highly Voted 2 years ago
No need to overthink for this The disk from the source computer which you create the recovery key is where you can view it Answer is correct "Active Directory object" is just to throw you off
upvoted 6 times
sardonique
2 months ago
it is rather the AD object from which you have enacted the Bitlocker Encryption the first time
upvoted 1 times
...
...
BlackCat9588
Most Recent 2 months, 3 weeks ago
It should be -Server1 -Server2 Please let me know if I am worng
upvoted 1 times
...
starseed
7 months, 1 week ago
Correct answer
upvoted 1 times
...
calotta1
1 year, 8 months ago
Correct answer!
upvoted 3 times
...
cris66
2 years, 2 months ago
the computer will save the recovery key in its computer object account in AD (like storing a local computer administrator password generated using LAPS). If you insert the BitLocker-encrypted drive to another computer, you will get a message in the lower right corner of the desktop, which says this drive is BitLocker-protected. Click on this message so that a dialog will appear in the upper right corner of the desktop letting you unlock this drive. Enter the password for the BitLocker drive and click Unlock button. If you forgot/lost the password to unlock this drive, click "More options" followed by "Enter recovery key". The recovery key is going to be from AD computer object where you originally encrypted it.
upvoted 4 times
PEsty93
1 year, 11 months ago
The key will only be stored in AD if the group policy is enabled.
upvoted 1 times
...
...
nefaxto
2 years, 2 months ago
it's seems Correct https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies?source=recommendations#active-directory-domain-services-considerations https://theitbros.com/config-active-directory-store-bitlocker-recovery-keys/
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago