- 2 views
Exam
Answer confirmed
Question
You have a server that runs Windows Server and hosts a file share that is used to store sensitive documents.
You need to minimize the risk associated with physical access to the server. The solution must maximize server security.
What should you configure?
Select only one answer.
Proposed answer
- BitLocker Drive Encryption (BitLocker)
- Encrypting File System (EFS)
- NTFS permissions
- Personal Data Encryption (PDE)
Correct answer
BitLocker Drive Encryption (BitLocker)
- Correct – BitLocker protects the entire drive against offline attacks.
- Incorrect – EFS can be used to encrypt individual files and folders but does not protect the entire drive. The encryption is based on the user’s password, so if the attacker has access to the system drive as well, they can potentially attack the security database of the host and identify the user’s password. As such, this does not meet the requirement of maximizing security.
- Incorrect – NTFS permissions are vulnerable to offline attacks.
- Incorrect – PDE is only available in Windows 11 and requires Windows Hello.
Overview of BitLocker Device Encryption in Windows | Microsoft Learn