A company has an Active Directory Domain Services (AD

DS) domain. All client computers run Windows 10 Enterprise.

You are configuring security for a portable client computer that does not have a Trusted Platform Module (TPM) chip installed.

You need to configure local Group Policy to tum on Windows BitLocke

r Drive Encryption on the computer.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE:

Each correct selection is worth one point.

A. Enable the Enforce drive encryption type on operating system drives policy s

etting.

B. Enable the option to allow BitLocker without a compatible TPM.

C. Enable the Require additional authentication at startup policy setting.

D. Configure the TPM validation profile to enable Platform Configuration Register indices (PCRs) 0, 2, 4, a

nd 11.

References: https://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/