PrepAway - Latest Free Exam Questions & Answers

Which cmdlet should you run next?

You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the
nodes have BitLocker Drive Encryption (BitLocker) enabled.
You enable BitLocker on a Cluster Shared Volume (CSV).
You need to ensure that all of the cluster nodes can access the CSV.
Which cmdlet should you run next?

PrepAway - Latest Free Exam Questions & Answers

A.
Unblock-Tpm

B.
Add-BitLockerKeyProtector

C.
Remove-BitLockerKeyProtector

D.
Enable BitLockerAutoUnlock

Explanation:

4. Add an Active Directory Security Identifier (SID) to the CSV disk using the Cluster Name Object (CNO) The
Active Directory protector is a domain security identifier (SID) based protector for protecting clustered
volumes held within the Active Directory infrastructure. It can be bound to a user account, machine account or
group. When an unlock request is made for a protected volume, the BitLocker service interrupts the request
and uses the BitLocker protect/unprotect APIs to unlock or deny the request. For the cluster service to
selfmanage
BitLocker enabled disk volumes, an administrator must add the Cluster Name Object (CNO), which is the Active
Directory identity associated with the Cluster Network name, as a BitLocker protector to the target disk
volumes.
Add-BitLockerKeyProtector <drive letter or CSV mount point> -ADAccountOrGroupProtector –
ADAccountOrGroup $cno

One Comment on “Which cmdlet should you run next?

  1. kurt says:

    you can associate an Active Directory account to unlock:

    Add an ADAccountOrGroup protector with the Cluster Name Object (CNO) to the volume using a command such as:
    Add-BitLockerProtector E: -ADAccountOrGroupProtector -ADAccountOrGroup CLUSTER$




    0



    0

Leave a Reply