Securing Windows Server 2016 — Question 148

You have a Hyper-V host named Server1 that runs Windows Server 2016.
Server1 has a generation 2 virtual machine named VM1 that runs Windows 10.
You need to ensure that you can turn on BitLocker Drive Encryption (BitLocker) for drive C on VM1.
What should you do?

Answer options

• A. From VM1, configure the require additional authentication at startup Group Policy setting.
• B. From the settings of VM1, enable Secure Boot.
• C. From Server1, install the BitLocker feature.
• D. From VM1, configure the Enforce drive encryption type on fixed data drives Group Policy setting.

Correct answer: A

Explanation

The correct answer is A because configuring the Group Policy setting for required additional authentication at startup allows BitLocker to be enabled on a virtual machine. The other options do not directly facilitate the enabling of BitLocker; for instance, enabling Secure Boot (option B) is necessary but not sufficient by itself, and installing the BitLocker feature (option C) is not needed on the VM. Option D is unrelated to the requirement for the system drive where BitLocker is being applied.