Securing Windows Server 2016 — Question 170

You have a Hyper-V host named Server1 that runs Windows Server 2016.
Server1 has a generation 2 virtual machine named VM1 that runs Windows 10.
You need to ensure that you can turn on BitLocker Drive Encryption (BitLocker) for drive C on VM1.
What should you do?

Answer options

• A. From the settings of VM1, configure Integration Services
• B. From Server1, configure the Enforce drive encryption type on fixed data drives Group Policy setting.
• C. From the settings of VM1, enable a Trusted Platform Module(TPM).
• D. From the settings of VM1, enable Secure Boot.

Correct answer: C

Explanation

The correct answer is C because enabling a Trusted Platform Module (TPM) is necessary for BitLocker to function, especially on a generation 2 VM. Options A and D do not directly relate to BitLocker functionality, and option B pertains to a Group Policy setting that does not apply to the VM itself.