ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company issues Windows 10 laptops to traveling staff. Policy requires that if a computer is lost, its contents must remain unreadable, and the help-desk must be able to retrieve or revoke the decryption key without destroying the drive. The solution should rely on hardware already built into most enterprise laptops, minimize user interaction at boot, and integrate with Active Directory for key escrow. Which implementation best meets these requirements?
Deploy third-party file-level encryption software and instruct users to manually encrypt sensitive files before travel.
Enable BitLocker full disk encryption using the laptop's TPM as the key protector and back up recovery keys to Active Directory.
Set BIOS power-on passwords and disable external boot media in firmware settings.
Encrypt each user's profile with Encrypting File System (EFS) and store the EFS recovery certificates on a network share.
Enabling BitLocker with a Trusted Platform Module (TPM) protector provides full disk encryption that automatically unlocks the drive only when the TPM verifies the system's integrity, so users are not prompted for a pre-boot password. BitLocker can escrow recovery keys to Active Directory, allowing the help-desk to recover or invalidate keys remotely if a laptop is lost. Encrypting only user folders with EFS protects individual files but leaves system files and swap space unprotected. BIOS passwords add a barrier to boot but offer no encryption. Manual file-level encryption tools rely on users to identify files and do not support centralized key escrow. Therefore, TPM-backed BitLocker with AD key storage is the only option that satisfies all stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is BitLocker and how does it work?
Open an interactive chat with Bash
What is a Trusted Platform Module (TPM)?
Open an interactive chat with Bash
How does Active Directory support key escrow?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .