ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company must ensure that every domain-joined Windows 10 laptop meets a new regulation that requires full-disk encryption. The solution has to encrypt the system volume, leverage the built-in TPM 2.0 for transparent pre-boot integrity checks, automatically escrow recovery keys to Active Directory, and require no extra software or user input at startup. Which Windows feature and deployment option best satisfies these requirements?
Deploy Windows Defender Device Guard with Credential Guard to harden code integrity and protect credentials.
Enable BitLocker Drive Encryption in TPM-only (transparent operation) mode and configure Group Policy to store recovery keys in Active Directory.
Enforce IPsec tunnel mode with machine certificates to secure all endpoint traffic.
Apply Encrypting File System (EFS) to user profiles and distribute user certificates through Group Policy.
BitLocker Drive Encryption is Microsoft's native full-disk encryption technology for Windows. When configured in TPM-only (transparent operation) mode, the TPM releases the Volume Master Key only after successful boot-time integrity checks, so users are not prompted for a PIN or password. Group Policy can enable automatic backup of BitLocker recovery keys to the computer object in Active Directory, providing centralized key escrow without third-party tools. Encrypting File System secures individual files rather than whole drives, IPsec protects data in transit, and Windows Defender Device Guard focuses on code integrity and credential protection, not disk encryption. Therefore, only BitLocker with TPM-based transparent operation and AD key escrow meets all stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is BitLocker Drive Encryption?
Open an interactive chat with Bash
What is TPM (Trusted Platform Module) and how does it support BitLocker?
Open an interactive chat with Bash
What are the advantages of using Active Directory to store recovery keys for BitLocker?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .