Which Windows feature encrypts an entire drive and requires a TPM chip or USB startup key?

  1. Windows Defender
  2. NTFS Permissions
  3. BitLocker ✓
  4. EFS (Encrypting File System)

Correct answer: BitLocker

Option C is correct because BitLocker is the Windows full-volume encryption feature that encrypts entire drives and uses a TPM chip to seal the encryption keys, or alternatively a USB startup key when no TPM is present, protecting data at rest if a device is lost or stolen. Option A is incorrect because Windows Defender is an antimalware and endpoint protection tool that does not provide drive encryption. Option B is incorrect because NTFS Permissions control access to files and folders at the operating system level but do not encrypt the data on disk, leaving it readable if the drive is removed. Option D is incorrect because EFS (Encrypting File System) encrypts individual files and folders at the file system level but does not encrypt the entire drive, and it does not require a TPM or USB startup key.

Topic: · bitlocker, full disk encryption, tpm, windows security

Practice CompTIA A+ Core 2 (220-1102) Questions Free