Your network contains one Active Directory domain named contoso.com. The domain contains a server
named Server01 that runs Windows Server 2012 R2. Server01 does not have a Trusted Platform Module
You need to ensure that you can enable BitLocker Drive Encryption (BitLocker) on the operating system
Which Group Policy setting should you configure?
A. Allow network unlock at startup.
B. Enforce drive encryption type on operating system drives.
C. Allow enhanced PINs for startup.
D. Require additional authentication at startup.
To make use of BitLocker on a drive without TPM, you should run the gpedit.msc command. You must then
access the Require additional authentication at startup setting by navigating to Computer Configuration
\Administrative Templates\Windows Components\Bit Locker Drive Encryption\Operating System Drives
under Local Computer Policy.