Lesson 10 - Manage FileVault

Question 1

How does FileVault protect user data?

Answer 1

FileVault protects the entire system volume and all its data by using strong XTS-AES 128 encryption. During system startup, a user must enter a password to decrypt the system volume.

Question 2

What are the system requirements for using FileVault?

Answer 2

To enable FileVault, Mac computers must have the hidden macOS Recovery HD volume on the system disk. Also, any Legacy FileVault accounts must be decrypted and returned to normal accounts before FileVault can be enabled.

Question 3

Which users are allowed to unlock a FileVault-protected system?

Answer 3

Any user who’s FileVault enabled can unlock a FileVault-protected system. This includes any local or cached network user account that was enabled when FileVault 2 was set up or created after FileVault 2 was enabled. Also, administrators may return to Security & Privacy preferences to enable additional accounts.

Question 4

What are the two ways you can save the FileVault recovery key when you enable FileVault in Security & Privacy preferences?

Answer 4

When you enable FileVault in the Security & Privacy preferences, you can either manually save the FileVault recovery key using your own devices, or you can save the recovery key on Apple’s servers through an iCloud account.

Question 5

How can you unlock a Mac protected by FileVault when all users have lost their passwords?

Answer 5

Use the recovery key that was generated during the FileVault setup process to unlock a FileVault-protected Mac. Use the recovery key during system Mac startup to reset the user’s account password.