Lesson 12: Manage FileVault Flashcards
• Describe how FileVault helps protect data. • Enable FileVault protection. • Describe how to regain access to a FileVault-protected Mac when all local user account passwords are lost.
How does FileVault protect user data?
FileVault encrypts the APFS Data volume portion of the built-in startup disk.
What do Mac computers with Apple silicon and Intel-based Mac computers with the T2 chip use to encrypt data on built-in storage?
Mac computers with Apple silicon and Intel-based Mac computers with the Apple T2 Security Chip use the built-in hardware-accelerated Advanced Encryption Standard (AES) engine to encrypt data on the built-in storage for your Mac.
These Mac computers encrypt data with 256-bit encryption keys that are tied to the chip’s unique identifier.
FileVault should be turned on for additional security.
What do Intel-based Mac computers without the T2 chip use to encrypt data on built-in storage?
Intel-based Mac computers without the T2 chip use XTS-AES-128 encryption with a 256-bit key to help prevent unauthorized access to the information on your startup disk.
FileVault performs the encryption at the file-system driver level of macOS.
How can you turn on FileVault if you didn’t do so in Setup Assistant?
You can turn on FileVault at any time from the Security & Privacy preferences.
What are the two ways you can save the FileVault recovery key when you enable FileVault in Security & Privacy preferences?
If you lose a FileVault password, FileVault Recovery offers two ways to recover it:
- Use your Apple ID to unlock the FileVault volume and reset your password. (This action generates a random FileVault recovery key and saves it to your iCloud account on Apple servers.)
- Record the key that FileVault randomly generates. (You must keep the key letters and numbers somewhere safe and not on your encrypted startup disk.)
