Lesson 12: Manage FileVault Flashcards
• Describe how FileVault helps protect data. • Enable FileVault protection. • Describe how to regain access to a FileVault-protected Mac when all local user account passwords are lost.
How does FileVault protect user data?
FileVault encrypts the startup volume to protect user data.
What are the differences between full-system encryption and full-disk encryption and the way that FileVault performs with each?
The difference between full-system encryption and full-disk encryption and the FileVault requirements include:
Full-System Encryption: Used in Mac computers with a T2 chip
Full-system encryption is automatic and integrates the function of several controllers that other Mac computers use.
In this case, FileVault should be turned on for additional security, because without FileVault enabled, your encrypted SSDs will automatically mount and decrypt when connected to your Mac.
Full-Disk Encryption: Used in Mac computers without a T2 chip
FileVault uses full-disk encryption to help prevent unauthorized access to the information on your startup disk.
FileVault performs the encryption at the file system driver level of macOS.
How can you turn on FileVault if you didn’t turn it on when you were prompted by Setup Assistant?
You can turn on FileVault at any time from Security & Privacy preferences.
What are the two ways you can save the FileVault recovery key when you enable FileVault in Security & Privacy preferences?
FileVault Recovery offers two ways to recover passwords if FileVault passwords are lost:
- Use your Apple ID to unlock the FileVault volume and reset your password. This generates a random FileVault recovery key and saves it to your iCloud account on Apple servers.
- Record the key that FileVault randomly generates. You must keep the key letters and numbers somewhere safe and not on your encrypted startup disk.