Manage FileVault Flashcards
• Describe how FileVault helps protect data. • Enable FileVault protection. • Describe how to regain access to a FileVault-protected Mac when all local user account passwords are lost.
How does FileVault protect user data?
FileVault encrypts the startup volume to protect user data.
What are the differences between full-system encryption and full-disk encryption and the way that
FileVault performs with each?
The difference between full-system encryption and full-disk encryption and the FileVault requirements
for each are listed below:
• Full-System Encryption—Used in Mac computers with a T2 chip.
Full-system encryption is automatic and integrates the function of several controllers that other Mac
computers use. In this case, FileVault should be turned on for additional security, because without
FileVault enabled, your encrypted SSDs will automatically mount and decrypt when connected to
your Mac.
• Full-Disk Encryption—Used in Mac computers without a T2 chip.
FileVault uses full-disk encryption to help prevent unauthorized access to the information on your
startup disk. FileVault performs the encryption at the file system driver level of macOS.
How can you turn on FileVault if you didn’t turn it on when you were prompted by Setup Assistant?
You can turn on FileVault at any time from Security & Privacy preferences.
What are the two ways you can save the FileVault recovery key when you enable FileVault in Security &
Privacy preferences?
FileVault Recovery offers two ways to recover passwords if FileVault passwords are lost:
a. Use your Apple ID to unlock the FileVault volume and reset your password. This generates a random
FileVault recovery key and saves it to your iCloud account on Apple servers.
b. Record the key that FileVault randomly generates. You must keep the key letters and numbers
somewhere safe and not on your encrypted startup disk.
