Install anti$-$malware software on all computers.

Enable all real$-$time scanning $($shield$)$ options.

Update signature databases and software daily.

Perform a complete scan of all hard drives and solid state drives $($SSDs$)$ at least weekly.

Remove administrator rights from all normal users.

Apply software and OS security patches.

Block outbound network connections that are not required for your applications.

Automate as many backup operations as possible.

Export all encryption recovery keys to removable media and store the media in a safe place.

Use multifactor authentication when using BitLocker on OS volumes to increase volume security.

Use the strongest level of encryption that your situation allows for VPNs$.$

Never use Wired Equivalent Privacy $($WEP$)$ for wireless networks$$use only Wi$-$Fi Protected Access $($WPA$/$WPA$2/$WPA$3).$

Maintain current backups of all audit information so you can recover historical audit information in the case of a disaster.

Do not enable Read or List auditing on any object unless you really need the information.

Read$/$List access auditing can create a tremendous amount of information.

Do not enable Execute auditing on binary files except for administrative utilities that attackers commonly use. Do turn auditing on for these utilities to help monitor their use.

Limit enabling all auditing actions to files, folders, programs, and other resources that are important to your business functions.

Enable auditing for all change actions for your Windows install folder and any folders you use in normal business operation.

Audit all printer actions.

Ignore Read and Write actions for temporary folders but audit Change Permissions, Write Attributes, and Write Extended Attributes actions.

Develop Windows policies and Group Policy Objects $($GPOs$)$ that are as simple as possible and still satisfy your security policy.

Develop clear guidelines to evaluate each element of your security policy. Know what you will be looking for before you search through lots of audit data.

Define organizational units $($OUs$)$ that reflect your organization$$s functional structure.

Create OU GPOs for controls required in your security policy.

Use meaningful names for GPOs to make maintenance and administration easier.

Deploy GPOs in a test environment before deploying to your live environment.

Use security filtering and Windows Management Instrumentation $($WMI$)$ filters to restrict settings when necessary.

Back up your GPOs regularly.

Do not modify the default policies$$instead$,$ create new GPOs.

Use the Group Policy Settings Reference spreadsheets for more information on available GPO settings.

Acquire the Windows Server Security Compliance Management resource from Microsoft to help design, deploy, and monitor your server baselines.

Acquire the Windows $11$ Security Compliance Management resource from Microsoft to help design, deploy, and monitor your workstation baselines.

Use the Local Policy Tool $($LPT$)$ to automatically deploy recommendations from the Security Compliance Management toolkits.

According to above paragraph reply to the below question:

A firm uses BitLocker for volume encryption. Normally, BitLocker performs its task well. However, an administrator was recently forced to decrypt and encrypt the entire volume. What is the most likely reason the administrator took these actions?

Question $5$ options:

The BitLocker recovery information was not first placed in Active Directory Domain Services $($AD DS$).$

The BitLocker encryption recovery keys were not yet in a separate, safe location.

The BitLocker keys were compromised.

BitLocker was not protecting portable computers while in standby mode.