Apple Device Support Exam (SUP-2025) Apple-Device-Support Question # 60 Topic 7 Discussion

Apple-Device-Support Exam Topic 7 Question 60 Discussion:

Question #: 60

Topic #: 7

Select Three.
In MacOS on APFS volumes, when are FileVault encryption keys generated?

When a user is deleted

During the first login by a user on the Mac

When a user turns on FileVault

Setting the first user's password

During user creation

Get Premium Apple-Device-Support Questions

Explanation

FileVault is a feature that encrypts the entire APFS volume on a Mac using the AES-XTS data encryption algorithm. FileVault encryption keys are generated at different times depending on the scenario. According to the Apple Support documents12, FileVault encryption keys are generated in the following situations:

During the first login by a user on the Mac: This happens when FileVault is turned on during the initial Setup Assistant process. The user’s password and the hardware UID are used to protect the class key, which wraps the volume encryption key. The user’s password is also usedto generate a personal recovery key, which can be used to unlock the volume if the user forgets their password or their account is deleted.

When a user turns on FileVault: This happens when FileVault is turned on later from the System Settings. The user’s password and the hardware UID are used to protect the class key, which wraps the volume encryption key. The user’s password is also used to generate a personal recovery key, which can be used to unlock the volume if the user forgets their password or their account is deleted. An anti-replay mechanism prevents the old key (based on hardware UID only) from being used to decrypt the volume.

During user creation: This happens when a new user is added to the Mac after FileVault is turned on. The new user’s password and the hardware UID are used to protect the class key, which wraps the volume encryption key. The new user’s password is also used to generate a personal recovery key, which can be used to unlock the volume if the user forgets their password or their account is deleted.

The other options are not correct because FileVault encryption keys are not generated in those situations. When a user is deleted, their FileVault encryption key is removed from the Mac, but the volume encryption key remains the same. Setting the first user’s password does not generate FileVault encryption keys unless FileVault is turned on during the Setup Assistant process or later from the System Settings. References: Intro to FileVault - Apple Support, Volume encryption with FileVault in macOS - Apple Support

Actual exam question for Apple Apple-Device-Support exam by Lumen3120 at Aug 2, 2025, 12:00:00 AM

Contribute your Thoughts:

Chosen Answer: A B C D E
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Apple Device Support Exam (SUP-2025) Apple-Device-Support Question # 60 Topic 7 Discussion

Apple Device Support Exam (SUP-2025) Apple-Device-Support Question # 60 Topic 7 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Apple Device Support Exam (SUP-2025) Apple-Device-Support Question # 60 Topic 7 Discussion

Apple Device Support Exam (SUP-2025) Apple-Device-Support Question # 60 Topic 7 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval