Apple Deployment and Management Certification Exam DEP-2025 Question # 38 Topic 4 Discussion
DEP-2025 Exam Topic 4 Question 38 Discussion:
Question #: 38
Topic #: 4
A user forgot their password for their organization-owned Mac. Their Mac has FileVault turned on, and the key is escrowed to the MDM solution. What can the user use in macOS Recovery to reset their password?
When FileVault is enabled, the encryption of the disk is tied to either user credentials or recovery keys. Apple documentation explains that thePersonal Recovery Key (PRK)is unique to each device and can be escrowed to the MDM solution. If a user forgets their password, the IT admin retrieves the PRK from the MDM and provides it to the user. In macOS Recovery, the PRK can then be used to unlock the disk and reset the account password. Institutional recovery keys exist for organizations but require certificate infrastructure and are less common in MDM workflows.
[References:Apple Platform Security — “FileVault recovery keys”; Apple Platform Deployment — “Escrow recovery keys with MDM.”, , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit