You want to encrypt a hard drive and prevent laptops from booting without a special USB drive. What should you implement?

Implementing BitLocker with a Trusted Platform Module (TPM) is the correct choice for encrypting a hard drive and ensuring that laptops cannot boot without a special USB drive. BitLocker is a full disk encryption feature that provides security for the entire operating system and data stored on the drive.

The inclusion of a TPM enhances this security by storing the encryption keys securely and verifying the integrity of the system at startup. When combined with additional measures, such as requiring a USB drive for booting, it effectively prevents unauthorized access. If the system's integrity is compromised (for example, if the computer is tampered with or if there are unauthorized changes), BitLocker with TPM will prevent the boot process, ensuring that only authorized users can access the system.

In contrast, the other options primarily focus on user file encryption without the comprehensive protection that full disk encryption offers. Encrypting user files with EFS (Encrypting File System) does not prevent unauthorized users from booting the operating system or accessing other unencrypted parts of the drive. Therefore, while EFS is suitable for protecting specific files, it does not provide the same level of security and device integrity as using BitLocker with a TPM. Implementing BitLocker without a TPM also offers encryption, but