Apple Certified Support Professional Practice Test

The role of Mobile Device Management (MDM) in relation to FileVault recovery keys primarily revolves around managing and potentially rotating those keys for enhanced security. When a Mac is configured with FileVault, it encrypts the entire startup disk, and recovery keys are essential for gaining access if a user forgets their password or encounters issues.

With MDM, administrators have the capability to control these recovery keys. This includes not only the ability to manage them but also to periodically rotate them, which helps ensure that the keys remain secure over time and limit the risk associated with the potential compromise of any static key. The ability to do this through MDM provides an important safeguard for securing sensitive data, making it a key feature in managing the security compliance of devices within an organizational network.

The other options do not accurately capture the specific functionality of MDM regarding FileVault recovery keys: encryption of files on the device is handled by FileVault itself, keeping backup copies does not provide the same level of security management, and scanning for viruses is a different function that does not relate to the management of encryption keys.