Regarding the previous comment ...
" If noone can authenticate past the Pre-Boot AUth screen, then the disk cannot be unlocked."
-- This is not true. There is a helpdesk recovery option. So, if the machine has checked in with the Endpoint Encryption Server, you can select helpdesk recovery... The user will have to read a "question" key, and then the person at the helpdesk inputs that.. and reads a "response" key that the user enters. This will unlock the machine.
Your question (#3) regarding OTP is a bit confusing. Symantec Endpoint Encryption does not have any e-mail functions.
If you are asking about a key that can be used to unlock the machine, yes... the helpdesk recovery feature has an offline mode. It will work without an internet connection.