Securing Windows Server 2016 — Question 138

You deploy the Host Guardian Service (HGS).
You have several Hyper-V that have older hardware and Trusted Platform Modules (TPMs) version 1.2.
You discover that the Hyper-V hosts cannot start shielded virtual machines.
You need to configure HGS to ensure that the older Hyper-V hosts can host shielded virtual machines.
What should you do?

Answer options

• A. Run the Set-HgsServer cmdlet and specify the ""TrustActiveDirectory parameter.
• B. Run the Clear-HgsServer cmdlet and specify the ""Clustername parameter.
• C. Run the Clear-HgsServer cmdlet and specify the ""Force parameter.
• D. Run the Set-HgsServer cmdlet and specify the ""TrustTpm parameter.

Correct answer: A

Explanation

The correct answer is A because using the Set-HgsServer cmdlet with the TrustActiveDirectory parameter allows HGS to trust the Active Directory for authentication, which is necessary for older Hyper-V hosts with TPM 1.2 to properly host shielded VMs. The other options do not address the trust requirements for Active Directory or the configuration needed for the older TPM version.