Securing Windows Server 2016 — Question 154

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1.
You implement the Host Guardian Service (HGS) configured for admin-trusted attestation.
You install the Hyper-V server role on Server1.
You need to add Server1 to the guarded hosts.
What should you do?

Answer options

• A. On Server1, install the Host Guardian Hyper-V Support feature and a computer certificate from a trusted certification authority (CA).
• B. On Server1, install the Device Health Attestation server role and a computer certificate from a trusted certification authority (CA).
• C. Install the Host Guardian Hyper-V Support feature on Server1 and add Server1 to a domain security group.
• D. Install the Device Health Attestation server role on Server1 and add Server1 to a domain security group.

Correct answer: C

Explanation

The correct answer is C because installing the Host Guardian Hyper-V Support feature on Server1 and adding it to a domain security group is necessary to allow it to be recognized as a guarded host. Options A and B incorrectly suggest installing features that are not required for adding to guarded hosts, while option D involves the incorrect server role and does not meet the criteria for HGS.