The network contains an Active Directory domain named contoso.com. The domain contains the servers
configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10 and are domain members.
All laptops are protected by using BitLocker Drive Encryption (BitLocker).
You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.
An OU named OU2 contains the computer accounts of the computers in the marketing department.
A Group Policy object (GPO) named GP1 is linked to OU1.
A GPO named GP2 is linked to OU2.
All computers receive updates from Server1.
You create an update rule named Update1.
You need to implement BitLocker Network Unlock for all of the laptops.
Which server role should you deploy to the network?
A.
Network Controller
B.
Windows Deployment Services
C.
Host Guardian Service
D.
Device Heath Attestation
Explanation:
https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-how-to-enable-network-unlock
Network Unlock core requirements
Network Unlock must meet mandatory hardware and software requirements before the feature can
automatically unlock domain joined systems. These
requirements include:
You must be running at least Windows 8 or Windows Server 2012.
Any supported operating system with UEFI DHCP drivers can be Network Unlock clients.
A server running the Windows Deployment Services (WDS) role on any supported server operating
system.
BitLocker Network Unlock optional feature installed on any supported server operating system.
A DHCP server, separate from the WDS server.
Properly configured public/private key pairing.
Network Unlock Group Policy settings configured.