You deploy the Host Guardian Service (HGS).
You have several Hyper-V hosts that have older hardware and Trusted Platform Modules (TPMs) version 1.2.
You discover that the Hyper-V hosts cannot start shielded virtual machines.
You need to configure HGS to ensure that the older Hyper-V hosts can host shielded virtual machines.What should you do?
A.
Run the Set-HgsServer cmdlet and specify the -TrustTpm parameter.
B.
Run the Set-HgsServer cmdlet and specify the -TrustActiveDirectory parameter.
C.
Run the Clear-HgsServer cmdlet and specify the -Clustername parameter
D.
Run the Clear-HgsServer cmdlet and specify the -Force parameter.
E.
It is not possible to enable older Hyper-V hosts to run Shielded virtual machines
Explanation:
Requirements and Limitations
There are several requirements for using Shielded VMs and the HGS:
One bare metal host: You can deploy the Shielded VMs and the HGS with just one host. However, Microsoft
recommends that you cluster HGS for high availability.
Windows Server 2016 Datacenter Edition: The ability to create and run Shielded VMs and the HGS is only
supported by Windows Server 2016 Datacenter
Edition.
For Admin-trusted attestation mode: You only need to have server hardware capable of running Hyper-V in
Windows Server 2016 TP5 or higher.
For TPM-trusted attestation: Your servers must have TPM 2.0 and UEFI 2.3.1 and they must boot in UEFI
mode. The hosts must also have secure boot enabled.
Hyper-V role: Must be installed on the guarded host.
HGS Role: Must be added to a physical host.
Generation 2 VMs.
A fabric AD domain.
An HGS AD, which in Windows Server 2016 TP5 is a separate AD infrastructure from your fabric AD.