HGS test questions

    דיון כללי

  • Hello!

    Your network contains an Active Directory forest named
    The forest functional level is Windows Server 2012. The forest contains a single domain. The domain contains multiple Hyper-V hosts. You plan to deploy guarded hosts.
    You deploy a new server named Server22 to a workgroup.
    You need to configure Server22 as a Host Guardian Service server.
    What should you do before you initialize the Host Guardian Service on Server22?

    A. Install the Active Directory Domain Services server role on Server22.

    B. Join Server22 to the domain.

    C. Raise the forest functional level.

    D. Obtain a certificate.

    Q1: Would anybody explain why the correct answer is B??? The article that is to be the answer says the following:

    Choose the installation option that best suits your environment:

    - it says that HGS service can be deployed in the existing BASTION forest, NOT in the PRODUCTION forest as this question implies (The forest contains a single domain.) If we choose B it means the HGS server will be joined to the same domain where the guarded hosts exist - is it the possible configuration???

    Q2: Should I really want to deploy HGS to an EXISTING BASTION forest what forest/domain functional level it should have? - The article above says nothing about it, only that HGS server itself must be WinServer 2016.

    Q3: Regarding the question: I think it does not have the correct answer because if you have a single forest/domain (which is the tenant/production domain) and have a server for the HGS service the ONLY option is to deploy the HGS on this server. According to MS documentation this server will become the new domain controller in the new HGS forest, after that it can be initialized either in the TPM or AD mode. Please correct me if I'm wrong.

    Thank you in advance,

    • נערך על-ידי MF47 יום חמישי 17 מאי 2018 13:58
    יום חמישי 17 מאי 2018 13:52