You deploy the Host Guardian Service (HGS).
You have several Hyper-V that have older hardware and Trusted Platform Modules (TPMs) version 1.2.
You discover that the Hyper-V hosts cannot start shielded virtual machines.
You need to configure HGS to ensure that the older Hyper-V hosts can host shielded virtual machines.
What should you do?
A. Run the Set-HgsServer cmdlet and specify the -TrustActiveDirectory parameter.
B. Run the Clear-HgsServer cmdlet and specify the -Clustername parameter.
C. Run the Clear-HgsServer cmdlet and specify the -Force parameter.
D. Run the Set-HgsServer cmdlet and specify the -TrustTpm parameter.
A is correct:
https://davidfleming.org/deploy-and-configure-the-host-guardian-service/
It is not possible to enable older Hyper-V hosts to run Shielded virtual machines
Requirements and Limitations
There are several requirements for using Shielded VMs and the HGS:
One bare metal host: You can deploy the Shielded VMs and the HGS with just one host. However, Microsoft recommends that you cluster HGS for high availability.
Windows Server 2016 Datacenter Edition: The ability to create and run Shielded VMs and the HGS is only supported by Windows Server 2016 Datacenter Edition.
For Admin-trusted attestation mode: You only need to have server hardware capable of running Hyper-V in Windows Server 2016 TP5 or higher.
For TPM-trusted attestation: Your servers must have TPM 2.0 and UEFI 2.3.1 and they must boot in UEFI mode. The hosts must also have secure boot enabled.
Hyper-V role: Must be installed on the guarded host.
HGS Role: Must be added to a physical host.
Generation 2 VMs.
A fabric AD domain.
An HGS AD, which in Windows Server 2016 TP5 is a separate AD infrastructure from your fabric AD.
Answer A is correct
I am not agree. Answer A is correct, you can use HGS with Admin trusted authentification without TPM or old module version.
Answer: E
Explanation
Requirements and LimitationsThere are several requirements for using Shielded VMs and the
HGS:One bare metal host: You can deploy the Shielded VMs and the HGS with just one host.
However, Microsoftrecommends that you cluster HGS for high availability.Windows Server 2016
Datacenter Edition: The ability to create and run Shielded VMs and the HGS is onlysupported by
Windows Server 2016 DatacenterEdition.For Admin-trusted attestation mode: You only need to have
server hardware capable of running Hyper-V in Windows Server 2016 TP5 or higher.For TPM-trusted
attestation: Your servers must have TPM 2.0 and UEFI
2.3.1 and they must boot in UEFImode. The hosts must also have secure boot enabled.Hyper-V role:
Must be installed on the guarded host.HGS Role: Must be added to a physical host.Generation 2
VMs.A fabric AD domain.An HGS AD, which in Windows Server 2016 TP5 is a separate AD
infrastructure from your fabric AD.
E. It is not possible to enable older Hyper-V hosts to run Shielded virtual machines