Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. The forest contains a single domain.
The domain contains multiple Hyper-V hosts.
You plan to deploy guarded hosts.
You deploy a new server named Server22 to a workgroup.
You need to configure Server22 as a Host Guardian Service server.
What should you do before you initialize the Host Guardian Service on Server22?
A. Install the Active Directory Domain Services server role on Server22.
B. Obtain a certificate.
C. Raise the forest functional level.
D. Join Server22 to the domain.
ANSWER : B
https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-obtain-certs
I believe D join the domain is the correct answer. while Bastion forest might be a best practice it is not required. Requirement how ever is to be part of the domain.
The Answer is actually A, A does not create a new domain it only installs the feature so that you can create a new bastian AD forest when you install HGS
Notice in the article below the service is pre installed, but the server is still in a work group. Test it in your lab you will see.
https://techcommunity.microsoft.com/t5/data-center-security/step-by-step-configuring-the-host-guardian-service-in-windows/ba-p/372193
given answer D. Join Server22 to the domain. is correct.
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-choose-where-to-install-hgs
The only technical requirement for installing HGS in an existing forest is that it be added to the root domain; non-root domains are not supported.
Bonna is wrong, because ffl in prod forest is 2012. So we need new dedicated bastion forest, and we must install ADDS before initialize the Host Guardian Service. Answer is A
Wrong. The correct answer is D.
Explanation/Reference:
The only technical requirement for installing HGS in an existing forest is that it be added to the root domain; non-root domains are not supported.
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-choose-where-to-install-hgs
Wrong!!!!!
First needs to install the ADDS!!!