You plan to enable Credential Guard on four servers. Credential Guard secrets will be bound to the TPM The servers run Windows Server 201 & and are configured as shown in the following table.
You need to identify which server you must modify to support the planned implementation
Which server should you identify?
A. Server1
B. Server2
C. Server3
D. Server4
Agree with C, Hyper Visor is needed to shield the memory for credential guard to work properly.
given answer D. Server4 is correct.
B: UEFI 2.3.1 < reqired minimum of 2.3.1.c
Agree with C answer. In last builds Hyper-V is not required and enabled by default
K is correct, the correct answer is C.
Defender Credential Guard uses:
-Support for Virtualization-based security (required)
-Secure boot (required)
-TPM 2.0 either discrete or firmware (preferred – provides binding to hardware)
-UEFI lock (preferred – prevents an attacker from disabling with a simple registry key change)
Not C because : hypervisor installed : None
Maybe A because : TPM 1.2 or 2.0, either discrete or firmware (preferred – provides binding to hardware)
Incorrect, answer should be C, one of requirements Windows hypervisor
https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-requirements
Windows Defender Credential Guard uses:
Support for Virtualization-based security (required)
Secure boot (required)
TPM 1.2 or 2.0, either discrete or firmware (preferred – provides binding to hardware)
UEFI lock (preferred – prevents attacker from disabling with a simple registry key change) 2.3.1.c or higher
The Virtualization-based security requires:
64-bit CPU
CPU virtualization extensions plus extended page tables
Windows hypervisor