ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-744 All Questions

View all questions & answers for the 70-744 exam
Go to Exam

Exam 70-744 topic 1 question 152 discussion

Actual exam question from Microsoft's 70-744
Question #: 152
Topic #: 1
[All 70-744 Questions]

You have a guarded fabric that consists of the servers shown in the following table.

You need to ensure that you can start the shielded virtual machines on the Hyper-V hosts if the Hyper-V hosts cannot connect to the HGS.
What should you do?

  • A. On Server1, run Set-HgsKeyProtectionConfiguration.
  • B. On Server1, Server2, and Server3, configure admin-trusted attestation.
  • C. On Server1, run Set-HgsKeyProtectionAttestationSignerCertificatePolicy.
  • D. On Server4, and Server5, disable the heartbeat integration service on the shielded virtual machines.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
References:
https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-admin-trusted-attestation-creating-a-security-group
by hkshado at Sept. 2, 2020, 6:50 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
c3r3br4l
4 years, 3 months ago
It looks like offline mode and fallback mode are new features of server 2019, so the given answer of setting it to admin trusted may be the only way to do it in server 2016 https://docs.microsoft.com/en-us/windows-insider/archive/new-in-rs5-server
upvoted 2 times
...
SamsOtro
4 years, 5 months ago
Agree with A https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-manage-branch-office
upvoted 1 times
...
hkshado
4 years, 8 months ago
According to the provided link https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-confirm-hosts-can-attest-successfully Offline mode allows your shielded VM to turn on when HGS cannot be reached, so long as the security configuration of your Hyper-V host has not changed. Offline mode works by caching a special version of the VM TPM key protector on the Hyper-V host. To enable support for offline mode, run the following command on an HGS node: Set-HgsKeyProtectionConfiguration -AllowKeyMaterialCaching:$true Therefore, the answer should be A
upvoted 4 times
KidCastaldo
4 years, 6 months ago
Agree Answer is A... https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-manage-branch-office
upvoted 1 times
expert_ms
4 years, 5 months ago
Kid, Applies to: Windows Server 2019, Windows Server
upvoted 1 times
...
expert_ms
4 years, 5 months ago
sorry, i'm wrong: "To use the fallback option, you'll need to set up two HGS servers. They can run Windows Server 2019 or Windows Server 2016 and either be part of the same or different clusters." In new versions Win Server 2016 as it appears it will works...
upvoted 1 times
...
...
[Removed]
4 years, 7 months ago
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016. this will be a tricky question
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago