You have the Windows Server 2016 operating system images as described in the answer choices.
Your company’s security policy states that you must minimize the attack surface when provisioning new
servers.
You need to deploy a Host Guardian Service cluster. Which image should you use for the deployment?
A.
A Nano Server that runs the Standard edition of Windows Server
B.
A Server Core installation that runs the Datacenter edition of Windows Server
C.
A Full installation that runs the Standard edition of Windows Server
D.
A Nano Server that runs the Datacenter edition of Windows Server
Explanation:
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabricprepare-for-hgs
Prerequisites
Hardware: HGS can be run on physical or virtual machines, but physical machines are recommended.
If you want to run HGS as a three-node physical cluster (for availability), you must have three physical servers.
(As a best practice for clustering, the three servers
should have very similar hardware.)
Operating system: Windows Server 2016, Standard or Datacenter edition. <—- so you cannot use
Server Core or Nano Server for running Host
Guardian Service.
Server Roles: Host Guardian Service and supporting server roles.
Configuration permissions/privileges for the fabric (host) domain: You will need to configure DNS forwarding
between the fabric (host) domain and the HGS domain.
If you are using Admin-trusted attestation (AD mode), you will need to configure an Active Directory trust
between the fabric domain and the HGS domain.
The Correct Answer is B
As a security best practice, it is recommended that you use a dedicated physical machine running the Server Core installation option for HGS.
https://blogs.technet.microsoft.com/datacentersecurity/2016/03/16/windows-server-2016-and-host-guardian-service-for-shielded-vms/