What should you do?

You support Windows 10 Enterprise computers that are members of an Active Directory domain. Your company policy defines the list of approved Windows Store apps that are allowed for download and installation.You have created a new AppLocker Packaged Apps policy to help enforce the company policy.You need to test the new AppLocker Packaged Apps policy before you implement it for the entire company.What should you do?You can test an AppLocker Packaged Apps policy by running it in audit mode.After AppLocker rules are created within the rule collection, you can configure the enforcement setting to Enforce rules or Audit only.When AppLocker policy enforcement is set to Enforce rules, rules are enforced for the rule collection and all events are audited. When AppLocker policy enforcement is set to Audit only, rules are only evaluated but all events generated from that evaluation are written to the AppLocker log.Incorrect Answers:B: The Group Policy Results Wizard is used to determine which group policy settings are applied to a user or computer object and the net results when multiple group policies are applied. The Group Policy Results Wizard is not used to test an AppLocker Packaged Apps policy.C: The Group Policy Modeling Wizard calculates the simulated net effect of group policies. Group Policy Modeling can also simulate such things as security group membership, WMI filter evaluation, and the effects of moving user or computer objects to a different Active Directory container. The Group Policy ModelingWizard is not used to test an AppLocker Packaged Apps policy.D: The Get-AppLockerPolicy -Effective command returns the effective AppLocker policy on the local computer. The effective policy is the merge of the localAppLocker policy and any applied domain policies on the local computer. The Get-AppLockerPolicy -Effective command is not used to test an AppLockerPackaged Apps policy.References:https://technet.microsoft.com/en-us/library/ee791796(v=ws.10).aspx

Question:

What should you do?

Options:

From Group Policy, enforce the new AppLocker policy in Audit Only mode.

From Group Policy, run the Group Policy Results Wizard.

From Group Policy, run the Group Policy Modeling Wizard.

From PowerShell, run the Get-AppLockerPolicy -Effective command to retrieve the AppLocker effective policy.

Correct Answer

The Correct Answer for this Question is

From Group Policy, enforce the new AppLocker policy in Audit Only mode.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *