Your network contains an Active Directory domain named contoso.com.
Computer accounts for the marketing department are in an organizational unit (OU) named Departments
\\Marketing\\Computers. User accounts for the marketing department are in an OU named Departments
\\Marketing\\Users.
Marketing users can only log on to the client computers in the Departments\\Marketing\\Computers OU.
You need to apply an application control policy to all of the marketing users.
Which Group Policy Object (GPO) should you configure?To answer, select the appropriate GPO in the answer area.
Hot Area:
Answer: 
Explanation:
http://technet.microsoft.com/en-us/library/cc781458(v=WS.10).aspx http://technet.microsoft.com/en-us/library/
hh967461.aspx http://technet.microsoft.com/en-us/library/ee461050.aspx http://technet.microsoft.com/en-us/
library/ee461044.aspx
The answer is GP04.
The sentence “Marketing users can only log on to the client computers in the Departments\Marketing\Computers OU.” is a DISTRACTION, a tricky information.
It’s GPO3. You can only configure that policy into computers, the problem is you have to set a filter for the group and that can lead you into a mistake.
If you take a look at a GPO and expand computer and user configuration sections you will discover that there are no Application Control Policies available in the user configuration section only the older Software Restriction Policies.
The true answer seem to be the GPO4, but why the answer of website is GPO3 ?
thanks for your reply ?