You need to prevent App1 from running on Computer1

Your network contains an Active Directory domain named contoso.com. You have a Group Policy object (GPO) named GP1 that is linked to the domain.GP1
contains a software restriction policy that blocks an application named App1.
You have a workgroup computer named Computer1 that runs Windows 8.A local Group Policy on Computer1 contains an application control policy that allows
App1.
You join Computer1 to the domain.
You need to prevent App1 from running on Computer1.
What should you do?

Your network contains an Active Directory domain named contoso.com. You have a Group Policy object (GPO) named GP1 that is linked to the domain.GP1
contains a software restriction policy that blocks an application named App1.
You have a workgroup computer named Computer1 that runs Windows 8.A local Group Policy on Computer1 contains an application control policy that allows
App1.
You join Computer1 to the domain.
You need to prevent App1 from running on Computer1.
What should you do?

A.
FromComputer1, run gpupdate /force.

B.
From Group Policy Management, add an application control policy to GP1.

C.
From Group Policy Management, enable the Enforced option on GP1.

D.
In the local Group Policy of Computer1, configure a software restriction policy.

← Previous question

Next question →

Leave a Reply 8

Oleg

Why not A?
“GP1 contains a software restriction policy that blocks an application named App1.”

Reply

zzz

In my opinion A will be correct

Reply

Jacky

The answer is A.

Reply

Jacky

From: http://www.aiotestking.com/microsoft/you-need-to-prevent-app1-from-running-on-computer1/

mvilar
May 8, 2014 at 3:59 pm

The precedence is correct:
1. Local
2. Site
3. Domain
4. OU

But, the last policy wins.
So, the Policy in the OU always rewrites the previously configurations (Doamin, Site and Local).
For this reason the answer is .
http://blogs.technet.com/b/musings_of_a_technical_tam/archive/2012/02/15/understanding-the-structure-of-a-group-policy-object-part-2.aspx

Reply

Jacky

Sorry. The correct answer is B.

Reply

Jacky

The answer is C.

After the Computer1 joined the domain, the non-local GPO settings overwrite the local GPO settings if there are conflicting issues. That means GP1 will apply on Computer1.

There is no need to add “application control policy” to GP1 because GP1 ALREADY has “software restriction policy that blocks App1”.

Therefore, the only thing we need to do is to ensure that GP1 is “Enabled” in order to take effect.

In Group Policy Management:

– Right-click on GP1,

– Select “GPO Status” on the context menu,

– Select “Enabled” option.

That is why the answer is C.

Reply

blaze13541

C does not refer to enabling the GPO it is saying enforce which should not be necessary because the policy is already being applied. the answer is A because once the machine has been added to the domain you have to either reboot or run gpupdate /force to apply the GPOs from the network.

Reply

Espide

I believe the answer is B.

You should use AppLocker ( Application control policy ) instead of SRP if the client systems are running windows 7 or later.

Reply