Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You create and enforce the default AppLocker executable rules.
Users report that they can no longer execute a legacy application installed in the root of drive C.
You need to ensure that the users can execute the legacy application.
What should you do?
A.
Create a new rule.
B.
Delete an existing rule.
C.
Modify the action of the existing rules.
D.
Add an exception to the existing rules.
A. Create a new rule
The answer should be D. Add an exception to the existing rules.
Page 354 of the book “740-410 Exam Ref. Installing and Configuring ….”:
In addition to creating rules automatically, you can do it manually by using a wizard-based
interface you activate by selecting Create New Rule from the shortcut menu for one of the
rule containers.
The wizard prompts you for the following information:
■■ Action Specifes whether you want to allow or deny the user or group access to the
resource. In AppLocker, explicit deny rules always override allow rules.
■■ User Or Group Specifes the name of the user or group to which the policy should
apply.
■■ Conditions Specifes whether you want to create a publisher, path, or fle hash rule.
The wizard generates an additional page for whichever option you select, enabling you
to confgure its parameters.
■■ Exceptions Enables you to specify exceptions to the rule you are creating by using
any of the three conditions: publisher, path, or fle hash.
A is correct. Applocker runs default in “whitelist” mode.
https://www.simple-talk.com/sysadmin/general/eliminating-viruses-with-uac-and-applocker/