A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1 and are members of the domain. Client computers maintain a list of sites in the Internet Explorer Restricted Sites security zone.
Users of one client computer are able to download and install an application from a site within the Restricted Sites zone.
You need to ensure that users of the computer can install applications only from sites that are not in the Restricted Sites zone.
What should you do?
A. Run the Set-ExecutionPolicy Windows PowerShell cmdlet.
B. Configure the Software Restriction Policy settings in the local Group Policy of the computer.
C. Add the blocked application as a software restriction policy to the GPO that configures AppLocker.
D. Run the Cet-AppLockerPolicy Windows PowerShell cmdlet.
E. Add the blocked application as an additional AppLocker rule to the GPO that configures AppLocker.
Correct Answer: B
Explanation/Reference:
Explanation:
Only Software Restriction policy allows for the control of applications from a network zone; AppLocker does not.
Further information:
http://technet.microsoft.com/en-us/library/ee176961.aspx
Using the Set-ExecutionPolicy Cmdlet
The Set-ExecutionPolicy cmdlet enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer.
http://technet.microsoft.com/en-us/library/ee460964.aspx
Get-AppLockerPolicy
Gets the local, effective, or domain AppLocker policy.
http://technet.microsoft.com/en-us/library/dd723678%28v=ws.10%29.aspx AppLocker
You can use AppLocker as part of your overall security strategy for the following scenarios:
Help prevent malicious software (malware) and unsupported applications from affecting computers in your environment.
Prevent users from installing and using unauthorized applications. Implement application control policy to satisfy security policy or compliance requirements in your organization.
http://technet.microsoft.com/en-us/library/ee619725%28v=ws.10%29.aspx#BKMK_WhatisAppLocker AppLocker: Frequently Asked Questions
…
Understanding AppLocker - What is AppLocker?
AppLocker is a feature in Windows Server 2012, Windows Server 2008 R2, Windows 8, and Windows 7 that advances the functionality of the Software Restriction Policies feature.
In Windows Server 2008 R2 and Windows 7, you can manage four types of files: executable (.exe), Windows Installer (.msi and .msp), script (.bat, .cmd, .js, .ps1, and .vbs), and DLL (.dll and .ocx). Each of these file types is managed in its own rule collection.
In Windows Server 2012 and Windows 8, in addition to the file types, you can manage .mst and .appx files with AppLocker.
