Home » Microsoft » 70-688 » What should you do?
You administer Windows 8.1 Pro tablets that are members of an Active Directory domain. Your company policy allows users to download and install only certain few Windows Store apps. You have created a new AppLocker Packaged Apps policy to help enforce the company policy. You need to test the new AppLocker Packaged Apps policy before you implement it for the entire company. What should you do?
A. Open PowerShell and run the Get-AppLockerPoIicy -Effective cmdlet to retrieve the AppLocker effective policy.
B. Open Group Policy Management console and run the Group Policy Modeling Wizard.
C. Open Group Policy Management console and run the Group Policy Results Wizard.
D. Open Group Policy Management console and enforce the new AppLocker policy in Audit Only mode.
Correct Answer: D
Explanation/Reference:
Step 1: Enable the Audit only enforcement setting
By using the Audit only enforcement setting, you can ensure that the AppLocker rules that you have created are properly configured for your organization. This setting can be enabled on the Enforcement tab of the AppLocker Properties dialog box.
Step 2: Configure the Application Identity service to start automatically
Step 3: Test the policy
Test the AppLocker policy to determine if your rule collection needs to be modified. Because you have created AppLocker rules, enabled the Application Identity service, and enabled the Audit only enforcement setting, the AppLocker policy should be present on all client computers that are configured to receive your AppLocker policy.
Reference: Test and Update an AppLocker Policy