I found the material in this chapter to be logically not overly complicated and still completely testable. So its worth really knowing this stuff
which should be too hard. This chapter is mostly enough to actually explain every thing going on with Application Restriction Policies. An important
note thats worth mentioning here is that you cannot use Applocker policies unless you are running 7 or newer clients and at a forrest funcitonal level
of at least 08R2. Well, the domain level might not have to be at that but you cant administer AppLocker policies to servers older than 2008 R2.
Please read the header for this post
regarding the answer key situation for these chapters.
1. Which of the following rule types apply only to Windows Installer packages?
A. Hash rules
B. Certificate rules
C. Internet Zone rules
D. Path rules
Answer: C, This is a miss print in the text as the text calls these Network zone rules and here it says internet. Not sure if there
is a difference. I found a video on the topic and while im not exactly sure what language they are speaking they are covering
the material in this chapter so its interesting none the less.
Any way you might also find this video interesting as it actually shows the verbiage “network” not “internet”, & it reminds me I should have not listened to the person that said hey
you should totally try server, you dont need to re-cert on a client after not touching one in a support role. Le sigh.
2. What is the file type used be the Windows Installer?
3. Which of the following is not one of the Default Security levels that can be used with a software restriction policy?
A. Basic user
4. As part of your efforts to deploy all new applications using GP, you discover that several of the applications you wish
to deploy do not include the necessary installer files. What can you use to deploy these applications?
A. Software restriction policy’s
B. MSI files
C. MDB files
D. ZAP files
Answer: D, the wording here is confusing as it doesnt describe the whole process involved with .zap files. you create a .zap file
in wordpad/notepad is what the text notes but how to create or what the file contains is left a mystery and there is
nothing readily available from a youtube search. However where youtube fails wikipedia
comes to the rescue.
5. Which of the following describes the mathematical equation that creates a digital “fingerprint” of a particular file?
A. Hash rule
B. Hash algorithm
C. Software restriction policy
D. Path rule
Answer: B, this is the equation A is the actual in practice tool.
6. Which of the following rules will allow or disallow a script or an MSI file to run on the basis of how the file has been signed?
A. Path rule
B. Hash rule
C. Network zone rule
D. Certificate rule
Answer: D, for more information this
TechNet article contains links about all of the above.
7. You want to deploy several software applications using Group Policy, such that the applications can be manually installed by the
users from the Add/Remove Programs applet in their local Control Panel. Which installation option should you select?
8. You have assigned several applications using GPOs. Users have complained that there is a delay when they double-click on the
application being installed in the background. What option can you use to pre-install assigned applications when users log on or
power on their computers?
A. Uninstall when the application falls out of scope
B. Install This Application At Logon
C. Advanced Installation Mode
D. Path rule
9. Which of the following Default Security Levels in Software Restriction Policies will disallow any executable from running that
has not been explicitly enabled by the active directory administrator?
A. Basic User
D. Power User
Well thats all for now, only one more chapter to read through and publish questions from. Ill probably end up going back through this one
and doing more questions. I feel like ive gotten more out of this material than any other book, which is possibly a result of the amount
of effort that I put into it. I also need to update the links to the tumblr site and take that down at some point in the near future.