The network contains an Active Directory domain named contoso.com. The domain contains the servers
configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10 and are domain members.
All laptops are protected by using BitLocker Drive Encryption (BitLocker).
You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.
An OU named OU2 contains the computer accounts of the computers in the marketing department.
A Group Policy object (GPO) named GP1 is linked to OU1.
A GPO named GP2 is linked to OU2.
All computers receive updates from Server1.
You create an update rule named Update1.
You need to ensure that AppLocker rules will apply to the marketing department computers. What should you
do?

A.
From the properties of OU2, modify the Security settings.

B.
In GP2, configure the Startup type for the Application Identity service.

C.
From the properties of OU2, modify the COM+ partition Set

D.
In GP2, configure the Startup type for the Application Management service.

Explanation:
https://docs.microsoft.com/en-us/windows/device-security/applocker/configure-the-application-identity-service
Because AppLocker uses this service “Application Identity” to verify the attributes of a file, you must configure it
to start automatically in at least one Group Policy
object (GPO) that applies AppLocker rules.