Your network contains an Active Directory domain named contoso.com.
You create a software restriction policy to allow an application named App1 by using a certificate
rule.
You need to ensure that when users attempt to execute App1, the certificate for App1 is verified
against a certificate revocation list (CRL).
What should you do?
A.
Modify the rule for App1.
B.
Modify the Trusted Publishers Properties.
C.
Create a new certificate rule for App1.
D.
Modify the Enforcement Properties.
Answer seems correct
You can use the Trusted Publishers Properties dialog box to configure which users can select trusted publishers. You can also determine which, if any, certificate revocation checks are performed before trusting a publisher. With certificate rules enabled, software restriction policy will check a certificate revocation list (CRL) to ensure the software’s certificate and signature are valid.
https://technet.microsoft.com/en-us/library/cc786941(v=ws.10).aspx
0
0