Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server.
You need to ensure that only specific applications can modify the data in protected folders on Server1.
Solution: From App & browser control, you configure Reputation-based protection.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
No, configuring Reputation-based protection from App & Browser control does not meet the goal of ensuring that only specific applications can modify the data in protected folders on Server1.
Reputation-based protection is a feature in Windows Defender Application Control that uses reputation data to make decisions about whether to allow an application to run. It evaluates an application's reputation by analyzing its characteristics, such as digital signature and publisher, and comparing them to known good and bad applications.
While this feature can help protect against malicious applications, it does not provide granular control over which specific applications can access protected folders. Instead, it relies on reputation data to make decisions about whether to allow an application to run in general.
To restrict access to protected folders on Server1 to specific applications, you can use Windows Defender Application Control (WDAC) policies. WDAC allows you to create policies that specify which applications are allowed to run on a system based on various criteria, including publisher, file hash, and path.
To implement WDAC policies, you need to first define a policy that specifies the conditions under which an application should be allowed to run. Then you need to configure your system to use the policy, either by enabling WDAC in audit mode or by enforcing the policy.
Once you have a policy in place, you can then use it to restrict access to protected folders by specifying that only applications that meet the policy criteria are allowed to access them. This provides a much more granular level of control over which applications can modify the data in protected folders on Server1.
In summary, Reputation-based protection from App & Browser control does not meet the goal of ensuring that only specific applications can modify the data in protected folders on Server1. To achieve this goal, you should use Windows Defender Application Control policies to specify which applications are allowed to run on the system and to restrict access to protected folders based on these policies.