单项选择题 Your network contains an Active Directory domain named contoso.com. You create a software restriction policy to allow an application named App1 by using a certificate rule. You need to ensure that when users attempt to execute App1, the certificate for App1 is verified against a certificate revocation list (CRL). What should you do?（）

问答题 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. All servers are configured to enforce AppLocker policies. You install a server named Server1. On Server1, you install an application named App1.exe in a folder located on C:\App1. You have two domain groups named Group1 and Group2.A user named User1 is a member of Group1 and Group2. You create a Group Policy object (GPO) named GPO1. You link GPO1 to contoso.com. You create the executable rules as shown in the exhibit by using the Create Executable Rules wizard. (Click the Exhibit button.) To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.

多项选择题 You have a Hyper-V host named Host1 that connects to a SAN by using a hardware Fibre Channel adapter. Host1 contains two virtual machines named VM1 and VM2. You need to provide VM1 with direct access to the SAN. VM2 must not require access to the SAN. Which two configurations should you perform?（）