An application named Inventory.exe is installed on all Windows XP client computers in the domain with the startup type of the service set to Automatic. In the Default Domain Policy Group Policy object the security administrator has configured a software restriction policy that is applied to all computers in the domain.
The policy contains a hash rule for the Inventory.exe application, and the hash rule is configured with a security level of Unrestricted. What should you do to ensure that Inventory.exe cannot be started by a worm, while still allowing the application to run as a service?
Explanation
Answer - D - Configure a software restriction policy that contains a hash rule for the Inventory.exe application in the user settings section of the Default Domain Policy GPO, and configure the hash rule with a security level of Disallowed to ensure that Inventory.exe cannot be started by a worm.
Key Takeaway: A hash rule is a series of bytes with a fixed length that uniquely identifies a software program or file. A hash is obtained by applying a one-way mathematical function to an arbitrary amount of data. If the input data is changed, the hash also changes. If you create a hash rule for a software program, software restriction policies calculate a hash of the program.
When a user tries to open a software program, a hash of the program is compared to existing hash rules for software restriction policies. The hash of a software program is always the same, regardless of where the program is located on the computer. However, if any changes are made to the software program, its hash also changes, and it no longer matches the hash in the hash rule for software restriction policies.
