312-50V10 · Question #221
What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?
The correct answer is B. Data Execution Prevention (DEP). Data Execution Prevention (DEP) marks memory regions as non-executable, blocking malicious code payloads from running even when triggered by scripts like .bat or .ps1 files.
Question
What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?
Options
- AUser Access Control (UAC)
- BData Execution Prevention (DEP)
- CAddress Space Layout Randomization (ASLR)
- DWindows firewall
How the community answered
(25 responses)- A4% (1)
- B92% (23)
- C4% (1)
Why each option
Data Execution Prevention (DEP) marks memory regions as non-executable, blocking malicious code payloads from running even when triggered by scripts like .bat or .ps1 files.
UAC (User Account Control) prompts for elevation when administrative privileges are needed, but does not specifically block the execution of script file content at the memory level.
DEP enforces a hardware and OS-level policy that prevents code from executing in memory pages designated as data-only, stopping script-injected shellcode from running. When a malicious .bat or .ps1 script attempts to load and execute arbitrary code in a non-executable memory region, DEP intercepts and terminates that execution before the payload can run.
ASLR (Address Space Layout Randomization) randomizes base memory addresses to hinder exploitation, but does not prevent script files from being executed or their payloads from loading.
Windows Firewall filters inbound and outbound network connections based on rules and has no mechanism to block local script file execution.
Concept tested: Data Execution Prevention blocking script-based code injection
Source: https://learn.microsoft.com/en-us/windows/win32/memory/data-execution-prevention
Topics
Community Discussion
No community discussion yet for this question.