nerdexam
EC-Council

312-50V11 · Question #221

What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

The correct answer is B. Data Execution Prevention (DEP). Data Execution Prevention (DEP) is a Windows security feature that marks memory regions as non-executable, helping prevent malicious code injected via scripts from running.

System Hacking

Question

What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

Options

  • AUser Access Control (UAC)
  • BData Execution Prevention (DEP)
  • CAddress Space Layout Randomization (ASLR)
  • DWindows firewall

How the community answered

(55 responses)
  • A
    2% (1)
  • B
    87% (48)
  • C
    4% (2)
  • D
    7% (4)

Why each option

Data Execution Prevention (DEP) is a Windows security feature that marks memory regions as non-executable, helping prevent malicious code injected via scripts from running.

AUser Access Control (UAC)

UAC (User Account Control) prompts for elevation when administrative privileges are needed but does not block malicious code execution at the memory or process level.

BData Execution Prevention (DEP)Correct

DEP works at the hardware and OS level to mark memory pages (such as the stack and heap) as non-executable, blocking the execution of code that has been placed into data regions by a malicious .bat or .ps1 script. When such a script attempts to execute shellcode or injected payloads in a protected memory region, DEP triggers an exception and terminates the process. This prevents attackers from leveraging scripts to run arbitrary code in non-executable memory areas.

CAddress Space Layout Randomization (ASLR)

ASLR (Address Space Layout Randomization) randomizes memory layout to make exploitation harder, but does not directly block code execution from data regions.

DWindows firewall

Windows Firewall controls inbound and outbound network traffic and plays no role in preventing local script-based code execution.

Concept tested: Data Execution Prevention preventing malicious script code execution

Source: https://learn.microsoft.com/en-us/windows/win32/memory/data-execution-prevention

Topics

#DEP#exploit prevention#ASLR#UAC

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice