312-50V9 · Question #312
What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?
The correct answer is B. Data Execution Prevention (DEP). Data Execution Prevention (DEP) is a hardware and software security feature that marks memory regions as non-executable, helping prevent malicious code payloads - including those delivered via scripts - from running in data memory.
Question
What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?
Options
- AUser Access Control (UAC)
- BData Execution Prevention (DEP)
- CAddress Space Layout Randomization (ASLR)
- DWindows firewall
How the community answered
(35 responses)- A3% (1)
- B94% (33)
- C3% (1)
Why each option
Data Execution Prevention (DEP) is a hardware and software security feature that marks memory regions as non-executable, helping prevent malicious code payloads - including those delivered via scripts - from running in data memory.
UAC prompts for elevation of privilege but does not specifically block the execution of .bat or .ps1 scripts running under the current user context.
DEP enforces a policy at the processor and OS level that prevents code from executing in memory pages designated as data-only, blocking shellcode and malicious payloads that scripts may attempt to load. By flagging non-executable memory regions, DEP interrupts the execution of injected or script-triggered malicious code before it can run. It applies to both 32-bit and 64-bit processes and is configurable via Windows system settings.
ASLR randomizes the base addresses of loaded modules in memory to make exploits harder to target, but it does not prevent script files from being executed.
Windows Firewall controls inbound and outbound network traffic and has no mechanism to block local script execution.
Concept tested: Data Execution Prevention protecting against malicious code execution
Source: https://learn.microsoft.com/en-us/windows/win32/memory/data-execution-prevention
Topics
Community Discussion
No community discussion yet for this question.