nerdexam
Exams312-50V9Questions#312
EC-Council

312-50V9 · Question #312

312-50V9 Question #312: Real Exam Question with Answer & Explanation

The correct answer is B: Data Execution Prevention (DEP). Data Execution Prevention (DEP) is a hardware and software security feature that marks memory regions as non-executable, helping prevent malicious code payloads - including those delivered via scripts - from running in data memory.

Question

What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

Options

  • AUser Access Control (UAC)
  • BData Execution Prevention (DEP)
  • CAddress Space Layout Randomization (ASLR)
  • DWindows firewall

Explanation

Data Execution Prevention (DEP) is a hardware and software security feature that marks memory regions as non-executable, helping prevent malicious code payloads - including those delivered via scripts - from running in data memory.

Common mistakes.

  • A. UAC prompts for elevation of privilege but does not specifically block the execution of .bat or .ps1 scripts running under the current user context.
  • C. ASLR randomizes the base addresses of loaded modules in memory to make exploits harder to target, but it does not prevent script files from being executed.
  • D. Windows Firewall controls inbound and outbound network traffic and has no mechanism to block local script execution.

Concept tested. Data Execution Prevention protecting against malicious code execution

Reference. https://learn.microsoft.com/en-us/windows/win32/memory/data-execution-prevention

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice