nerdexam
EC-Council

312-50V9 · Question #312

What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

The correct answer is B. Data Execution Prevention (DEP). Data Execution Prevention (DEP) is a hardware and software security feature that marks memory regions as non-executable, helping prevent malicious code payloads - including those delivered via scripts - from running in data memory.

System Hacking

Question

What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

Options

  • AUser Access Control (UAC)
  • BData Execution Prevention (DEP)
  • CAddress Space Layout Randomization (ASLR)
  • DWindows firewall

How the community answered

(35 responses)
  • A
    3% (1)
  • B
    94% (33)
  • C
    3% (1)

Why each option

Data Execution Prevention (DEP) is a hardware and software security feature that marks memory regions as non-executable, helping prevent malicious code payloads - including those delivered via scripts - from running in data memory.

AUser Access Control (UAC)

UAC prompts for elevation of privilege but does not specifically block the execution of .bat or .ps1 scripts running under the current user context.

BData Execution Prevention (DEP)Correct

DEP enforces a policy at the processor and OS level that prevents code from executing in memory pages designated as data-only, blocking shellcode and malicious payloads that scripts may attempt to load. By flagging non-executable memory regions, DEP interrupts the execution of injected or script-triggered malicious code before it can run. It applies to both 32-bit and 64-bit processes and is configurable via Windows system settings.

CAddress Space Layout Randomization (ASLR)

ASLR randomizes the base addresses of loaded modules in memory to make exploits harder to target, but it does not prevent script files from being executed.

DWindows firewall

Windows Firewall controls inbound and outbound network traffic and has no mechanism to block local script execution.

Concept tested: Data Execution Prevention protecting against malicious code execution

Source: https://learn.microsoft.com/en-us/windows/win32/memory/data-execution-prevention

Topics

#DEP#script execution#Windows security#malicious scripts

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice