An assessor uses PowerSploit to deliver malicious scripts by obfuscating commands. Which measure best identifies the unauthorized use of those scripts?
Enable script block logging for detailed PowerShell activity
Track processor usage to find unusual load patterns
Grant an external service privileged access for scanning
Rename critical executables to hinder potential attacks
Enabling script block logging captures PowerShell commands, including hidden operations that evade standard logs. Monitoring CPU usage attempts to spot suspicious spikes but does not scrutinize script content. Renaming executables avoids detection rather than addresses it. Granting privileges to an external service does not specifically track malicious scripts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is PowerSploit, and how is it commonly used?
Open an interactive chat with Bash
How does script block logging improve PowerShell security?
Open an interactive chat with Bash
Why is tracking CPU usage insufficient for detecting malicious scripts?