Free Preparation Discussions
MENU
CrowdStrike Exam CCFA-200 Topic 12 Question 29 Discussion
Topic #: 12
You need to have the ability to monitor suspicious VBA macros. Which Sensor Visibility setting should be turned on within the Prevention policy settings?
Turn on the Script-Based Execution Monitoring prevention policy setting to enable the 'Falcon sensor to monitor the contents of scripts and shells that are popular mechanisms for executing malicious code on hosts. This setting does not kill or block scripts.'
Scripting languages:
Excel 4.0 macros
JScript
VBA Macros
VBScript
The Sensor Visibility setting that should be turned on within the Prevention policy settings to monitor suspicious VBA macros is Script-based Execution Monitoring. Script-based Execution Monitoring is a feature that enables the Falcon sensor to monitor and prevent malicious script execution on Windows systems. The feature uses machine learning and behavioral analysis to detect suspicious scripts or commands executed by various script interpreters, such as PowerShell, WScript, CScript, or Bash. VBA (Visual Basic for Applications) is a scripting language that can be embedded in Microsoft Office documents, such as Word or Excel. VBA macros can be used to automate tasks or perform actions within the documents, but they can also be abused by attackers to deliver malware or execute malicious code. Script-based Execution Monitoring can help detect and prevent such attacks by monitoring the contents of VBA macros for execution of malicious content.
Matthew
4 months agoVincenza
4 months agoFrederick
5 months agoMatthew
5 months agoAlaine
6 months agoJuliana
6 months agoIzetta
6 months agoAlaine
6 months agoJuliana
6 months agoMeghann
7 months agoZona
7 months agoYolando
6 months agoEleni
6 months agoRosendo
6 months agoThora
7 months agoStephanie
7 months agoGolda
7 months agoVallie
7 months ago