Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CrowdStrike Exam CCFA-200 Topic 6 Question 47 Discussion

Actual exam question for CrowdStrike's CCFA-200 exam
Question #: 47
Topic #: 6
[All CCFA-200 Questions]

You need to have the ability to monitor suspicious VBA macros. Which Sensor Visibility setting should be turned on within the Prevention policy settings?

Show Suggested Answer Hide Answer
Suggested Answer: A

Turn on the Script-Based Execution Monitoring prevention policy setting to enable the 'Falcon sensor to monitor the contents of scripts and shells that are popular mechanisms for executing malicious code on hosts. This setting does not kill or block scripts.'

Scripting languages:

Excel 4.0 macros

JScript

VBA Macros

VBScript

The Sensor Visibility setting that should be turned on within the Prevention policy settings to monitor suspicious VBA macros is Script-based Execution Monitoring. Script-based Execution Monitoring is a feature that enables the Falcon sensor to monitor and prevent malicious script execution on Windows systems. The feature uses machine learning and behavioral analysis to detect suspicious scripts or commands executed by various script interpreters, such as PowerShell, WScript, CScript, or Bash. VBA (Visual Basic for Applications) is a scripting language that can be embedded in Microsoft Office documents, such as Word or Excel. VBA macros can be used to automate tasks or perform actions within the documents, but they can also be abused by attackers to deliver malware or execute malicious code. Script-based Execution Monitoring can help detect and prevent such attacks by monitoring the contents of VBA macros for execution of malicious content.


Contribute your Thoughts:

Annita
19 days ago
Script-based Execution Monitoring? More like 'Script-based Execution Monitoring-mic drop'!
upvoted 0 times
Alita
12 days ago
A) Script-based Execution Monitoring
upvoted 0 times
...
...
Tammi
29 days ago
Interpreter-Only? Sounds like a party trick, not a security setting. I'll pass on that one.
upvoted 0 times
Shawnta
7 days ago
D) Engine (Full Visibility)
upvoted 0 times
...
Nan
12 days ago
A) Script-based Execution Monitoring
upvoted 0 times
...
...
Johnna
1 months ago
Additional User Mode Data seems like the way to go. Gotta get all the data, no matter how boring it is.
upvoted 0 times
...
Jaclyn
1 months ago
I'd go with Engine (Full Visibility) - can't be too careful when it comes to VBA shenanigans.
upvoted 0 times
...
Dominga
1 months ago
Script-based Execution Monitoring for sure! Gotta keep an eye on those sneaky macros, am I right?
upvoted 0 times
Tijuana
6 days ago
D) Engine (Full Visibility)
upvoted 0 times
...
Alton
16 days ago
Definitely, it's important to monitor those VBA macros.
upvoted 0 times
...
Louvenia
18 days ago
A) Script-based Execution Monitoring
upvoted 0 times
...
...
Micah
2 months ago
I agree with Josephine, because monitoring VBA macros requires visibility into script-based execution.
upvoted 0 times
...
Josephine
2 months ago
I think the answer is A) Script-based Execution Monitoring.
upvoted 0 times
...

Save Cancel