Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CrowdStrike Exam CCFA-200 Topic 12 Question 29 Discussion

Actual exam question for CrowdStrike's CCFA-200 exam
Question #: 29
Topic #: 12
[All CCFA-200 Questions]

You need to have the ability to monitor suspicious VBA macros. Which Sensor Visibility setting should be turned on within the Prevention policy settings?

Show Suggested Answer Hide Answer
Suggested Answer: A

Turn on the Script-Based Execution Monitoring prevention policy setting to enable the 'Falcon sensor to monitor the contents of scripts and shells that are popular mechanisms for executing malicious code on hosts. This setting does not kill or block scripts.'

Scripting languages:

Excel 4.0 macros

JScript

VBA Macros

VBScript

The Sensor Visibility setting that should be turned on within the Prevention policy settings to monitor suspicious VBA macros is Script-based Execution Monitoring. Script-based Execution Monitoring is a feature that enables the Falcon sensor to monitor and prevent malicious script execution on Windows systems. The feature uses machine learning and behavioral analysis to detect suspicious scripts or commands executed by various script interpreters, such as PowerShell, WScript, CScript, or Bash. VBA (Visual Basic for Applications) is a scripting language that can be embedded in Microsoft Office documents, such as Word or Excel. VBA macros can be used to automate tasks or perform actions within the documents, but they can also be abused by attackers to deliver malware or execute malicious code. Script-based Execution Monitoring can help detect and prevent such attacks by monitoring the contents of VBA macros for execution of malicious content.


Contribute your Thoughts:

Matthew
5 months ago
I think Engine (Full Visibility) would be the most comprehensive option for monitoring VBA macros.
upvoted 0 times
...
Vincenza
5 months ago
I'm not sure, but I think C) Additional User Mode Data may also provide some level of visibility.
upvoted 0 times
...
Frederick
6 months ago
I agree with Matthew. Script-based Execution Monitoring provides visibility into suspicious VBA macros.
upvoted 0 times
...
Matthew
6 months ago
I think the correct answer is A) Script-based Execution Monitoring.
upvoted 0 times
...
Alaine
7 months ago
That makes sense. D) Engine (Full Visibility) seems like a good choice then.
upvoted 0 times
...
Juliana
7 months ago
I think we should choose the option that provides the most comprehensive visibility into VBA macros.
upvoted 0 times
...
Izetta
7 months ago
I'm not sure, but I think C) Additional User Mode Data could also be a valid option.
upvoted 0 times
...
Alaine
7 months ago
I disagree, I believe the answer is D) Engine (Full Visibility).
upvoted 0 times
...
Juliana
7 months ago
I think the correct answer is A) Script-based Execution Monitoring.
upvoted 0 times
...
Meghann
8 months ago
Alright, let's think this through. Script-based Execution Monitoring sounds like the most logical choice to me. It's specifically focused on monitoring VBA macros, which is what the question is asking about.
upvoted 0 times
...
Zona
8 months ago
This question is making my head spin. Can we get a coffee break before we tackle this one? I need a moment to clear my mind.
upvoted 0 times
Yolando
7 months ago
Sounds good to me. Let's recharge and then figure out the answer.
upvoted 0 times
...
Eleni
7 months ago
I agree, a coffee break sounds like a good idea. We can tackle the question after.
upvoted 0 times
...
Rosendo
7 months ago
Sure, let's take a quick coffee break before we come back to this question.
upvoted 0 times
...
...
Thora
8 months ago
I'm going to go with Interpreter-Only. It sounds like it might be a more targeted approach, which could be useful for monitoring suspicious VBA macros specifically.
upvoted 0 times
...
Stephanie
8 months ago
Hmm, I'm not so sure. Additional User Mode Data might also be a good option, as it could provide more context around the VBA macros. This is a tough one.
upvoted 0 times
...
Golda
8 months ago
I'm leaning towards Engine (Full Visibility). That seems like it would give us the most comprehensive monitoring capabilities, which is what we need for this scenario.
upvoted 0 times
...
Vallie
8 months ago
This is a tricky question. I think the answer might be Script-based Execution Monitoring, as that would allow us to monitor suspicious VBA macros. But I'm not 100% sure.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77