Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CrowdStrike Exam CCFA-200 Topic 9 Question 34 Discussion

Actual exam question for CrowdStrike's CCFA-200 exam
Question #: 34
Topic #: 9
[All CCFA-200 Questions]

You need to have the ability to monitor suspicious VBA macros. Which Sensor Visibility setting should be turned on within the Prevention policy settings?

Show Suggested Answer Hide Answer
Suggested Answer: A

Turn on the Script-Based Execution Monitoring prevention policy setting to enable the 'Falcon sensor to monitor the contents of scripts and shells that are popular mechanisms for executing malicious code on hosts. This setting does not kill or block scripts.'

Scripting languages:

Excel 4.0 macros

JScript

VBA Macros

VBScript

The Sensor Visibility setting that should be turned on within the Prevention policy settings to monitor suspicious VBA macros is Script-based Execution Monitoring. Script-based Execution Monitoring is a feature that enables the Falcon sensor to monitor and prevent malicious script execution on Windows systems. The feature uses machine learning and behavioral analysis to detect suspicious scripts or commands executed by various script interpreters, such as PowerShell, WScript, CScript, or Bash. VBA (Visual Basic for Applications) is a scripting language that can be embedded in Microsoft Office documents, such as Word or Excel. VBA macros can be used to automate tasks or perform actions within the documents, but they can also be abused by attackers to deliver malware or execute malicious code. Script-based Execution Monitoring can help detect and prevent such attacks by monitoring the contents of VBA macros for execution of malicious content.


Contribute your Thoughts:

Tuyet
6 months ago
I'm just going to randomly pick D. Engine (Full Visibility) and hope for the best. Monitoring macros sounds about as fun as watching paint dry.
upvoted 0 times
Rebecka
5 months ago
C) Additional User Mode Data might provide more insight into suspicious macros.
upvoted 0 times
...
Sage
5 months ago
I'm going with D) Engine (Full Visibility), better safe than sorry.
upvoted 0 times
...
Beckie
5 months ago
I think A) Script-based Execution Monitoring is the way to go.
upvoted 0 times
...
...
Tawna
6 months ago
Ah, the old VBA macro monitoring question. I bet the answer is A. Script-based Execution Monitoring. Gotta love those scripts!
upvoted 0 times
Izetta
5 months ago
D) Engine (Full Visibility)
upvoted 0 times
...
Evangelina
5 months ago
That's correct! VBA macros can be tricky.
upvoted 0 times
...
Kimi
5 months ago
A) Script-based Execution Monitoring
upvoted 0 times
...
...
Leatha
6 months ago
Hmm, this is a tricky one. I'll go with B. Interpreter-Only, as it seems to focus on the execution of the macros.
upvoted 0 times
...
Sage
6 months ago
C. Additional User Mode Data sounds like the right choice to monitor VBA macros, but I'm not completely sure.
upvoted 0 times
...
Michel
6 months ago
I think the answer is D. Engine (Full Visibility) because it provides the most visibility into suspicious VBA macros.
upvoted 0 times
Alana
5 months ago
Yes, D. Engine (Full Visibility) gives us the most visibility to detect any suspicious activity.
upvoted 0 times
...
Gianna
5 months ago
I agree, D. Engine (Full Visibility) is the correct setting for monitoring suspicious VBA macros.
upvoted 0 times
...
Margarita
5 months ago
Yes, D) Engine (Full Visibility) gives us the most visibility and control over VBA macros.
upvoted 0 times
...
Eleonore
5 months ago
I agree, D) Engine (Full Visibility) is the correct answer for monitoring suspicious VBA macros.
upvoted 0 times
...
Rosendo
5 months ago
D) Engine (Full Visibility)
upvoted 0 times
...
Berry
6 months ago
C) Additional User Mode Data
upvoted 0 times
...
Eladia
6 months ago
I think A) Script-based Execution Monitoring would also be helpful in detecting suspicious VBA macros.
upvoted 0 times
...
Bethanie
6 months ago
B) Interpreter-Only
upvoted 0 times
...
Frank
6 months ago
I agree, D. Engine (Full Visibility) is the best option for monitoring suspicious VBA macros.
upvoted 0 times
...
Nu
6 months ago
A) Script-based Execution Monitoring
upvoted 0 times
...
...
Wilburn
6 months ago
I agree with Shawnna. Turning on Script-based Execution Monitoring would help monitor suspicious VBA macros effectively.
upvoted 0 times
...
Shawnna
7 months ago
I think the answer is A) Script-based Execution Monitoring.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77