Challenge - 5 Problems

🎖️

Code Signing Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

💻 Command Output

intermediate

2:00remaining

What is the output of this PowerShell code signing command?

Consider the following PowerShell command that attempts to sign a script file. What will be the output if the certificate thumbprint is invalid or not found?

PowerShell

Set-AuthenticodeSignature -FilePath script.ps1 -Certificate (Get-ChildItem Cert:\CurrentUser\My\INVALIDTHUMBPRINT)

ANo output, command runs silently

BScript signed successfully

CWarning: Certificate expired

DError: Cannot find certificate with thumbprint INVALIDTHUMBPRINT

Attempts:

2 left

💻 Command Output

intermediate

2:00remaining

What does this PowerShell snippet output when verifying a signed script?

Given a signed script file 'signedScript.ps1', what will this command output?

PowerShell

Get-AuthenticodeSignature -FilePath signedScript.ps1 | Select-Object Status

Status
-------
Valid

Status
-------
NotSigned

Status
-------
UnknownError

Status
-------
HashMismatch

Attempts:

2 left

📝 Syntax

advanced

2:00remaining

Which option correctly signs a script with a certificate from the CurrentUser store?

Select the PowerShell command that correctly signs 'myscript.ps1' using a certificate with thumbprint 'ABC123' from the CurrentUser\My store.

ASet-AuthenticodeSignature -FilePath myscript.ps1 -Certificate (Get-ChildItem Cert:\CurrentUser\My\ABC123)

BSet-AuthenticodeSignature -FilePath myscript.ps1 -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq 'ABC123' })

CSet-AuthenticodeSignature -FilePath myscript.ps1 -Certificate (Get-ChildItem Cert:\CurrentUser\Root\ABC123)

DSet-AuthenticodeSignature -FilePath myscript.ps1 -Certificate (Get-ChildItem Cert:\LocalMachine\My\ABC123)

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Why does this code signing command fail with a null certificate error?

Analyze the following code snippet and select the reason it fails with a null certificate error.

PowerShell

 $cert = Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Subject -like '*MyCert*' }
 Set-AuthenticodeSignature -FilePath script.ps1 -Certificate $cert

ASet-AuthenticodeSignature requires a file path with full absolute path

B$cert is null because the certificate store path is incorrect

C$cert contains multiple certificates, causing Set-AuthenticodeSignature to fail

DThe script file 'script.ps1' does not exist

Attempts:

2 left

🚀 Application

expert

3:00remaining

How to automate signing multiple scripts with error handling in PowerShell?

You want to sign all '.ps1' files in a folder using a certificate with thumbprint 'DEF456'. Which script correctly signs each file and logs errors without stopping the entire process?

Get-ChildItem -Path . -Filter '*.ps1' | ForEach-Object {
  try {
    Set-AuthenticodeSignature -FilePath $_.FullName -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq 'DEF456' })
  } catch {
    Write-Output "Failed to sign $($_.Name): $_"
  }
}

foreach ($file in Get-ChildItem -Path . -Filter '*.ps1') {
  Set-AuthenticodeSignature -FilePath $file.FullName -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq 'DEF456' })
}

Get-ChildItem -Path . -Filter '*.ps1' | ForEach-Object {
  Set-AuthenticodeSignature -FilePath $_.FullName -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq 'DEF456' }) -ErrorAction SilentlyContinue
}

foreach ($file in Get-ChildItem -Path . -Filter '*.ps1') {
  try {
    Set-AuthenticodeSignature -FilePath $file.FullName -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq 'DEF456' })
  } catch {
    Write-Output "Error signing $($file.Name)"
    break
  }
}

Attempts:

2 left