Practice - 5 Tasks
Answer the questions below
1fill in blank
easyComplete the code to sign a PowerShell script file using a certificate.
PowerShell
Set-AuthenticodeSignature -FilePath script.ps1 -Certificate [1] Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using Get-Process or Get-Service instead of a certificate.
Passing file content instead of a certificate object.
✗ Incorrect
The Set-AuthenticodeSignature cmdlet requires a code signing certificate, which you get using Get-ChildItem from the certificate store with the -CodeSigningCert flag.
2fill in blank
mediumComplete the code to verify the signature of a PowerShell script file.
PowerShell
Get-AuthenticodeSignature -FilePath [1] Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using a non-script file like a text or executable file.
Using a module file (.psm1) instead of a script file.
✗ Incorrect
You verify the signature of the PowerShell script file by specifying its path, here 'script.ps1'.
3fill in blank
hardFix the error in the code to sign a script with the first code signing certificate found.
PowerShell
$cert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | [1]
Set-AuthenticodeSignature -FilePath script.ps1 -Certificate $cert Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using Where-Object without a proper filter.
Using Get-Process which returns processes, not certificates.
✗ Incorrect
To get the first certificate from the list, use Select-Object -First 1. This ensures $cert is a single certificate object.
4fill in blank
hardFill both blanks to create a hash table with the signature status and signer certificate subject.
PowerShell
$sig = Get-AuthenticodeSignature script.ps1
$result = @{ Status = $sig.[1]; Signer = $sig.[2].Subject } Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using StatusMessage instead of Status for the signature status.
Using Certificate instead of SignerCertificate for the signer.
✗ Incorrect
The signature status is in $sig.Status and the signer certificate is in $sig.SignerCertificate. We access the Subject property of the certificate.
5fill in blank
hardFill all three blanks to filter certificates valid for code signing and not expired.
PowerShell
$validCerts = Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.EnhancedKeyUsageList.[1] -contains 'Code Signing' -and $_.NotAfter [2] (Get-Date) } | Select-Object -First [3] Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using Contains instead of FriendlyName to check usage.
Using wrong comparison operator for dates.
Selecting more than one certificate.
✗ Incorrect
We use FriendlyName to access the EnhancedKeyUsageList friendly names array with -contains to check if 'Code Signing' is present, -gt to check NotAfter date is greater than today, and select the first certificate with Select-Object -First 1.