Bird
Raised Fist0
PowerShellscripting~20 mins

Script block logging in PowerShell - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Script Block Logging Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:30remaining
What does enabling Script Block Logging in PowerShell do?

Script Block Logging is a security feature in PowerShell. What is its main purpose?

AIt records the full content of all executed script blocks for auditing and analysis.
BIt prevents any script blocks from running unless they are digitally signed.
CIt automatically encrypts all PowerShell scripts on the system.
DIt disables the execution of all scripts except those from trusted publishers.
Attempts:
2 left
💡 Hint

Think about what logging means in general and how it applies to scripts.

💻 Command Output
intermediate
1:30remaining
Output of enabling Script Block Logging via Group Policy

What is the expected effect after enabling Script Block Logging through Group Policy and running a PowerShell script?

PowerShell
Write-Output 'Hello World'
AThe script fails to run with an access denied error.
BThe script runs normally and the script block content is logged in the Windows Event Log under Microsoft-Windows-PowerShell/Operational.
CThe script runs but no logging occurs anywhere.
DThe script output is redirected to a file automatically.
Attempts:
2 left
💡 Hint

Consider what logging means and where PowerShell logs events.

Configuration
advanced
2:00remaining
Correct registry key to enable Script Block Logging

Which registry key and value correctly enable Script Block Logging on a Windows machine?

AHKLM\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging = 1
BHKCU\Software\Microsoft\PowerShell\ScriptBlockLogging\Enable = 1
CHKLM\Software\Microsoft\Windows\PowerShell\EnableScriptBlockLogging = 0
DHKLM\Software\Policies\Microsoft\Windows\PowerShell\EnableScriptBlockLogging = 2
Attempts:
2 left
💡 Hint

Look for the key under Policies and the correct value name and data.

Troubleshoot
advanced
2:00remaining
Why are script blocks not logged despite enabling Script Block Logging?

You enabled Script Block Logging via Group Policy, but no script block events appear in the event log. What is a likely cause?

AThe PowerShell execution policy is set to Restricted, blocking all scripts.
BThe script blocks are too small to be logged by design.
CThe Group Policy changes were not applied or the system was not restarted.
DScript Block Logging only works on PowerShell Core, not Windows PowerShell.
Attempts:
2 left
💡 Hint

Think about how Group Policy changes take effect on Windows.

Best Practice
expert
2:30remaining
Best practice to minimize performance impact of Script Block Logging

Script Block Logging can impact system performance. Which approach best reduces this impact while keeping useful logs?

AEnable Script Block Logging on all machines permanently without filtering.
BRun all scripts with -NoProfile to avoid logging overhead.
CDisable Script Block Logging and rely only on antivirus software.
DEnable Script Block Logging only on critical servers and use event filtering to collect relevant events.
Attempts:
2 left
💡 Hint

Think about balancing security and performance in a real environment.

Practice

(1/5)
1. What is the main purpose of PowerShell script block logging?
easy
A. To automatically fix errors in scripts
B. To speed up script execution by caching commands
C. To record executed PowerShell commands for security and troubleshooting
D. To encrypt PowerShell scripts for protection

Solution

  1. Step 1: Understand script block logging purpose

    Script block logging records the commands run in PowerShell scripts to help track activity.

  2. Step 2: Compare options to purpose

    Only "To record executed PowerShell commands for security and troubleshooting" matches the purpose of recording commands for security and troubleshooting.

  3. Final Answer:

    To record executed PowerShell commands for security and troubleshooting -> Option C

  4. Quick Check:

    Script block logging = record commands [OK]
Hint: Remember: logging means recording actions, not speeding or fixing [OK]
Common Mistakes:
  • Confusing logging with script optimization
  • Thinking it encrypts scripts
  • Assuming it auto-fixes errors
2. Which PowerShell command correctly enables script block logging by setting the registry key?
easy
A. Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy ScriptBlockLogging
B. Enable-ScriptBlockLogging -Value 1
C. New-Item -Path 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell' -Name 'ScriptBlockLogging' -Value 1
D. Set-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' -Name 'EnableScriptBlockLogging' -Value 1

Solution

  1. Step 1: Identify correct registry path and property

    The registry path for script block logging is under HKLM\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging with property EnableScriptBlockLogging.

  2. Step 2: Match command syntax

    Set-ItemProperty sets a registry value correctly. Set-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' -Name 'EnableScriptBlockLogging' -Value 1 uses correct path, property, and value 1 to enable logging.

  3. Final Answer:

    Set-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' -Name 'EnableScriptBlockLogging' -Value 1 -> Option D

  4. Quick Check:

    Set-ItemProperty + correct path = enable logging [OK]
Hint: Use Set-ItemProperty with full registry path to enable logging [OK]
Common Mistakes:
  • Using non-existent cmdlets like Enable-ScriptBlockLogging
  • Incorrect registry paths
  • Confusing execution policy with logging
3. Given the registry key is set to enable script block logging, what event log source will you check to see logged script blocks?
medium
A. Windows PowerShell
B. Application
C. Security
D. System

Solution

  1. Step 1: Identify where PowerShell logs script block events

    PowerShell script block logging events appear in the Windows PowerShell event log under Applications and Services Logs.

  2. Step 2: Match event log source

    The correct source is 'Windows PowerShell', not general logs like Application, Security, or System.

  3. Final Answer:

    Windows PowerShell -> Option A

  4. Quick Check:

    Script block logs appear in Windows PowerShell log [OK]
Hint: Check 'Windows PowerShell' log for script block events [OK]
Common Mistakes:
  • Looking in Application or System logs
  • Confusing Security log with script block logging
  • Not knowing event log sources
4. You enabled script block logging but no events appear in the Windows PowerShell log. What is a likely cause?
medium
A. The registry key was set under the wrong registry hive
B. PowerShell script execution is disabled
C. The event log service is stopped
D. The script block logging feature is only for PowerShell 5.0 and above

Solution

  1. Step 1: Check registry hive correctness

    Script block logging requires setting the key under HKLM (local machine). Setting it under HKCU or wrong hive causes no logging.

  2. Step 2: Evaluate other options

    PowerShell execution policy does not block logging; event log service stopping would affect all logs; script block logging works in PowerShell 5.0+ but question assumes correct version.

  3. Final Answer:

    The registry key was set under the wrong registry hive -> Option A

  4. Quick Check:

    Wrong registry hive = no logs [OK]
Hint: Always set registry keys under HKLM for script block logging [OK]
Common Mistakes:
  • Setting keys under HKCU instead of HKLM
  • Assuming execution policy blocks logging
  • Ignoring event log service status
5. You want to enable script block logging only for scripts running under a specific user account without affecting others. Which approach is best?
hard
A. Set the EnableScriptBlockLogging registry key under HKLM for all users
B. Modify the PowerShell profile script to log commands manually
C. Use Group Policy to enable script block logging for all users
D. Set the EnableScriptBlockLogging registry key under HKCU for that user

Solution

  1. Step 1: Understand scope of script block logging

    Built-in script block logging is a machine-wide feature configured under HKLM or Group Policy, affecting all users.

  2. Step 2: Identify per-user alternative

    HKCU does not enable script block logging (as it requires HKLM). Modifying the user's PowerShell profile to manually log commands (e.g., Start-Transcript) achieves per-user logging without affecting others.

  3. Final Answer:

    Modify the PowerShell profile script to log commands manually -> Option B

  4. Quick Check:

    Per-user logging = profile script [OK]
Hint: Use PowerShell profile for per-user command logging [OK]
Common Mistakes:
  • Using HKLM or Group Policy which affects all users
  • Setting HKCU key (does not enable built-in logging)
  • Assuming built-in logging supports per-user config