Bird
0
0

You want to audit only script blocks that contain the word 'Invoke'. How can you configure script block logging to do this?

hard📝 Workflow Q8 of 15
PowerShell - Scripting Best Practices
You want to audit only script blocks that contain the word 'Invoke'. How can you configure script block logging to do this?
ASet registry key to log only script blocks with 'Invoke' keyword
BEnable script block logging and use event log filters to search for 'Invoke'
CModify PowerShell to block all scripts except those with 'Invoke'
DUse a custom script to disable logging except for 'Invoke' commands
Step-by-Step Solution
Solution:

  1. Step 1: Understand script block logging scope

    Script block logging records all script blocks; filtering is done after logging.

  2. Step 2: Use event log filtering

    To audit specific content like 'Invoke', use event log filters or queries to find matching entries.

  3. Final Answer:

    Enable logging and filter event logs for 'Invoke' -> Option B

  4. Quick Check:

    Filter logs after enabling script block logging [OK]
Quick Trick: Filter event logs to find specific script block content [OK]
Common Mistakes:
  • Thinking registry can filter by keyword
  • Trying to block scripts via logging
  • Assuming logging can be selectively enabled

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More PowerShell Quizzes
Active Directory - Get-ADUser - Quiz 7medium Active Directory - Get-ADUser - Quiz 4medium Active Directory - New-ADUser and Set-ADUser - Quiz 6medium Automation Patterns - Scheduled scripts with Task Scheduler - Quiz 11easy Automation Patterns - Report generation automation - Quiz 3easy Cross-Platform PowerShell - Platform-specific considerations - Quiz 14medium Cross-Platform PowerShell - PowerShell on Linux - Quiz 14medium Remote Management - Invoke-Command - Quiz 3easy System Administration - Registry operations - Quiz 15hard System Administration - Scheduled task management - Quiz 12easy