0
0
PowerShellscripting~5 mins

Script block logging in PowerShell - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Recall & Review
beginner
What is Script Block Logging in PowerShell?
Script Block Logging records the full content of all PowerShell script blocks that run on a system. It helps track what commands and scripts are executed for security and troubleshooting.
Click to reveal answer
intermediate
How do you enable Script Block Logging using Group Policy?
Go to Computer Configuration > Administrative Templates > Windows Components > Windows PowerShell, then enable 'Turn on PowerShell Script Block Logging'.
Click to reveal answer
beginner
Which Windows Event Log channel stores Script Block Logging events?
Script Block Logging events are stored in the 'Microsoft-Windows-PowerShell/Operational' event log channel.
Click to reveal answer
intermediate
What is the benefit of Script Block Logging for security teams?
It helps detect malicious scripts by capturing the exact code run, even if scripts are obfuscated or run from memory, improving threat detection.
Click to reveal answer
intermediate
Can Script Block Logging impact system performance?
Yes, enabling Script Block Logging can add overhead because it records detailed script content, so it should be used thoughtfully in production environments.
Click to reveal answer
Where are PowerShell Script Block Logging events stored?
ASecurity log
BMicrosoft-Windows-PowerShell/Operational log
CSystem log
DApplication log
What does Script Block Logging capture?
AOnly error messages from scripts
BNetwork traffic details
CUser login events
DFull content of executed PowerShell script blocks
How can you enable Script Block Logging on a Windows machine?
AEnable it via Group Policy under Windows PowerShell settings
BInstall a third-party tool
CRun a PowerShell command to disable logging
DIt is enabled by default
What is a potential downside of enabling Script Block Logging?
ADisables PowerShell entirely
BLoss of script execution data
CIncreased system resource usage
DPrevents script execution
Why is Script Block Logging useful for security monitoring?
AIt captures exact script code, helping detect malicious activity
BIt blocks all scripts automatically
CIt encrypts all PowerShell scripts
DIt disables PowerShell remoting
Explain what Script Block Logging is and how it helps in monitoring PowerShell activity.
Think about what details you want to see when a script runs.
You got /3 concepts.
    Describe the steps to enable Script Block Logging on a Windows system using Group Policy.
    Focus on the path inside Group Policy and the specific setting name.
    You got /3 concepts.