Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1.
On Server1, administrators plan to use several scripts that have the .ps1 extension.
You need to ensure that when code is generated from the scripts, an event containing the details of the code is
logged in the Operational log.
Which Group Policy setting or settings should you configure?
A.
Enable Protected Event Logging
B.
Audit Process Creation and Audit Process Termination
C.
Turn on PovverShell Script Block Logging
D.
Turn on PowerShell Transcription
Explanation:
https://docs.microsoft.com/en-us/powershell/wmf/5.0/audit_script
The new Detailed Script Tracing feature lets you enable detailed tracking and analysis of Windows PowerShell
scripting use on a system.
After you enable detailed script tracing, Windows PowerShell logs all script blocks to the ETW event log,
Microsoft-Windows-PowerShell/Operational.
If a script block creates another script block (for example, a script that calls the Invoke-Expression cmdlet on a
string), that resulting script block is logged as well.
Logging of these events can be enabled through the Turn on PowerShell Script Block Logging Group
Policy setting
(in GPO Administrative Templates -> Windows Components -> Windows PowerShell).
Answer D is incorrect, since Transcription (Start-Transcript -path <FilePath>) uses a custom output location
instead of Event Viewer \\ Operational Log