nerdexam
Cisco

210-255 · Question #125

What is the common artifact that is used to uniquely identify a detected file?

The correct answer is A. Hash. Cryptographic hashes uniquely identify files in security analysis and malware detection.

Host-Based Analysis

Question

What is the common artifact that is used to uniquely identify a detected file?

Options

  • AHash
  • BTimestamp
  • CFile size

How the community answered

(29 responses)
  • A
    93% (27)
  • B
    3% (1)
  • C
    3% (1)

Why each option

Cryptographic hashes uniquely identify files in security analysis and malware detection.

AHashCorrect

A cryptographic hash (MD5, SHA-1, SHA-256) produces a fixed-length digest that is unique to a file's exact byte content. Even a single-bit change produces a completely different hash, making it the standard artifact used in threat intelligence feeds, file reputation lookups, and antivirus signatures to identify known malicious files regardless of filename or location.

BTimestamp

Timestamps are not unique identifiers because multiple unrelated files can share the same creation or modification time, and timestamps can be trivially manipulated.

CFile size

File size is not a unique identifier because many different files can have the same size, and malware authors often pad or trim files to match the size of legitimate binaries.

Concept tested: Cryptographic hash as file unique identifier

Source: https://csrc.nist.gov/glossary/term/cryptographic_hash_function

Topics

#file hash#artifact identification#malware analysis#file fingerprinting

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice