210-255 · Question #125
What is the common artifact that is used to uniquely identify a detected file?
The correct answer is A. Hash. Cryptographic hashes uniquely identify files in security analysis and malware detection.
Question
What is the common artifact that is used to uniquely identify a detected file?
Options
- AHash
- BTimestamp
- CFile size
How the community answered
(29 responses)- A93% (27)
- B3% (1)
- C3% (1)
Why each option
Cryptographic hashes uniquely identify files in security analysis and malware detection.
A cryptographic hash (MD5, SHA-1, SHA-256) produces a fixed-length digest that is unique to a file's exact byte content. Even a single-bit change produces a completely different hash, making it the standard artifact used in threat intelligence feeds, file reputation lookups, and antivirus signatures to identify known malicious files regardless of filename or location.
Timestamps are not unique identifiers because multiple unrelated files can share the same creation or modification time, and timestamps can be trivially manipulated.
File size is not a unique identifier because many different files can have the same size, and malware authors often pad or trim files to match the size of legitimate binaries.
Concept tested: Cryptographic hash as file unique identifier
Source: https://csrc.nist.gov/glossary/term/cryptographic_hash_function
Topics
Community Discussion
No community discussion yet for this question.