312-50V10 · Question #609
Which of the following techniques will identify if computer files have been changed?
The correct answer is C. Integrity checking hashes. Integrity checking using cryptographic hashes detects unauthorized or accidental changes to files by comparing current hash values against a known-good baseline.
Question
Which of the following techniques will identify if computer files have been changed?
Options
- ANetwork sniffing
- BPermission sets
- CIntegrity checking hashes
- DFirewall alerts
How the community answered
(40 responses)- A3% (1)
- B3% (1)
- C93% (37)
- D3% (1)
Why each option
Integrity checking using cryptographic hashes detects unauthorized or accidental changes to files by comparing current hash values against a known-good baseline.
Network sniffing captures packets on the wire and monitors network traffic; it does not inspect or track changes to files stored on disk.
Permission sets control who can access or modify files, but they do not detect or report whether a file's content has actually been changed.
Integrity checking generates a cryptographic hash (such as MD5, SHA-256) for each file and stores it as a baseline. When a subsequent check runs, new hashes are computed and compared against the baseline - any mismatch indicates the file has been altered. This technique is used by file integrity monitoring (FIM) tools and is effective at detecting tampering, malware injection, or unauthorized modifications.
Firewall alerts notify administrators of suspicious network connections or policy violations but have no visibility into the content or integrity of files on a host.
Concept tested: File integrity monitoring using cryptographic hashes
Source: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications
Topics
Community Discussion
No community discussion yet for this question.