nerdexam
EC-Council

312-50V11 · Question #609

Which of the following techniques will identify if computer files have been changed?

The correct answer is C. Integrity checking hashes. Cryptographic hash functions generate a unique fingerprint of a file's contents that can be compared against a baseline to detect any unauthorized modifications.

Information Security and Ethical Hacking Fundamentals

Question

Which of the following techniques will identify if computer files have been changed?

Options

  • ANetwork sniffing
  • BPermission sets
  • CIntegrity checking hashes
  • DFirewall alerts

How the community answered

(49 responses)
  • A
    4% (2)
  • B
    2% (1)
  • C
    94% (46)

Why each option

Cryptographic hash functions generate a unique fingerprint of a file's contents that can be compared against a baseline to detect any unauthorized modifications.

ANetwork sniffing

Network sniffing captures and analyzes packets traversing a network interface and has no mechanism to inspect or compare the contents of files stored on disk.

BPermission sets

Permission sets define read, write, and execute access controls but do not record or compare file content to detect changes made by users who already have access.

CIntegrity checking hashesCorrect

Integrity checking uses cryptographic hash algorithms such as MD5, SHA-1, or SHA-256 to produce a fixed-length digest of a file's contents at a known-good state. If any byte in the file is subsequently altered - whether by malware, unauthorized editing, or corruption - the recomputed hash will differ from the stored baseline hash. Tools such as Tripwire and built-in OS utilities implement this approach as file integrity monitoring (FIM).

DFirewall alerts

Firewall alerts are triggered by network traffic rule violations and operate at the network boundary, not at the file system level.

Concept tested: File integrity monitoring using cryptographic hash functions

Source: https://csrc.nist.gov/publications/detail/sp/800-137/final

Topics

#file integrity#hashing#change detection#host security

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice