312-50V11 · Question #609
Which of the following techniques will identify if computer files have been changed?
The correct answer is C. Integrity checking hashes. Cryptographic hash functions generate a unique fingerprint of a file's contents that can be compared against a baseline to detect any unauthorized modifications.
Question
Which of the following techniques will identify if computer files have been changed?
Options
- ANetwork sniffing
- BPermission sets
- CIntegrity checking hashes
- DFirewall alerts
How the community answered
(49 responses)- A4% (2)
- B2% (1)
- C94% (46)
Why each option
Cryptographic hash functions generate a unique fingerprint of a file's contents that can be compared against a baseline to detect any unauthorized modifications.
Network sniffing captures and analyzes packets traversing a network interface and has no mechanism to inspect or compare the contents of files stored on disk.
Permission sets define read, write, and execute access controls but do not record or compare file content to detect changes made by users who already have access.
Integrity checking uses cryptographic hash algorithms such as MD5, SHA-1, or SHA-256 to produce a fixed-length digest of a file's contents at a known-good state. If any byte in the file is subsequently altered - whether by malware, unauthorized editing, or corruption - the recomputed hash will differ from the stored baseline hash. Tools such as Tripwire and built-in OS utilities implement this approach as file integrity monitoring (FIM).
Firewall alerts are triggered by network traffic rule violations and operate at the network boundary, not at the file system level.
Concept tested: File integrity monitoring using cryptographic hash functions
Source: https://csrc.nist.gov/publications/detail/sp/800-137/final
Topics
Community Discussion
No community discussion yet for this question.