312-50V9 Question #502: Real Exam Question with Answer & Explanation

The correct answer is C: Integrity checking hashes. Cryptographic hash-based integrity checking detects unauthorized or accidental modifications to files by comparing stored baseline hashes against current file hashes.

Question

Which of the following techniques will identify if computer files have been changed?

Options

ANetwork sniffing
BPermission sets
CIntegrity checking hashes
DFirewall alerts

Explanation

Cryptographic hash-based integrity checking detects unauthorized or accidental modifications to files by comparing stored baseline hashes against current file hashes.

Common mistakes.

A. Network sniffing captures packets in transit on a network and cannot detect changes to files stored on disk.
B. Permission sets define who can access files but do not record or detect whether file contents have been altered.
D. Firewall alerts notify on network traffic anomalies and cannot monitor or compare the contents of files on a host system.

Concept tested. File integrity monitoring using cryptographic hashes

Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice