nerdexam
ExamsCAS-003Questions#947
CompTIA

CAS-003 · Question #947

CAS-003 Question #947: Real Exam Question with Answer & Explanation

The correct answer is B: File integrity monitoring. File Integrity Monitoring (FIM) continuously watches for unauthorized or unexpected changes to files, configurations, and system binaries. When activity logs show suspicious modifications (e.g., altered system files, changed configurations, or tampered logs), FIM is purpose-built

Question

An analyst discovers the following while reviewing some recent activity logs: Which of the following tools would MOST likely identify a future incident in a timely manner?

Exhibit

CAS-003 question #947 exhibit

Options

  • ADDoS protection
  • BFile integrity monitoring
  • CSCAP scanner
  • DProtocol analyzer

Explanation

File Integrity Monitoring (FIM) continuously watches for unauthorized or unexpected changes to files, configurations, and system binaries. When activity logs show suspicious modifications (e.g., altered system files, changed configurations, or tampered logs), FIM is purpose-built to detect exactly those changes in near real-time and generate alerts. DDoS protection (A) addresses availability attacks, not file-level tampering. A SCAP scanner (C) performs periodic compliance checks, not real-time detection. A protocol analyzer (D) captures network traffic but would not efficiently detect file-level changes indicated in the logs.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice