SY0-701 Question #201: Real Exam Question with Answer & Explanation

Question

A bank set up a new server that contains customers' PII. Which of the following should the bank use to make sure the sensitive data is not modified?

Options

• AFull disk encryption
• BNetwork access control
• CFile integrity monitoring
• DUser behavior analytics

Explanation

File Integrity Monitoring (FIM) is correct because it continuously tracks and alerts on any unauthorized changes to files and data - exactly what's needed to detect if sensitive PII has been modified. FIM creates cryptographic hashes of files at a baseline and triggers alerts whenever those hashes change, directly addressing the "not modified" requirement.

Why the distractors are wrong:

• A. Full disk encryption protects data at rest from being read if physical media is stolen - it does nothing to prevent or detect modifications by someone with legitimate access.
• B. Network access control governs who can connect to the server over the network, not whether data on the server is altered once they're in.
• D. User behavior analytics detects anomalous user activity patterns (like logging in at odd hours), but doesn't directly monitor or verify file integrity.

Memory tip: Think of FIM as a "tamper seal" on your files - like a security sticker on a package that shows if anyone opened it. Whenever the question asks about detecting or preventing modification of specific data/files, FIM is the answer. Encryption = confidentiality, FIM = integrity (hint: the I in CIA triad).

No community discussion yet for this question.