Which security control continuously monitors a host to detect changes to critical system files?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

Which security control continuously monitors a host to detect changes to critical system files?

Explanation:
File integrity monitoring is the practice of continually watching critical files on a host for unauthorized changes by comparing them against a trusted baseline. It establishes a known good state (via hashes, checksums, or attributes like size and permissions) and flags any deviation, enabling rapid detection of tampering, malware, or misconfigurations. This continuous, file-focused oversight exactly matches the requirement to monitor a host for changes to critical system files, providing timely alerts for investigators to action. Other controls have broader or different focuses. Endpoint detection and response looks across processes, network activity, and behavior to identify threats, but isn’t specifically dedicated to monitoring changes to a predefined set of critical files. User and entity behavior analytics examines anomalies in user actions rather than file integrity. A host-based intrusion prevention system emphasizes real-time prevention and blocking of suspicious activity rather than continuous integrity checks of key system files.

File integrity monitoring is the practice of continually watching critical files on a host for unauthorized changes by comparing them against a trusted baseline. It establishes a known good state (via hashes, checksums, or attributes like size and permissions) and flags any deviation, enabling rapid detection of tampering, malware, or misconfigurations. This continuous, file-focused oversight exactly matches the requirement to monitor a host for changes to critical system files, providing timely alerts for investigators to action.

Other controls have broader or different focuses. Endpoint detection and response looks across processes, network activity, and behavior to identify threats, but isn’t specifically dedicated to monitoring changes to a predefined set of critical files. User and entity behavior analytics examines anomalies in user actions rather than file integrity. A host-based intrusion prevention system emphasizes real-time prevention and blocking of suspicious activity rather than continuous integrity checks of key system files.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy