A system administrator has deployed a new tool to monitor system files for unauthorized changes on a set of critical servers. After configuring the tool, the administrator needs to determine the optimal strategy for maintaining system integrity. Which of the following approaches would be most effective in meeting this goal?
Set up alerts to notify the administrator of any changes in the size of the monitored files only.
Configure the monitoring tool to rely on user reports of unauthorized file changes.
Implement automatic comparisons of file states against a trusted baseline at regular intervals.
Set up the tool to allow only manual integrity checks during scheduled maintenance windows.
Implementing regular and automatic comparisons of the current state of files against a trusted baseline is essential. It ensures any modifications are detected promptly, thereby providing timely alerts about potential unauthorized changes or malicious activity. Allowing manual integrity checks only during scheduled maintenance introduces unnecessary risk as unauthorized changes could remain undetected between maintenance windows. Relying on user reports is inefficient and insecure, as users may not notice subtle changes or may not report them in a timely manner. Setting up alerts for file size changes only does not provide comprehensive monitoring as many types of malicious modifications do not alter file size.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a trusted baseline in the context of system integrity?
Open an interactive chat with Bash
Why are manual integrity checks less effective than automated comparisons?
Open an interactive chat with Bash
What types of changes might not affect file size but are still critical to monitor?