Exam SY0-601 topic 1 question 127 discussion

The hardware manufacturer will post the hash of the file publicly, and anyone who receives a copy of that file will be able to run a checksum on the file themselves, and compare them to the official manufacturer-provided checksum. Hashing is almost always the correct answer in these type of questions. You'll see a lot of Github repositories using hashed checksums as well for verification, and I recently just installed Java onto my new computer. Java provided me with a hashed checksum for the setup executable.

Directly from the CompTIA Sec + Study Guide: "• The most common way to validate that a forensic copy matched an original copy is to create a hash of the copy and to create a hash of the original drive, and then compare them. If the hashes match, the forensic copy is identical to the original."

A. Check the hash of the installation file.

The most common way to validate that a forensic copy matched an original copy is to create a hash of the copy and to create a hash of the original drive, and then compare them. If the hashes match, the forensic copy is identical to the original.

When you download a file from a reputable source, the provider often publishes the hash value (such as MD5, SHA-256, etc.) of the original file on their website. After downloading the file, you can calculate the hash of the downloaded file and compare it to the published hash. If the hashes match, it means the file was not modified in transit and is likely the same as the original file provided by the hardware manufacturer. If the hashes do not match, it suggests that the file might have been altered during transmission or is a different version from the one provided by the manufacturer.

Hashing is a cryptographic method used to generate a unique fixed-size string of characters (hash value) from the content of a file. By calculating the hash value of the original installation file and comparing it to the hash value of the received file, the security analyst can determine whether the file has been modified in transit or remains unchanged. If the hash values match, it is highly likely that the file was not tampered with during transmission. If the hash values differ, it indicates that the file has been altered, and it should not be trusted. Option B (Match the file names) and Option C (Verify the URL download location) are not sufficient for ensuring the integrity of the file, as an attacker can use the same file name or spoof the download location to trick users into installing malicious content. Option D (Verify the code signing certificate) is relevant for verifying the authenticity and integrity of software files but might not be applicable in this case if the file is not digitally signed by the manufacturer. In such situations, checking the file's hash would be a more general and reliable method to assess the file's integrity.

Code signing certificates are for software code. Nowhere does the question state that this is for code. It says "file".

Check the Hash(es) Is a collision possible, yes, likely, no - especially considering reviewing more than one hash.

D. Verify the code signing certificate. Verifying the code signing certificate ensures that the file was not modified during transit, as the certificate provides assurance that the file originated from a trusted source and has not been tampered with since it was signed.

A. Check the hash of the file to verifiy the integrity of the file to see if it was modified.

Hashing

The security analyst can safely assess the file by checking the hash of the installation file. A hash is a unique value that is generated based on the contents of a file. When a file is sent from one party to another, the sender can compute the hash of the file and provide it to the recipient. The recipient can then compute the hash of the received file and compare it to the original hash. If the hashes match, it indicates that the file has not been modified and is identical to the original file. This can provide assurance that the file has not been tampered with or corrupted in transit. Options B, C, and D are not reliable methods for determining whether a file has been modified in transit. Matching file names does not guarantee the integrity of the file, verifying the URL download location does not provide information about the file itself, and verifying the code signing certificate does not guarantee that the file has not been modified.

A. Always when it's about checking if app wasnt't modified by 3rd party - you compare hashes :p

keywords: "determine whether a file was modified", and you need a hash comparison for this. Code signing is more for nonrepudiation, I thought.

A Hashed is the right one

D. There are possibility of hash collision, and we can't verify if file is from manufacturer. Code sign certificate, verify file is not tampered together with Signer's identity. I would think code sign certificate will hold more weight over file hash.

File is Hashed Code is Signed to ensure it has not be altered