File integrity monitoring (FIM) refers to an IT security process and technology that tests and checks operating system (OS), database, and application software files to determine whether or not they have been tampered with or corrupted. FIM, which is a type of change auditing, verifies and validates these files by comparing the latest versions of them to a known, trusted “baseline.” If FIM detects that files have been altered, updated, or compromised, FIM can generate alerts to ensure further investigation, and if necessary, remediation, takes place.

The part that is standing out to me is "particularly unauthorized changes." FIM would tell us if there was a change but a SIEM could contain information about WHO is implementing the changes to the content we are analyzing. Just being sure of a change is not enough to determine if the change was authorized of not. I would lean toward SIEM just because of the ending of the question.

A is correct. Answer A best resembles what a checksum would do, which is what the question is asking for. A

A as per my knowledge

A is correct answer

Content is a giveaway

Let's say we have a black box solution, such as a firewall, IDS, or IPS. These black boxes can't install a FIM agent or any endpoint solution because they are black boxes. So, the only way to detect unauthorized changes is to integrate these black boxes with a SIEM and monitor the alerts and events related to unauthorized change event IDs.

Common guys, why would you even consider answer B when you have A? The correct answer is A. File Integrity Checker. A SIEM is known for logging and aggregating events not for checking unauthorised changes or modifications on files. Stop overthinking these questions. It's not rocket science people.

An information security professional would typically use: A. File Integrity Checker File Integrity Checkers are tools used to monitor and validate the integrity of files and systems by regularly scanning and comparing the current state of files against a known baseline or reference. They detect unauthorized changes, modifications, or alterations to files by comparing attributes such as file size, timestamps, permissions, and checksums. When unauthorized changes occur, the file integrity checker can generate alerts or notifications to indicate potential security breaches or anomalies. While the other options (SIEM system, Audit Logs, and IDS) are also valuable security tools, they might not specifically focus on recognizing unauthorized changes to content in the same direct and detailed manner as a File Integrity Checker does.

File Integrity monitoring

The answer is A and not B Security information and event management (SIEM) system: SIEM systems are comprehensive tools used for collecting, analyzing, and correlating data from various sources to identify security events and incidents. While SIEM systems can be configured to detect changes in logs and events, their primary focus is on broader security monitoring and event management rather than specifically monitoring changes to content.

A: An information security professional would use a File Integrity Monitoring (FIM) system to recognize changes to content, particularly unauthorized changes. File Integrity Monitoring is a security technique that involves monitoring and detecting changes to files, directories, and file systems. It helps ensure the integrity of critical system files and sensitive data by identifying any unauthorized or unexpected modifications, deletions, or additions. FIM systems use baseline comparisons or cryptographic hashing techniques to determine if files have been tampered with.

You need an audit log to determine what, who and when changes happened.

Most likely the siem alone won't be able to see this if there no fim first

Leaning towards A. An internet search of "SIEM to detect unauthorized changes to a file" even brings back a bunch of results for FIM, and the results go into integrating FIM with SIEM. So, FIM seems to be the component that would actually be checking for unauthorized changes (it can just be integrated into a SIEM). https://www.solarwinds.com/assets/solarwinds/swresources/whitepaper/sem-whitepaper-benefits-of-integrating-file-integrity-monitoring-with-siem.pdf

ANSWER: A You can configure File Integrity Monitoring (FIM) on a SIEM. Therefore, the others are cancelled out.

In this day SIEM maybe a best choose. SIEM systems can provide a comprehensive view of security events