File Integrity Monitoring: What's Not Covered by This Feature?

File Integrity Monitoring Limitations

Prev Question Next Question

Question

Regarding File Integrity Monitoring, which option below is not covered by this feature?

Answers

A. File and registry key creation or removal

B. File modifications

C. Registry modifications

D. BIOS modification.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: D.

$Dashboard > Security Center > File Integrity Monitoring > File Integrity Monitoring > Workspace Configuration ‘Change Tracking + Add @ Documentation Windows Registry Windows Files Linux Files File Content Windows Services Group Recommended Recommended Recommended Recommended Recommended Security Security Security Security Security Security Enabled false false false false false true true true true true true Registry Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\inter.. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Wind.. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Wind.. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Wind.. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID... HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID... HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Curre... HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\Curre... HKEY_LOCAL, MACHINE\SOFTWARE\Microsoft\Windows NT\Curre. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentV... Recursive true true true true true false false false false false false$

Reference:

File Integrity Monitoring (FIM) is a security feature that continuously monitors changes made to files, directories, and registry keys on a system. Its primary goal is to detect unauthorized or unexpected changes to critical system files, which may indicate a security breach or malware activity.

Based on the options provided, the answer to this question is D - BIOS modification is not covered by FIM. The reason for this is that FIM works at the operating system level, and BIOS is a firmware layer that sits underneath the OS. FIM does not have the capability to monitor changes made to the BIOS.

To provide more context on the other options:

A. File and registry key creation or removal: This is covered by FIM. FIM can track changes to the system's file system and registry and alert security teams when unauthorized or unexpected changes are made.
B. File modifications: This is covered by FIM. FIM can track changes to the contents of files, including their attributes, permissions, and checksums.
C. Registry modifications: This is covered by FIM. FIM can track changes to the Windows registry, which contains critical system and application settings. It can monitor changes made to registry keys, values, and permissions.

In summary, FIM is a crucial security feature that can help organizations detect and respond to security incidents by continuously monitoring changes made to critical system files and registry keys. However, it is important to note that FIM does not cover all types of system changes, such as modifications made to the BIOS.

Prev Question Next Question