CompTIA CySA+ (CS0-002) — Question 246

A company's Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user's activity session. Which of the following is the best technique to address the CISO's concerns?

Answer options

• A. Configure DLP to reject all changes to the files without pre-authorization. Monitor the files for unauthorized changes.
• B. Regularly use SHA-256 to hash the directory containing the sensitive information. Monitor the files for unauthorized changes.
• C. Place a legal hold on the files. Require authorized users to abide by a strict time context access policy. Monitor the files for unauthorized changes.
• D. Use Wireshark to scan all traffic to and from the directory. Monitor the files for unauthorized changes.

Correct answer: A

Explanation

Option A is the best choice because it ensures that any changes to the files can only occur with prior authorization, thus directly addressing the CISO's need for accountability. The other options, while they may help in monitoring or securing files, do not enforce pre-authorization for changes, which is crucial for maintaining integrity in this context.