CompTIA Security+ (SY0-501) — Question 722

A technician receives a device with the following anomalies:

Frequent pop-up ads -
Show response-time switching between active programs Unresponsive peripherals
The technician reviews the following log file entries:

File Name Source MD5 Target MD5 -

Status -
antivirus.exe F794F21CD33E4F57890DDEA5CF267ED2 F794F21CD33E4F57890DDEA5CF267ED2 Automatic iexplore.exe
7FAAF21CD33E4F57890DDEA5CF29CCEA AA87F21CD33E4F57890DDEAEE2197333 Automatic service.exe 77FF390CD33E4F57890DDEA5CF28881F
77FF390CD33E4F57890DDEA5CF28881F Manual USB.exe E289F21CD33E4F57890DDEA5CF28EDC0 E289F21CD33E4F57890DDEA5CF28EDC0 Stopped
Based on the above output, which of the following should be reviewed?

Answer options

• A. The web application firewall
• B. The file integrity check
• C. The data execution prevention
• D. The removable media control

Correct answer: B

Explanation

The correct answer is B, the file integrity check, because the log entries indicate that the MD5 hashes for some files do not match, suggesting potential tampering. The other options, while important for security, do not directly address the integrity of the files shown in the log.