Certified Chief Information Security Officer (CCISO) — Question 17

Simon had all his systems administrators implement hardware and software firewalls to ensure network security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker group was able to get into the network and modify files hosted on the company's website. After searching through the firewall and server logs, no one could find how the attackers were able to get in. He decides that the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts administrators when a critical file is altered. What tool could Simon and his administrators implement to accomplish this?

Answer options

• A. They need to use Nessus.
• B. They can implement Wireshark.
• C. Snort is the best tool for their situation.
• D. They could use Tripwire.

Correct answer: D

Explanation

Tripwire is specifically designed to monitor changes in files and alert administrators about modifications to critical files, making it the ideal choice for Simon's needs. Nessus is primarily a vulnerability scanner, Wireshark is a network protocol analyzer, and Snort is an intrusion detection system, none of which focus on file integrity monitoring.