File Integrity Monitoring: What's Not Covered by This Feature?

File Integrity Monitoring Limitations

Question

Regarding File Integrity Monitoring, which option below is not covered by this feature?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: D.

Dashboard > Security Center > File Integrity Monitoring > File Integrity Monitoring >

Workspace Configuration

‘Change Tracking

+ Add @ Documentation

Windows Registry Windows Files Linux Files File Content Windows Services

Group
Recommended
Recommended
Recommended
Recommended
Recommended
Security
Security
Security
Security
Security

Security

Enabled

false

false

false

false

false

true

true

true

true

true

true

Registry Key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\inter..
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Wind..
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Wind..
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Wind..
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Curre...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\Curre...

HKEY_LOCAL, MACHINE\SOFTWARE\Microsoft\Windows NT\Curre.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentV...

Recursive

true

true

true

true

true

false

false

false

false

false

false

Reference:

File Integrity Monitoring (FIM) is a security feature that continuously monitors changes made to files, directories, and registry keys on a system. Its primary goal is to detect unauthorized or unexpected changes to critical system files, which may indicate a security breach or malware activity.

Based on the options provided, the answer to this question is D - BIOS modification is not covered by FIM. The reason for this is that FIM works at the operating system level, and BIOS is a firmware layer that sits underneath the OS. FIM does not have the capability to monitor changes made to the BIOS.

To provide more context on the other options:

  • A. File and registry key creation or removal: This is covered by FIM. FIM can track changes to the system's file system and registry and alert security teams when unauthorized or unexpected changes are made.
  • B. File modifications: This is covered by FIM. FIM can track changes to the contents of files, including their attributes, permissions, and checksums.
  • C. Registry modifications: This is covered by FIM. FIM can track changes to the Windows registry, which contains critical system and application settings. It can monitor changes made to registry keys, values, and permissions.

In summary, FIM is a crucial security feature that can help organizations detect and respond to security incidents by continuously monitoring changes made to critical system files and registry keys. However, it is important to note that FIM does not cover all types of system changes, such as modifications made to the BIOS.