It compares a snapshot of the file system, boot records, or memory with a known trusted baseline.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

It compares a snapshot of the file system, boot records, or memory with a known trusted baseline.

Explanation:
Integrity-based detection centers on ensuring system components haven’t changed from a trusted baseline. You start by capturing a snapshot of critical parts—files, boot records, and other key elements—using hashes and metadata, then store that baseline securely. Later, you re-scan and compare the current state to the baseline; any mismatch in a file, boot sector, or memory region signals tampering or unauthorized modifications. This approach is powerful because it detects changes even if the malware is new or lacks a known signature, by focusing on deviations from what the system was known to be. Other methods focus on different signals: heuristic and anomaly-based approaches look at suspicious behavior or deviations from normal usage patterns, while signature-based detection relies on matching known malware patterns. None of those inherently compare the system to a trusted, pre-established snapshot of its own state like integrity-based detection does.

Integrity-based detection centers on ensuring system components haven’t changed from a trusted baseline. You start by capturing a snapshot of critical parts—files, boot records, and other key elements—using hashes and metadata, then store that baseline securely. Later, you re-scan and compare the current state to the baseline; any mismatch in a file, boot sector, or memory region signals tampering or unauthorized modifications. This approach is powerful because it detects changes even if the malware is new or lacks a known signature, by focusing on deviations from what the system was known to be.

Other methods focus on different signals: heuristic and anomaly-based approaches look at suspicious behavior or deviations from normal usage patterns, while signature-based detection relies on matching known malware patterns. None of those inherently compare the system to a trusted, pre-established snapshot of its own state like integrity-based detection does.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy