A company wants to detect unauthorized changes to production server configurations before users notice an outage. Which two controls best fit this goal? Select two.

Full-disk encryption on the server volumes

This protects stored data if the server is stolen, but it does not detect change activity.

Multifactor authentication for remote administrators

This reduces the chance of unauthorized access, but it does not directly detect configuration tampering.

Network segmentation between user VLANs and server VLANs

This limits lateral movement, but it is not a control for detecting file or configuration changes.

What does this SY0-701 question test?

Authentication checks who the user is.

What is the correct answer to this question?

The correct answer is: File integrity monitoring on critical system files — File integrity monitoring is a classic detective control because it compares current files or settings against a trusted baseline and alerts when something changes unexpectedly. Centralized SIEM alerting on configuration events is also detective because it collects logs from servers and raises alarms when privileged actions or abnormal patterns appear. Together, these controls help the team find unauthorized modifications quickly, which is important when the requirement is to detect changes before users experience a failure. Why others are wrong: Full-disk encryption protects confidentiality if storage is lost, but it does not alert on live configuration changes. Multifactor authentication is preventive because it makes account compromise harder, yet it still will not reveal a tampered setting. Network segmentation can reduce blast radius and lateral movement, but it does not monitor file integrity or configuration events directly.

What should I do if I get this SY0-701 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.