A security engineer writes a script that computes SHA-256 hashes of critical server configuration files every night and sends an alert if any hash value has changed since the previous night. Which security goal is this control primarily designed to protect?
Trap 1: Confidentiality
Confidentiality is concerned with preventing unauthorized disclosure of information. Hashing does not protect data from being read; it only verifies that the data has not been modified. Therefore, this option is incorrect.
Trap 2: Availability
Availability ensures that systems and data are accessible when needed. Hashing does not affect system uptime or accessibility, so it does not directly protect availability. This option is incorrect.
Trap 3: Authentication
Authentication verifies the identity of a user or system. Hashing configuration files does not confirm the identity of the entity making changes; it only indicates that a change occurred. Thus, this option is incorrect.
- A
Confidentiality
Why wrong: Confidentiality is concerned with preventing unauthorized disclosure of information. Hashing does not protect data from being read; it only verifies that the data has not been modified. Therefore, this option is incorrect.
- B
Integrity
Integrity ensures that data has not been tampered with or altered by unauthorized parties. Comparing hashes allows the engineer to detect any unauthorized changes to the configuration files, directly supporting the integrity goal. This is the correct answer.
- C
Availability
Why wrong: Availability ensures that systems and data are accessible when needed. Hashing does not affect system uptime or accessibility, so it does not directly protect availability. This option is incorrect.
- D
Authentication
Why wrong: Authentication verifies the identity of a user or system. Hashing configuration files does not confirm the identity of the entity making changes; it only indicates that a change occurred. Thus, this option is incorrect.