A user in the finance department reports they can no longer open a critical quarterly report file stored on a Windows file server. The user was able to access this file yesterday without any issues. The server administrator confirms the user is a member of the correct Active Directory security group, and the NTFS and share permissions are configured correctly. The administrator also verifies the user can open other files in the same network folder.
While reviewing the server's security event logs, the administrator discovers a high-priority alert from the previous night related to the specific file. The alert states that the file's hash value changed unexpectedly and was flagged by the server's file integrity monitoring (FIM) system.
What is the MOST likely cause of the user being unable to open the file?
A Data Loss Prevention (DLP) policy has quarantined the file due to a detected integrity violation.
The Workstation service on the user's local computer has stopped functioning.
The file has become corrupted due to a bad sector on the storage volume.
The user's domain account has been locked out due to multiple failed login attempts.
The correct answer is that a Data Loss Prevention (DLP) policy has quarantined the file. The key evidence is the security log alert from the File Integrity Monitoring (FIM) system. FIM systems track changes to critical files by monitoring their cryptographic hashes. An unexpected hash change on a sensitive file, like a financial report, would trigger an alert. In a secure environment, this FIM alert can trigger an automated response from a Data Loss Prevention (DLP) system. The DLP system's response is often to quarantine the file, which makes it inaccessible to users as a protective measure against data tampering or exfiltration. The other options are less likely given the specific evidence. A domain lockout or a stopped local service would cause more widespread access issues, not an issue with a single file. While file system corruption is possible, the security log explicitly points to a security-related action, which should be the primary line of investigation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a File Integrity Monitoring (FIM) system, and how does it work?
Open an interactive chat with Bash
How does a Data Loss Prevention (DLP) policy work in conjunction with a FIM system?
Open an interactive chat with Bash
Why would a file's hash value change unexpectedly, and what does this indicate?