A security administrator is concerned about unauthorized changes to system files in a server environment and wants to monitor files for any changes. The administrator plans to use a method that compares file hashes with known legitimate values. Which solution should the administrator implement?

The appropriate solution for monitoring unauthorized changes to system files by comparing file hashes with known legitimate values is File Integrity Monitoring (FIM). FIM specifically focuses on tracking alterations to files and directories, ensuring they remain unchanged unless authorized.

FIM works by creating a cryptographic hash of files at a given point in time. Once these hashes are established, any future access can be monitored against these baseline values. If a file's hash changes, it indicates that the file has been modified. This makes FIM an essential tool for detecting and alerting administrators to potential unauthorized changes, ensuring the integrity of critical system files.

In contrast, other options like Data Loss Prevention (DLP) focuses primarily on preventing data exfiltration, while Intrusion Detection Systems (IDS) are used to identify and alert on potential security breaches or malicious activity rather than monitoring file integrity specifically. Security Information and Event Management (SIEM) provides a broader analysis of security events across the network but does not inherently offer the file-level change detection that FIM provides. This focus on file integrity makes FIM the most suitable choice for the scenario described.