Which system effectively detects modifications in managed file images, such as application executables?

The option related to detecting modifications in managed file images, such as application executables, is indeed Host-based Intrusion Detection System (HIDS). HIDS operates by monitoring and analyzing the activity on individual hosts or devices, focusing on the integrity of system files and application executables. It can detect changes to critical files by comparing the current state of files to a known baseline or set of hashes.

When a file is altered, HIDS can trigger alerts based on its detection of those changes, enabling organizations to investigate potential unauthorized modifications or threats. This capability is crucial for maintaining the security of systems, particularly when dealing with application executables which, if compromised, can lead to severe security breaches.

Other options, while important in the cybersecurity landscape, serve different functions. For example, UEBA focuses on identifying unusual behavior patterns of users and entities rather than monitoring file integrity. UEFI is a firmware interface that initializes hardware at startup but does not inherently provide file monitoring capabilities. EDR specializes in detecting and responding to threats on endpoints, often integrating with HIDS, but the core functionality of detecting file modifications aligns more directly with HIDS. Thus, HIDS is the most appropriate choice for this specific function of detecting modifications in managed file images.