Which type of file must be monitored by a change-detection mechanism?

The correct answer is that system configuration and parameter files must be monitored by a change-detection mechanism. This is crucial because these files contain critical settings and information related to the security posture and operational integrity of a system. Changes to these files can indicate potential security breaches or misconfigurations that could lead to vulnerabilities or system malfunctions. By implementing a change-detection mechanism, organizations can quickly identify unauthorized changes, corruption, or alterations that may affect the system's performance and security.

In comparison, monitoring application vendor manuals provides less immediate relevance to security outcomes since they typically do not change frequently and are not integral to the functioning of the system itself. Files that regularly change may be less critical to watch closely unless they pertain to security settings, as their frequent updates could lead to noise in monitoring efforts without significant implications for security. While security policy and procedure documents are important, they do not typically have the same direct impact on the operational integrity of systems as configuration and parameter files, making them less of a priority for change detection in the context of PCI compliance.