212-82 Question #142: Real Exam Question with Answer & Explanation

Question

DigitalVault Corp., a premier financial institution, has recently seen a significant rise in advanced persistent threats (APTs)targetlng Its mainframe systems. Considering the sensitivity of the data stored, It wants to employ a strategy that deceives attackers into revealing their techniques. As part of its defense strategy, the cybersecurity team is deliberating over-deploying a honeypot system. Given the bank's requirements, the team are evaluating different types of honeypots. DigitalVault's primary goal Is to gather extensive Information about the attackers' methods without putting its actual systems at risk. Which of the following honeypots would BEST serve DigitalVault's intent?

Options

• AHigh-interaction honeypots, offering a real system's replica for attackers, and observing their every
• BLow-interaction honeypots, designed to log basic information such as IP addresses and attack
• CReserch honeypots, aimed at understanding threats to a specific industry and sharing insights with
• DProduction honeypots, which are part of the organization's active network and collect information

Explanation

Explanation

High-interaction honeypots (Option A) are the best choice because they provide a fully functional replica of a real system, allowing attackers to engage deeply while the security team silently monitors and records their complete attack methodology, tools, and techniques - maximizing intelligence gathering without exposing actual production assets.

Option B is incorrect because low-interaction honeypots only simulate limited services and capture surface-level data (like IP addresses), making them insufficient for understanding the sophisticated, multi-stage techniques used by APTs.

Option C is incorrect because research honeypots, while valuable for industry-wide threat intelligence sharing, are not specifically designed for an individual organization's operational defense and deep attacker profiling needs.

Option D is incorrect because production honeypots are embedded within the live network to detect threats quickly, but they prioritize alerting over extensive intelligence gathering, and being near active systems introduces unnecessary risk - the opposite of DigitalVault's goal.

💡 Memory Tip:

Think "High interaction = High intelligence." When you need to know everything about an attacker's methods (like studying an APT), you need a high-interaction honeypot - the deeper the engagement, the richer the data. If the question emphasizes depth of insight over simplicity, always lean toward high-interaction.

No community discussion yet for this question.