nerdexam
Exams312-50V10Questions#331
EC-Council

312-50V10 · Question #331

312-50V10 Question #331: Real Exam Question with Answer & Explanation

The correct answer is B: Honeypot. A honeypot emulates real services like mail and FTP to lure attackers and log their activity, making it the ideal tool for this purpose.

Evading IDS, Firewalls, and Honeypots

Question

Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?

Options

  • AFirewall
  • BHoneypot
  • CCore server
  • DLayer 4 switch

Explanation

A honeypot emulates real services like mail and FTP to lure attackers and log their activity, making it the ideal tool for this purpose.

Common mistakes.

  • A. A firewall filters and controls network traffic based on rules but does not emulate services or capture attacker behavior.
  • C. A core server is a legitimate production server providing real services, not a deception tool designed to trap or monitor attackers.
  • D. A Layer 4 switch forwards traffic based on TCP/UDP port information and has no capability to emulate application services or log attacker actions.

Concept tested. Honeypot deception and attacker activity capture

Reference. https://csrc.nist.gov/glossary/term/honeypot

Topics

#honeypot#deception technology#service emulation#intrusion detection

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V10 Practice