nerdexam
EC-Council

312-50V11 · Question #331

Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?

The correct answer is B. Honeypot. A honeypot is a deliberately deceptive system that emulates network services to lure attackers and record their login attempts and actions for threat intelligence purposes.

Evading IDS, Firewalls, and Honeypots

Question

Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?

Options

  • AFirewall
  • BHoneypot
  • CCore server
  • DLayer 4 switch

How the community answered

(39 responses)
  • A
    3% (1)
  • B
    95% (37)
  • D
    3% (1)

Why each option

A honeypot is a deliberately deceptive system that emulates network services to lure attackers and record their login attempts and actions for threat intelligence purposes.

AFirewall

A firewall enforces access control rules by filtering network traffic but does not emulate services or record attacker login credentials and actions.

BHoneypotCorrect

A honeypot is a security decoy that mimics real services such as FTP, mail, and HTTP in order to attract and monitor unauthorized access attempts. It is specifically designed to log all interactions including credentials submitted, commands executed, and attacker behavior without exposing any real production data or systems. This makes it the definitive solution for emulating services and capturing attacker activity.

CCore server

A core server provides genuine production services to legitimate users and is not designed as a deceptive tool to capture unauthorized activity.

DLayer 4 switch

A Layer 4 switch makes forwarding decisions based on TCP/UDP port and IP information but has no capability to emulate application services or log attacker behavior.

Concept tested: Honeypot function as a deceptive service emulator

Source: https://www.sans.org/reading-room/whitepapers/intrusion/honeypots-catching-eavesdropper-1437

Topics

#honeypot#deception technology#emulated services#attacker luring

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice