312-50V11 · Question #331
Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?
The correct answer is B. Honeypot. A honeypot is a deliberately deceptive system that emulates network services to lure attackers and record their login attempts and actions for threat intelligence purposes.
Question
Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?
Options
- AFirewall
- BHoneypot
- CCore server
- DLayer 4 switch
How the community answered
(39 responses)- A3% (1)
- B95% (37)
- D3% (1)
Why each option
A honeypot is a deliberately deceptive system that emulates network services to lure attackers and record their login attempts and actions for threat intelligence purposes.
A firewall enforces access control rules by filtering network traffic but does not emulate services or record attacker login credentials and actions.
A honeypot is a security decoy that mimics real services such as FTP, mail, and HTTP in order to attract and monitor unauthorized access attempts. It is specifically designed to log all interactions including credentials submitted, commands executed, and attacker behavior without exposing any real production data or systems. This makes it the definitive solution for emulating services and capturing attacker activity.
A core server provides genuine production services to legitimate users and is not designed as a deceptive tool to capture unauthorized activity.
A Layer 4 switch makes forwarding decisions based on TCP/UDP port and IP information but has no capability to emulate application services or log attacker behavior.
Concept tested: Honeypot function as a deceptive service emulator
Source: https://www.sans.org/reading-room/whitepapers/intrusion/honeypots-catching-eavesdropper-1437
Topics
Community Discussion
No community discussion yet for this question.