nerdexam
CompTIA

SY0-301 · Question #315

Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identi

The correct answer is A. Set up a honeypot and place false project documentation on an unsecure share.. A honeypot is a decoy resource designed to attract and expose unauthorized or malicious users. By placing convincing but fake project documentation on an intentionally accessible (unsecured) share, the administrator creates a trap: any employee who accesses it is immediately flag

Security operations

Question

Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could:

Options

  • ASet up a honeypot and place false project documentation on an unsecure share.
  • BBlock access to the project documentation using a firewall.
  • CIncrease antivirus coverage of the project servers.
  • DApply security updates and harden the OS on all project servers.

How the community answered

(16 responses)
  • A
    75% (12)
  • B
    6% (1)
  • C
    13% (2)
  • D
    6% (1)

Explanation

A honeypot is a decoy resource designed to attract and expose unauthorized or malicious users. By placing convincing but fake project documentation on an intentionally accessible (unsecured) share, the administrator creates a trap: any employee who accesses it is immediately flagged as someone seeking data they should not have. Because legitimate users have no reason to access an unsecured decoy share, any access is a strong indicator of insider threat activity. Blocking access with a firewall, increasing antivirus coverage, or hardening the OS are all defensive measures that protect data but do nothing to identify which employees are already accessing it inappropriately.

Topics

#honeypot#insider threat#deception technology#unauthorized access detection

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice