nerdexam
CompTIA

SY0-301 · Question #98

Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane's company?

The correct answer is B. Honeynet. A honeynet is a network of deliberately vulnerable decoy systems deployed to attract, observe, and collect intelligence on attackers and malware. Jane's company is using Internet-facing hosts specifically to gather malware data, which is the definition of a honeynet.

Security operations

Question

Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane's company?

Options

  • AVulnerability scanner
  • BHoneynet
  • CProtocol analyzer
  • DPort scanner

How the community answered

(18 responses)
  • B
    94% (17)
  • D
    6% (1)

Why each option

A honeynet is a network of deliberately vulnerable decoy systems deployed to attract, observe, and collect intelligence on attackers and malware. Jane's company is using Internet-facing hosts specifically to gather malware data, which is the definition of a honeynet.

AVulnerability scanner

A vulnerability scanner actively probes systems to identify known weaknesses and does not passively collect malware samples from the Internet.

BHoneynetCorrect

A honeynet consists of multiple honeypot systems networked together, designed to appear as legitimate targets to lure attackers and malware for observation and intelligence gathering. By deploying hosts across the Internet specifically to collect data on new malware, Jane's company is operating a honeynet. This technique provides real-world threat intelligence that cannot be captured by passive scanning tools.

CProtocol analyzer

A protocol analyzer (packet sniffer) captures and inspects network traffic on a local segment and does not involve deploying dedicated lure hosts across the Internet.

DPort scanner

A port scanner identifies open ports and services on target hosts and is an active reconnaissance tool, not a data collection mechanism for malware intelligence.

Concept tested: Honeynet for malware intelligence gathering

Source: https://csrc.nist.gov/glossary/term/honeynet

Topics

#honeynet#honeypot#malware analysis#threat intelligence

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice