During a routine investigation, a security team discovers that an employee is running a series of scanners against various hosts. Which method discovers these unauthorized probes most effectively?
Deploying a decoy server that appears to host valuable services
Observing external domain name records for unusual requests
Subscribing to a threat intelligence platform to track external hazards
Collecting and reviewing logs from external web servers for unusual connections
A decoy server that appears to be a critical resource attracts scans or exploitation attempts from an insider. This provides clear evidence of unauthorized probes targeted at that environment. Reviewing internal logs can be valuable but might not reveal an insider's advanced tactics if commands merge with legitimate traffic. Monitoring external domain records concentrates on outside activity. Subscribing to a threat intelligence feed is useful for external threats but does not specifically detect unusual internal host probing
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a decoy server and how does it work?
Open an interactive chat with Bash
Why might log analysis be less effective than decoy servers for this scenario?
Open an interactive chat with Bash
What types of cybersecurity threats are best detected using decoy servers?