During a proactive threat-hunting engagement, a security analyst wants to capture attacker tactics by deploying a resource that deliberately lures adversaries into a controlled, segmented network while protecting production assets. Which of the following defensive measures BEST meets this requirement?
A honeypot is a decoy system or service intentionally exposed to attackers so defenders can observe exploits, commands, and post-compromise activity. It produces high-fidelity telemetry that feeds threat hunting and threat-intelligence analysis. A web application firewall, an NTP server, or a DLP policy may improve security in other ways, but none of them are designed to entice and study adversaries in a segregated environment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a honeypot and how does it work?
Open an interactive chat with Bash
What does 'threat hunting' involve?
Open an interactive chat with Bash
What are attack vectors and why are they important?