During a proactive threat-hunting engagement, a security analyst wants to capture attacker tactics by deploying a resource that deliberately lures adversaries into a controlled, segmented network while protecting production assets. Which of the following defensive measures BEST meets this requirement?
A honeypot is a decoy system or service intentionally exposed to attackers so defenders can observe exploits, commands, and post-compromise activity. It produces high-fidelity telemetry that feeds threat hunting and threat-intelligence analysis. A web application firewall, an NTP server, or a DLP policy may improve security in other ways, but none of them are designed to entice and study adversaries in a segregated environment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a honeypot used for in cybersecurity?
Open an interactive chat with Bash
How does a honeypot differ from a web application firewall (WAF)?