A network security team wants to study the tactics, techniques, and procedures (TTPs) of attackers targeting their organization. They need to create a controlled environment that mimics their production network to attract and analyze malicious activity without risking real assets. Which of the following should they implement to achieve this goal?
The correct answer is a honeynet. A honeynet is a decoy network of systems and services designed to attract and trap attackers, allowing security professionals to study their behavior and gather intelligence in a safe, controlled environment. An intrusion prevention system (IPS) is designed to actively block malicious traffic, not to study it. A screened subnet (or DMZ) is a perimeter network that isolates and exposes an organization's external-facing services to an untrusted network; it is an architectural concept, not a deception tool for analysis. A virtual private network (VPN) is used to create a secure, encrypted connection over a less secure network.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the primary purpose of a honeynet?
Open an interactive chat with Bash
How is a honeynet different from an Intrusion Prevention System (IPS)?
Open an interactive chat with Bash
What is the difference between a honeynet and a screened subnet (DMZ)?