PrepAway - Latest Free Exam Questions & Answers

Which of the following can Joe, a security administrator, implement on his network to capture attack details t

Which of the following can Joe, a security administrator, implement on his network to capture attack
details that are occurring while also protecting his production network?

PrepAway - Latest Free Exam Questions & Answers

A.
Security logs

B.
Protocol analyzer

C.
Audit logs

D.
Honeypot

Explanation:
A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the
attack to research current attack methodologies.
According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main purposes:
The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where
the system has weaknesses that need to be redesigned.
The hacker can be caught and stopped while trying to obtain root access to the system.
By studying the activities of hackers, designers can better create more secure systems that are potentially
invulnerable to future hackers.There are two main types of honeypots:
Production – A production honeypot is one used within an organization’s environment to help mitigate
risk.
Research – A research honeypot add value to research in computer security by providing a platform to
study the threat.
Incorrect Answers:
A: Security logs record security events such as logon and logoff events. Security logs can be used to
monitor failed logon events which could indicate an attack. However, logon attempts are just one form of
attack. A honeypot can be used to monitor all sorts of attack. Therefore, a honeypot is a better answer so
this answer is incorrect.
B: A Protocol Analyzer is a hardware device or more commonly a software program used to capture
network data communications sent between devices on a network. It would be difficult to monitor
attacks by analyzing network communications. Therefore, a honeypot is a better answer so this answer is
incorrect.
C: Audit logs record events such as file access (successful or unsuccessful) or Active Directory
modifications. Audit logs could be used monitor failed attempts to access files which could indicate an
attack. However, file access attempts are just one form of attack. A honeypot can be used to monitor all
sorts of attack. Therefore, a honeypot is a better answer so this answer is incorrect.

https://ethics.csc.ncsu.edu/abuse/hacking/honeypots/study.php


Leave a Reply