The network of an organization has been the victim of several intruders’ attacks. Which of the following
measures would allow for the early detection of such incidents?

A.
Antivirus software

B.
Hardening the servers

C.
Screening routers

D.
Honeypots

Explanation:
Honeypots can collect data on precursors of attacks. Since they serve no business function, honeypots are
hosts that have no authorized users other than the honeypot administrators. All activity directed at them is
considered suspicious. Attackers will scan and attack honeypots, giving administrators data on new trends and
attack tools, particularly malicious code. However, honeypots are a supplement to, not a replacement for,
properly securing networks, systems and applications. If honeypots are to be used by an organization, qualified
incident handlers and intrusion detection analysts should manage them. The other choices do not provide
indications of potential attacks.