Joe, an administrator, installs a web server on the Internet that performs credit card transactions
for customer payments. Joe also sets up a second web server that looks like the first web server.
However, the second server contains fabricated files and folders made to look like payments were
processed on this server but really were not. Which of the following is the second server?

A.
DMZ

B.
Honeynet

C.
VLAN

D.
Honeypot

Explanation:
In this scenario, the second web server is a ‘fake’ webserver designed to attract attacks. We can
then monitor the second server to view the attacks and then ensure that the ‘real’ web server is
secure against such attacks. The second web server is a honeypot.
A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study
the attack to research current attack methodologies.
According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main
purposes:
The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning
where the system has weaknesses that need to be redesigned.
The hacker can be caught and stopped while trying to obtain root access to the system.
By studying the activities of hackers, designers can better create more secure systems that are
potentially invulnerable to future hackers.
There are two main types of honeypots:
Production – A production honeypot is one used within an organization’s environment to help
mitigate risk.
Research – A research honeypot add value to research in computer security by providing a

platform to study the threat.