CompTIA Security Plus Mock Test Q648

Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could:

A. Set up a honeypot and place false project documentation on an unsecure share.
B. Block access to the project documentation using a firewall.
C. Increase antivirus coverage of the project servers.
D. Apply security updates and harden the OS on all project servers.

Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies.
According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main purposes:
The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned.
The hacker can be caught and stopped while trying to obtain root access to the system.
By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers.
There are two main types of honeypots:
Production – A production honeypot is one used within an organization’s environment to help mitigate risk.
Research – A research honeypot add value to research in computer security by providing a platform to study the threat.

Incorrect Answers:
A: Reviewing the design of a system would not help to determine current attack methodologies. You would use a honeypot to determine current attack methodologies. You might then have a design review to counteract the threats.
C: A vulnerability scanner scans a system or network for known vulnerabilities. It is not used to determine new attack methodologies.
D: Reviewing the code of an application would not help to determine current attack methodologies. You would use a honeypot to determine current attack methodologies. You might then have a code review to counteract the threats.

References:
https://ethics.csc.ncsu.edu/abuse/hacking/honeypots/study.php