CompTIA Security Plus Mock Test Q651

What is a system that is intended or designed to be broken into by an attacker?

A. Honeypot
B. Honeybucket
C. Decoy
D. Spoofing system


Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies.
According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main purposes:
The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned.
The hacker can be caught and stopped while trying to obtain root access to the system.
By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers.
There are two main types of honeypots:
Production – A production honeypot is one used within an organization’s environment to help mitigate risk.
Research – A research honeypot add value to research in computer security by providing a platform to study the threat.

Incorrect Answers:
B: A honey bucket is not an IT term. It’s a term for a waterless toilet. A honeypot is a system designed to be attacked.
C: A honeypot could be described as a decoy. It is a system often imitating another system but designed to be attacked. However, a honeypot is the specific name for a system designed to be attacked.
D: Spoofing system is not the correct term for a system that is designed to be attacked. A honeypot could be described as a spoofing system in that a honeypot often imitates another system. However, a honeypot is the specific name for a system designed to be attacked.

References:
https://ethics.csc.ncsu.edu/abuse/hacking/honeypots/study.php