Examice

Exam GCIH All QuestionsBrowse all questions from this exam

Question 70

If virtual machines are relatively easy for an attacker to detect, the next best thing might be to put so much honey in your honeypot, attackers won't be able to resist. Which actions would result in the most meaningful traffic on your honeypot?

Install the latest OS and patches, use interesting usernames and easy to guess passwords, don't set a limit on failed login attempts, and don't log anything

Set file and folder permissions so everyone has full access, allow full directory browsing on the web site, and don't remove the cgi-bin directory or any of its contents

Give the server a tempting name, create directories and files with appealing names, and create user accounts that resemble a production environment

Install only older versions of software, remove the ג€Block Allג€ setting on the firewall, and falsify the reported BIOS version information so it looks like a much earlier version

Correct Answer: C

Creating directories and files with appealing names, giving the server a tempting name, and creating user accounts that resemble a production environment will likely attract more meaningful traffic to the honeypot. These actions make the honeypot appear valuable and legitimate, enticing attackers to engage and attempt to exploit it while providing rich data on their tactics, techniques, and procedures.

Discussion

straleOption: C

C is correct. Purpose of honeypots/honeynets is to gather info about attackers TTPs (and catch them of course, but this question state "Which actions would result in the most meaningful traffic", which means that this honeypot is dedicated to gathering TTPs). Option C has the most hardened honeypot and the attacker would need give their best and reveal their TTPs in order to bypass system described in option C.