CompTIA Network+ Exam Question: Vulnerable System for Unauthorized Access Detection and Logging

Honeypot

Prev Question Next Question

Question

Which of the following is a vulnerable system designed to detect and log unauthorized access?

A.

SIEM B.

Honeypot C.

DMZ D.

Proxy server.

B.

Explanations

Which of the following is a vulnerable system designed to detect and log unauthorized access?

A.

SIEM

B.

Honeypot

C.

DMZ

D.

Proxy server.

B.

The correct answer is B. Honeypot.

A honeypot is a security mechanism designed to detect, deflect, or counteract unauthorized use of information systems. It consists of a vulnerable system, network, or application that is deliberately left exposed to attackers, usually in a controlled environment.

The honeypot is designed to simulate a real production system, complete with the same vulnerabilities and services that an attacker might target. Any unauthorized access attempts or attacks made on the honeypot are logged and analyzed to better understand the tactics and techniques used by attackers, as well as to identify and mitigate security vulnerabilities in the production environment.

Honeypots can be used as a detection and response tool to identify and respond to attacks quickly, and as a research tool to gather intelligence on the latest attack trends and techniques. They are also used by organizations to evaluate the effectiveness of their security controls, train security personnel, and improve their overall security posture.

The other options listed are not designed to detect and log unauthorized access in the same way that a honeypot is.

A SIEM (Security Information and Event Management) system is used to centralize and analyze security-related data from multiple sources, including logs from network devices, servers, and applications. It is used to identify security incidents and respond to them in real-time.

A DMZ (Demilitarized Zone) is a network segment that is isolated from the internal network but accessible from the internet. It is used to host publicly accessible services, such as web servers, while protecting the internal network from direct access.

A proxy server is an intermediary server that sits between a client and a server, forwarding requests from the client to the server and returning responses from the server to the client. It is used to improve performance, enforce security policies, and provide anonymity for users.