The placement of a honeypot on the network depends on what your purpose for placing it is. If you want to see attacks coming from the internet into your DMZ, then put it there, but that will miss attackers coming in through a client inside the network (think BEC). In all practicality, they should be placed EVERYWHERE on your network. However, I completely disagree that "it doesn't matter." It certainly DOES MATTER where you place it.
If the honeypot is in front of firewall then logical thinking it's safe but too obvious. The threat actor is not a silly guy :-). So look like D is better answer.
I say D just for the fact of; if I were a threat actor and I see an externally facing resource, I'm going to assume its a honeypot and not interact with it. If it says its a DC or something and inside were files like "important" or "top-secret" its pretty easy to deduce that this isnt worth my time infiltrating most likely and any interaction I have on pulling files would be flagged and I would immediately be identified. My best bet would be to continue enumerating and seeking out POCs for lateral movement. D just makes more sense as you could deploy externally facing honeypots and internal honeypots to catch threats inside the wire
As long as the intention is to honeypot some critical servers, D is correct: You will deploy a honeypot in the same datacenter as you have your SQL database. Will deploy too on the same place you have your Apache2 running, and probably you will deploy a honeypot on the same net segment you have an DC running. Cause idea is, to emulate any system you want, really does not matter where to deploy: All is fake
It depends on how you plan to use a honeypot. If we want to discover attack types against our network (which why we use honeypot) then C is correct. If we want to use it as a deception system. Then D is correct. But generally all the responses are fake on the honeypot so I may go with D for this question.
This section is not available anymore. Please use the main Exam Page.312-49 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
AcroTiger
2 months, 3 weeks agoCeh2024
7 months, 2 weeks agoAriel235788
2 years, 3 months agoferari5
2 years, 7 months agoBodescu
2 years, 11 months agoech
2 years, 4 months agoJKCY
3 years, 2 months agohaymaths
4 years, 8 months agoPet
4 years, 10 months ago