Exam 312-49v10 topic 1 question 24 discussion

The answer is C, this is infosec 101 here. Honeypots should *always* be placed in the DMZ.

In the DMZ, a honeypot can be monitored from a distance while attackers access it, minimizing the risk of the main network being breached. Honeypots may also be put outside the external firewall, facing the internet, to detect attempts to enter the internal network.

Placing a honeypot in the demilitarized zone (DMZ) of your network, which is a semi-isolated area between the internal network and the external internet, can help detect and study attacks originating from the internet. These honeypots are often referred to as "external honeypots." --> Use it on a system in an external DMZ in front of the firewall

How current is are the questions? I am writing CHFI next month

The C does not make sense from a targeted attack standpoint, because if you place the system outside the security perimeter you are gonna get bombarded with automated attacks, bots and all the nasty things in the wild. It makes more sense to place it at least behind the edge firewall protecting you from Martian IPs and common threats. So, if someone bypasses the first layer of security you have the trap setup up there. The most correct answer will be D, not because it makes sense, but because is the only one that holds truth

C makes sense here

C makes sense here

C is the answer

Can anyone shed light on what the heck this means? What replies? The advice a professional would give someone about placing a honeypot on the network is that, "it doesn't matter"... I guess advice is only as good as the price paid for it?