Which of the following is a term used to describe a net…

Which of the following is a term used to describe a network of tools that are used to gather information about
attack methods that are used by malicious users? (Select the best answer.)

Which of the following is a term used to describe a network of tools that are used to gather information about
attack methods that are used by malicious users? (Select the best answer.)

A.
botnet

B.
honeynet

C.
honeypot

D.
sinkhole

E.
black hole

Explanation:
A honeynet is a network of honeypots. A honeypot is a tool used to gather information about the attack methods
used by malicious users. Honeypots, which can be composed of hardware or virtual assets, contain seemingly
valuable information designed to attract malicious activities. By attracting malicious users to honeypots,
administrators can analyze the methods and tools used in an attack and then use that information to protect
legitimate resources.
A botnet is a network of compromised computers, known as zombies, which can be used to send spam as well
as perform Distributed Denial of Service (DDoS) attacks and Denial of Service (DoS) attacks. In addition,
zombies can collect personally identifiable information (PII), such as account login information and bank
account information. Zombies are controlled remotely by malicious users without the knowledge of the
computer’s owner. A host can become a zombie by executing a virus or by using an operating system (OS) that
does not contain the latest updates.
A black hole is a trafficfiltering destination used to mitigate networkbased attacks originating from a known host
address or range of addresses. With blackhole traffic filtering, all traffic from an address or range of addresses
is considered malicious and is routed to a black hole, typically the null interface of a router. Packets routed to
the null interface are discarded without further processing by the router.
Similarly, a sinkhole is a trafficfiltering destination used to mitigate networkbased attacks. With sinkhole traffic
filtering, all traffic from an address or range of addresses is considered suspicious and is routed to a sinkhole,
which is a device that can capture the traffic and analyze it before determining whether the traffic should be
discarded.

SANS Institute InfoSec Reading Room: Honey Pots and Honey Nets Security through Deception (PDF)



Leave a Reply 0

Your email address will not be published. Required fields are marked *