2.1 Honeypots and Honeynets Flashcards

1
Q

How can a DNS sinkhole be used to detect infected computers on your network?

A

If certain devices on the network have been communicating with a C2 (command and control) server, a DNS sinkhole can be used to redirect all the infected devices to a safe sinkhole, thereby identifying which computers have been infected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What kind of attractive files will you find in a honeynet and what do they do?

A

Honeyfiles; they are bait that send an alert if the file has been accessed by an attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Can an attacker use a DNS sinkhole in a DOS attack?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What device can detect hosts attempting to accessing a malicious site and redirect them to a safe DNS sinkhole?

A

NGFW or IPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly