Deception and Disruption

Question 1

What is the primary purpose of a honeypot?

Answer 1

To attract and trap attackers, often machines, in a virtual environment.

Question 2

How does a honeypot contribute to recon?

Answer 2

It allows observation and analysis of the attacker’s behavior and methods.

Question 3

What types of resources can a honeynet include?

Answer 3

Servers, workstations, routers, switches, and firewalls.

Question 4

What is a honeynet?

Answer 4

A network of multiple honeypots that create a larger deception environment.

Question 5

Why are honeynets beneficial?

Answer 5

They provide more sources of information and can create complex traps for attackers.

Question 6

What is the purpose of a honeyfile?

Answer 6

To attract attackers with fake files containing enticing information.

Question 7

How does a honeyfile work?

Answer 7

It acts as bait; alerts are sent when the file is accessed by an attacker.

Question 8

What is an example of a honeyfile?

Answer 8

A file named “passwords.txt” that is likely to attract attention.

Question 9

What are honeytokens used for?

Answer 9

To track malicious actors through traceable data added to the honeynet.

Question 10

How do API credentials function as honeytokens?

Answer 10

They send notifications when used but do not grant actual access.

Question 11

What is a practical example of a honeytoken?

Answer 11

A fake email address added to a contact list for monitoring purposes.

Question 12

How can honeytokens help in cybersecurity?

Answer 12

They provide insight into where data breaches originate if the tokens are stolen.

Question 13

What types of honeytokens can be used?

Answer 13

Database records, browser cookies, web page pixels, and more.