CompTIA CASP+ (CAS-004) — Question 141

A review of the past year's attack patterns shows that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information.
Which of the following would be BEST for the company to implement?

Answer options

• A. A WAF
• B. An IDS
• C. A SIEM
• D. A honeypot

Correct answer: D

Explanation

Implementing a honeypot is the best option as it can attract attackers, allowing the organization to gather intelligence on their tactics without risking actual systems. A WAF, IDS, and SIEM do not provide the same level of engagement with attackers and may not yield as much insight into attack methods.