CompTIA CySA+ (CS0-001) — Question 210

An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems without impacting the business operation. Which of the following should the analyst implement?

Answer options

• A. Honeypot
• B. Jump box
• C. Sandboxing
• D. Virtualization

Correct answer: A

Explanation

A honeypot is designed to attract and capture malicious activity, allowing analysts to study the payloads without affecting actual operations. A jump box is used for secure access to a network but does not capture malicious payloads. Sandboxing is for analyzing files in an isolated environment, which may not capture real-time attacks, and virtualization is a technology for running multiple OS environments but not specifically for capturing attacks.