CompTIA Security+ (SY0-501) — Question 280

Every morning, a systems administrator monitors failed login attempts on the company's log management server. The administrator notices the DBAdmin account has five failed username and/or password alerts during a ten-minute window. The systems administrator determines the user account is a dummy account used to attract attackers.
Which of the following techniques should the systems administrator implement?

Answer options

• A. Role-based access control
• B. Honeypot
• C. Rule-based access control
• D. Password cracker

Correct answer: B

Explanation

The correct answer is B, Honeypot, as it is specifically designed to attract and deceive potential attackers, allowing administrators to monitor malicious activity. The other options do not serve the purpose of luring attackers; Role-based access control (A) and Rule-based access control (C) are security measures that manage user permissions, while a Password cracker (D) is a tool for breaking passwords, not for detecting intrusions.