CompTIA Security+ (SY0-501) — Question 506

A state-sponsored threat actor has launched several successful attacks against a corporate network. Although the target has a robust patch management program in place, the attacks continue in depth and scope, and the security department has no idea how the attacks are able to gain access. Given that patch management and vulnerability scanners are being used, which of the following would be used to analyze the attack methodology?

Answer options

• A. Rogue system detection
• B. Honeypots
• C. Next-generation firewall
• D. Penetration test

Correct answer: B

Explanation

Honeypots are effective tools for analyzing attack methodologies as they intentionally lure attackers into a controlled environment, allowing security teams to observe their tactics. The other options, while useful for different security purposes, do not provide the same level of insight into the attackers' methods as honeypots do.