Certified Incident Handler (ECIH) — Question 4
Karter, a security professional, deployed a honeypot on the organization's network for luring attackers who attempt to breach the network. For this purpose, he configured a type of honeypot that simulates a real OS as well as applications and services of a target network. Furthermore, the honeypot deployed by Karter only responds to preconfigured commands.
Identify the type of Honeypot deployed by Karter in the above scenario.
Answer options
- A. Low-interaction honeypot
- B. Pure honeypot
- C. Medium-interaction honeypot
- D. High-interaction honeypot
Correct answer: C
Explanation
The correct answer is C, Medium-interaction honeypot, because it simulates a real OS along with applications and services while responding only to predefined commands. Low-interaction honeypots do not provide a full OS simulation, while pure honeypots involve real production systems. High-interaction honeypots allow attackers to interact extensively with the system, which is not the case here.