GIAC Certified Incident Handler (GCIH) — Question 161

If virtual machines are relatively easy for an attacker to detect, the next best thing might be to put so much honey in your honeypot, attackers won't be able to resist. Which actions would result in the most meaningful traffic on your honeypot?

Answer options

• A. Install the latest OS and patches, use interesting usernames and easy to guess passwords, don't set a limit on failed login attempts, and don't log anything
• B. Set file and folder permissions so everyone has full access, allow full directory browsing on the web site, and don't remove the cgi-bin directory or any of its contents
• C. Give the server a tempting name, create directories and files with appealing names, and create user accounts that resemble a production environment
• D. Install only older versions of software, remove the ג€Block Allג€ setting on the firewall, and falsify the reported BIOS version information so it looks like a much earlier version

Correct answer: D

Explanation

Option D is the correct answer because using outdated software and misrepresenting system information can attract attackers looking for vulnerabilities. The other options either focus on security measures or do not create an appealing environment for attackers, as they either limit access or maintain a secure configuration, which would deter rather than invite malicious activity.