Certified Information Systems Auditor (CISA) — Question 871

An organization's security team created a simulated production environment with multiple vulnerable applications. What would be the PRIMARY purpose of creating such an environment?

Answer options

• A. To collect digital evidence of cyberattacks
• B. To provide training to security managers
• C. To attract attackers in order to study their behavior
• D. To test the intrusion detection system (IDS)

Correct answer: C

Explanation

The primary goal of creating a simulated environment with vulnerable applications is to attract attackers and study their behavior, which can help improve defenses. While collecting evidence, training, and testing systems are important, they are secondary objectives compared to understanding attacker tactics in a controlled setting.