Certified Information Systems Security Professional (CISSP) — Question 338

Which of the following is MOST appropriate to collect evidence of a zero-day attack?

Answer options

• A. Honeypot
• B. Antispam
• C. Antivirus
• D. Firewall

Correct answer: A

Explanation

A honeypot is specifically designed to attract and analyze attacks, making it the best choice for collecting evidence of a zero-day attack. In contrast, antispam, antivirus, and firewalls primarily focus on prevention and detection of known threats rather than actively gathering evidence from new, unknown exploits.