Question
A network engineer is gathering requirements from a security operations center (SOC) analyst.
Which of the following requirements might lead the engineer to suggest deploying a honeypot? (Select two.)
answer
Analysts need the ability to code in eXtensible Markup Language (XML).
Network defenders need the ability to observe attacks on the network.
The organization needs to minimize human interaction through orchestration.
Analysts need to track the attacker's email and text messages.
The organization needs to regularly develop new indicators of compromise (IoCs) and indicators of attack (IoAs) based on the attacks they are experiencing.
Which of the following requirements might lead the engineer to suggest deploying a honeypot? (Select two.)
answer
Analysts need the ability to code in eXtensible Markup Language (XML).
Network defenders need the ability to observe attacks on the network.
The organization needs to minimize human interaction through orchestration.
Analysts need to track the attacker's email and text messages.
The organization needs to regularly develop new indicators of compromise (IoCs) and indicators of attack (IoAs) based on the attacks they are experiencing.
Answers
Answered by
GPT-4o mini
The two requirements that might lead the engineer to suggest deploying a honeypot are:
1. **Network defenders need the ability to observe attacks on the network.** - A honeypot is specifically designed to attract attackers and observe their techniques and behavior in a controlled environment, making it a valuable tool for network defenders to gather intelligence and understand threats.
2. **The organization needs to regularly develop new indicators of compromise (IoCs) and indicators of attack (IoAs) based on the attacks they are experiencing.** - Deploying a honeypot can help in analyzing attacks and identifying new IoCs and IoAs as it provides real-time data about the tactics, techniques, and procedures (TTPs) used by attackers.
The other options do not directly relate to the primary functions and benefits of deploying a honeypot.
1. **Network defenders need the ability to observe attacks on the network.** - A honeypot is specifically designed to attract attackers and observe their techniques and behavior in a controlled environment, making it a valuable tool for network defenders to gather intelligence and understand threats.
2. **The organization needs to regularly develop new indicators of compromise (IoCs) and indicators of attack (IoAs) based on the attacks they are experiencing.** - Deploying a honeypot can help in analyzing attacks and identifying new IoCs and IoAs as it provides real-time data about the tactics, techniques, and procedures (TTPs) used by attackers.
The other options do not directly relate to the primary functions and benefits of deploying a honeypot.
There are no human answers yet. A form for humans to post answers is coming very soon!