Exam SY0-701 topic 1 question 527 discussion

GPT: The correct answer is: ✅ B. Honeyfile Explanation: A honeyfile is a decoy file that appears valuable (e.g., contains credentials, financial data, or sensitive information). It is placed in a monitored location to detect unauthorized access. In this case: The analyst saved a fake account and password in a spreadsheet. The spreadsheet is stored in a non-obvious directory. An alert triggers when it's opened. These are textbook characteristics of a honeyfile. ❌ Why the other options are incorrect: Option Why it's not correct A. Honeypot A decoy system or server, not a file. C. Honeytoken A piece of fake data (e.g., fake credential or ID) — similar, but not specifically a file-based trap. D. Honeynet A network of honeypots, much broader in scope.

The account is a honeytoken but the file is a honeyfile. Since the trigger is off of a file, the answer is honeyfile.

B it is a honey file

Honeytoken refers to any decoy data or token inserted into a system (fake user account, data base record, or any other type of digital bait. When interacted with, indicates a compromise or unauthorized access.

The trigger happens when the spreadsheet is opened, so its a Honeyfile

C. Honeytoken Explanation: ✔ A honeytoken is a decoy piece of data (e.g., fake credentials, database records, or files) designed to detect unauthorized access. ✔ In this scenario, the analyst created a fake account (credentials) and stored them in a hidden spreadsheet, setting up an alert when accessed. ✔ This helps identify malicious activity if an attacker discovers and attempts to use the credentials. Why not the other options? A. Honeypot – A decoy system or server designed to lure attackers, not a single credential or file. B. Honeyfile – A fake document (e.g., a sensitive-looking spreadsheet or PDF), whereas this scenario is about credentials rather than just a document. D. Honeynet – A network of multiple honeypots, not a single deception mechanism like a honeytoken.