Exam CAS-005 topic 1 question 73 discussion

❌ Why the other options are less effective: A. Configuring a honeypot for adversary characterization A honeypot is useful, but it’s often a single system and may not attract or detect attackers once they’re inside the network unless specifically accessed. B. Leveraging simulators for attackers Simulators are great for training or pre-deployment testing, but they don’t directly address real-time detection or help catch adversaries already in your network. C. Setting up a honey network for attackers Similar to a honeypot but on a larger scale; effective, but complex and overkill for a first step. It also requires significant resources to manage and doesn’t guarantee interaction from attackers.

✅ Explanation: The scenario describes a failure to detect unauthorized access during an adversarial simulation — likely a red team exercise. This points to gaps in detection and deception capabilities. D. Utilizing decoy accounts and documents These are deception techniques designed to lure attackers and trigger alerts when accessed. They help identify lateral movement, privilege escalation, and unauthorized access in real-time. When attackers interact with fake credentials or sensitive-looking files (e.g., fake HR records or fake SSH keys), alerts can be generated without compromising real assets. This is a proactive detection strategy ideal for catching stealthy adversaries.

Fixing man