If the honeypot is in front of firewall then logical thinking it's safe but too obvious. The threat actor is not a silly guy :-). So look like D is better answer.
I say D just for the fact of; if I were a threat actor and I see an externally facing resource, I'm going to assume its a honeypot and not interact with it. If it says its a DC or something and inside were files like "important" or "top-secret" its pretty easy to deduce that this isnt worth my time infiltrating most likely and any interaction I have on pulling files would be flagged and I would immediately be identified. My best bet would be to continue enumerating and seeking out POCs for lateral movement. D just makes more sense as you could deploy externally facing honeypots and internal honeypots to catch threats inside the wire
As long as the intention is to honeypot some critical servers, D is correct: You will deploy a honeypot in the same datacenter as you have your SQL database. Will deploy too on the same place you have your Apache2 running, and probably you will deploy a honeypot on the same net segment you have an DC running. Cause idea is, to emulate any system you want, really does not matter where to deploy: All is fake
It depends on how you plan to use a honeypot. If we want to discover attack types against our network (which why we use honeypot) then C is correct. If we want to use it as a deception system. Then D is correct. But generally all the responses are fake on the honeypot so I may go with D for this question.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ceh2024
3 months, 1 week agoAriel235788
1 year, 11 months agoferari5
2 years, 3 months agoBodescu
2 years, 7 months agoech
2 years agoJKCY
2 years, 10 months agohaymaths
4 years, 3 months agoPet
4 years, 6 months ago