Pass your certification exam. Faster. Guaranteed.

Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.

BASIC

Comprehensive practice exam engine!

  • Unlimited access to thousands of practice questions
  • Exam readiness score
  • Smart reinforcement

PRO

All features in the FREE plan, plus:

  • Focused training ensures 100% exam readiness
  • Personalized learning plan
  • Align exam engine to your current baseline knowledge
  • Eliminate wasted study time
  • Exam pass guarantee
  • And much more

Honeypots Transcription

Welcome to our honeypots module. Honeypot are systems that emulate production systems, but they do not contain any actual data or services that would be valuable to an attacker. These systems do appear to be actual targets to attackers. And they are generally easier to attack than your actual secure systems.

They will have much more open ports and running services than your hardened systems. And they will often have known vulnerabilities. You place these devices in the DMZ, or demilitarized zone In order to distract your attackers from attacking your actual systems and also watch the attackers as they proceed through your security systems in order to determine how they attempt to attack your systems.

Once you see how these attackers are trying to get into your systems, you can then make sure that your production systems are not susceptible to those types of attacks. Some honeypots will try to keep attackers inside them as long as possible, and are known as tar pits or sticky honeypots.

Honeypots can also help you to discover zero day vulnerabilities but you may not have been familiar with with your production systems. A honey net is two or more connected honey pots attempting to simulate an internal network. A honey token is not a system but a single component such as a file that generates an intrusion alert when it is accessed or manipulated in a certain way and a padded cell is an isolated environment which emulates a part of your internal network.

But does not actually have access to your actual network assets. It is different from a honey pot in that the attacker is transferred to the padded cell after they attempt to attack one of your actual production systems. You have to considered enticement versus entrapment. Enticement is legal and considered to be ethical whereas entrapment is illegal and unethical.

If you can figure a honeypot, this would be an example. Example of enticement. It is enticing an attacker to attack the system, but you have not taken any steps to force the attacker to do that. An example of entrapment would be setting up a honeypot and then telling one of your employees that there is a valuable on protected system on the network and then attempting to have that employee arrested or terminate that employee when they attack that system.

That would be considered because you took an action to make that employee do something they would not have otherwise done. Even if your conduct does not rise to the level of entrapment, you still may not be able to use the evidence in court because there was no valuable assets affected since honey pots are actually fake systems that do not have any real value to your organization.

If your honey pot closely mimics your production systems, you may be providing your attackers valuable information. That can let them attack your actual systems once they determine that they are inside a honey pot and not on your actual network. You should know the difference between enticement and entrapment for the CISSP exam combination remembering that enticing someone is legal and ethical, and entrapping them is not legal and is also unethical.

This concludes our honey pots module. Thank you for watching.

Included in all plans.

1000's of practice test questions

Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.

Exam Readiness Score

Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.

Smart Reinforcement

Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.

THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!

PRO Membership Benefits.

Personalized Learning Plan

Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.

Exam Pass Guarantee

Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.

Eliminate Wasted Study Time

Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.

Coming Soon - Simulated Exam

More PRO benefits are being built all the time!