A systems administrator needs to identify new attacks that could be carried out against the environment. The administrator plans to proactively seek out and observe new attacks. Which of the following is the best way to accomplish this goal?
Correct Answer: D
According to SecurityX CAS-005 threat intelligence and testing objectives, a honeypot is a decoy system designed to lure attackers, allowing security teams to observe new tactics, techniques, and procedures (TTPs) in a controlled environment.
An IPS is designed to block known attacks but not discover new ones.
Sandboxing is useful for analyzing suspicious files or malware samples but not for attracting live, unknown attack attempts.
Scanning for IoCs detects known compromise indicators, not new, emerging attacks.A honeypot directly supports proactive attack discovery and analysis.