The security organization is looking for a solution that could help them determine with a strong level of confidence that attackers have breached their network. Which solution is MOST effective at discovering a successful network breach?
Correct Answer: A
A honeypot is a decoy system that is designed to attract and trap attackers who attempt to breach a network. A honeypot can provide a high level of confidence that attackers have breached the network, as it can record their activities, techniques, tools, and motives. A honeypot can also divert the attackers from the real network assets and alert the security organization of the intrusion. The other options are not as effective as deploying a honeypot at discovering a successful network breach. Developing a sandbox is a technique that isolates an application or a process from the rest of the system, such as a web browser or an email attachment. A sandbox can prevent malicious code from affecting the system, but it does not necessarily detect or identify the attackers. Installing an intrusion prevention system (IPS) is a technique that monitors and blocks malicious network traffic, such as denial-of-service, reconnaissance, or exploitation attempts. An IPS can prevent potential network breaches, but it may not discover successful ones that bypass or evade the IPS. Installing an intrusion detection system (IDS) is a technique that monitors and alerts on malicious network traffic, such as denial-of-service, reconnaissance, or exploitation attempts. An IDS can detect possible network breaches, but it may not discover successful ones that bypass or evade the IDS, or it may generate false positives that reduce the confidence level. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5: Communication and Network Security, pp. 311-312, 315-316; CISSP practice exam questions and answers | TechTarget, Question 4