Detective vs Deterrent

Can someone shed some light ; i'm currently studing for SSCP to be taken Oct 18.
All the books i have read say Honey pots are to detour would be hackers or attackers away from your internet network. And at this time be able to watch what they are doing and how they are doing it. I saw a question that states Honey pots are detective not deterrent. Were can a get a good answer?

And has anyone else seen problems with the wording in the studISCope questions? I'm having problems with many other questions that seem to contradict from anything in the books.

Using the Darril Gibson SSCP AIO and the ISC SSCP CBK.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

emerald_octane

Intent of Deterrent control is to dissuade by offering some type of punishment : Surveillance Cameras, Guards

Detective controls identify, log and alert management to unwanted actions or events as or after they occur.

How are honeypots used in organizations: Used to identify, quantify and qualify types of traffic on the internet, create tools and procedures to counteract the attacks

Source: CISSP Review Seminar

Pay attention to the wording here, as it will help you on the test. Does your book say that honeypots deter adversaries from attacking the organization, or attacking our other systems. If it's the later then it serves as a detective tool because we've set it up for this purpose of gaining knowledge.

Falasi

daryle7901 wrote: »

And at this time be able to watch what they are doing and how they are doing it
.

The main purpose for Honey pot is to monitor how the network can be hacked or messed with that why it’s a detective control.

Generally a deterrent control is not hidden , its known to the public that its there: it aim is to make a hacker think twice before attempt penetration. However in the case of honey pot; a hacker shouldn’t know that he is in a fake network/host.

This is what I think anyway... =X

Althmash7

Blog Please read this link it will claer all ur doubt.

lifecomm

daryle7901 wrote: »

...has anyone else seen problems with the wording in the studISCope questions? I'm having problems with many other questions that seem to contradict from anything in the books...

Hi Daryle, here's my advice: know the material.

Test questions should be used ONLY to highlight what you don't know and what areas you should study more. Many people get a false sense of security when they're able to pass a test quiz with flying colors. What happens when they face the real thing? They fail because they have problems with the wording of the questions. That’s why I say, know the material.

You’ll rarely get an easy question like, “is a honey pot a detective tool?” It’ll be a long drawn-out scenario question that requires you to deduce the real question.

So learn the material and the most obscure question becomes one you can intelligently answer. HTH.

JDMurray

daryle7901 wrote: »

And has anyone else seen problems with the wording in the studISCope questions? I'm having problems with many other questions that seem to contradict from anything in the books.

The studISCope practice exam items are used to teach CBK concepts and to help you assess what you currently do and don't know. The items are written by many different people using many different resources, so it is possible to see some contradictions. This is also the case in the real InfoSec world where differing opinions about InfoSec topics abound.