Browse CompTIA Certification Guides

CompTIA N10-009 Deception Technologies Guide

March 29, 2026

Study CompTIA N10-009 Deception Technologies: key concepts, common traps, and exam decision cues.

On this page

Deception-technology questions are purpose questions. CompTIA is usually testing whether you understand that honeypots and honeynets are there to observe, misdirect, and study attacker behavior, not to replace normal prevention and segmentation.

Honeynet: A more extensive decoy environment built to study attacker behavior across multiple systems.

Honeypot: A decoy system or service intended to attract, detect, or study malicious behavior.

Sinkhole: A destination used to redirect unwanted or malicious traffic so it can be contained or observed more safely.

What CompTIA is really testing

The strongest answers usually separate:

  • observation from prevention
  • decoy value from production value
  • isolated research environments from trusted operational environments
  • alerting benefit from actual path blocking

Keep the deception controls distinct

Deception control Strongest value
honeypot attract and observe suspicious interaction with a decoy service or host
honeynet observe attacker behavior across a broader decoy environment
sinkhole redirect unwanted traffic away from more valuable assets

The key placement rule

    flowchart LR
	  A["Suspicious probe or attack path"] --> B["Decoy or redirect target"]
	  B --> C["Monitoring and analysis"]
	  C --> D["Improve detection or response"]

What to notice:

  • the point is to gain visibility or safely redirect
  • deception feeds monitoring and response
  • it does not remove the need for firewalls, segmentation, or hardening

Small scenario example

1Public decoy SSH service
2- isolated from production servers
3- monitored for login attempts
4- sends alerts on new attacker behavior

What to notice:

  • the system is valuable because it is watched
  • it should not be trusted like a real production dependency
  • the lesson is visibility and intelligence, not ordinary service delivery

Common traps

  • treating deception as a universal preventive control
  • deploying a decoy without monitoring or alerting value
  • placing decoys too close to trusted production dependencies
  • assuming a honeypot blocks an attacker by itself

What strong answers usually do

  • identify that the control is meant to observe, misdirect, or gather intelligence
  • keep the deception environment isolated from critical systems
  • connect the value of the decoy to monitoring and incident-response improvement
  • avoid describing deception as a replacement for baseline security controls

Decision order that usually wins

Deception tools are not normal production controls. First, ask whether the goal is to divert, detect, or study suspicious behavior. Second, keep the decoy boundary clear: honeypots and honeynets should be isolated and monitored, not trusted like business systems. Third, choose sinkholing when the scenario is about redirecting unwanted traffic to a controlled destination. On the exam, the wrong answer usually treats a decoy as a primary protective control.

Quiz

Loading quiz…

Continue with 4.4 Risk, Exploit & CIA to keep the domain flow intact.

Revised on Sunday, May 10, 2026
4.2 Physical Security
4.4 Risk, Exploit & CIA