Which IPS signature trigger category uses a decoy server to divert attacks away from production devices?

Which IPS signature trigger category uses a decoy server to divert attacks away from production devices?

• honey pot-based detection
• policy-based detection
• pattern-based detection
• anomaly-based detection

Explanation: Honey pot-based detection uses a decoy server to attract attacks and to divert attacks away from production devices. Use of a honey pot can give administrators time to analyze incoming attacks and malicious traffic patterns to tune sensor signatures.

Exam with this question: Checkpoint Exam: Intrusion Prevention Group Exam Answers