Section: Protection of Information Assets

Explanation/Reference:
The Answer http://www.ce-infosys.com/english/free_compusec/free_compusec.aspx High-interaction type of honey pot essentially gives an attacker a real environment to attack.
Also, you should know below information about honey pot for CISA exam:
A Honey pot is a software application that pretends to be an unfortunate server on the internet and is not set up actively protect against break-ins.
There are two types of honey pot:
High-interaction Honey pots - Essentially gives hacker a real environment to attack. High-interaction honey pots imitate the activities of the production systems that host a variety of services and, therefore, an attacker may be allowed a lot of services to waste his time. According to recent research into high- interaction honey pot technology, by employing virtual machines, multiple honey pots can be hosted on a single physical machine. Therefore, even if the honey pot is compromised, it can be restored more quickly.
In general, high-interaction honey pots provide more security by being difficult to detect, but they are highly expensive to maintain. If virtual machines are not available, one honey pot must be maintained for each physical computer, which can be exorbitantly expensive. Example: Honey net.
Low interaction - Emulate production environment and therefore, provide more limited information. Low- interaction honey pots simulate only the services frequently requested by attackers. Since they consume relatively few resources, multiple virtual machines can easily be hosted on one physical system, the virtual systems have a short response time, and less code is required, reducing the complexity of the virtual system's security. Example: Honeyed.
The following were incorrect answers:
Med-interaction - Not a real type of honey pot
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 348
http://en.wikipedia.org/wiki/Honeypot_%28computing%29

Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user input as the format string parameter in certain C functions that perform formatting, such as printf (). A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token.