Which characteristic describes a honeypot?

A honeypot is specifically designed to be an isolated system that has no legitimate purpose other than to attract, capture, and study potential attackers. The primary goal of a honeypot is to simulate a vulnerable target, luring attackers into interacting with it. This interaction allows security professionals to gather intelligence about attack methods, tools, and behaviors, which can then be used to strengthen the security posture of actual systems.

In contrast, the other options describe different concepts in the realm of information security. An information system with multiple legitimate functions does not fit the definition of a honeypot, as it serves genuine operational purposes. A device used to control network access refers to security measures such as firewalls or access control systems, which are distinctly different from the purpose of a honeypot. Moreover, a backup system in case of an attack pertains to disaster recovery and continuity plans, rather than the proactive and maliciously interactive role that a honeypot plays in the cybersecurity landscape. Thus, the defining characteristic of a honeypot is that it is an isolated system without legitimate business functionality.