Which of the following is designed to trigger an alert when accessed by an adversary, commonly referred to as a honeytoken or canary trap?

The concept of a honeytoken or canary trap refers to a specific type of deception technology that is used to detect unauthorized access or malicious activities by adversaries. Decoy files serve this purpose effectively by being placed within a network or system to lure potential attackers. When accessed, these files trigger alerts to the defenders, indicating that an intruder is on the system. The essence of this approach is to create a controlled interaction that provides insight into adversary behavior and alerts security teams to possible breaches in real-time.

Honeypots and honeynets are broader concepts designed to trap and analyze attackers, but they typically involve more extensive setups and can serve multiple functions beyond just the alert-triggering aspect of honeytokens. A simulator, on the other hand, is generally used for training or testing security systems and does not function as a trap to alert on unauthorized access.