An analyst receives artifacts from a recent intrusion and is able to pull a domain, IP address, email address, and software version. Which of the following points of the Diamond Model of Intrusion Analysis does this intelligence represent?
Per CompTIA, and makers of Diamond Model(https://www.comptia.org/blog/think-like-a-hacker-3-cybersecurity-models-used-to-investigate-intrusions):
Adversary: The persona of the individual or group attacking you
Infrastructure: IP addresses, domain names or email addresses
Capabilities: What the adversary can do (e.g., malware, exploits, manipulate infrastructure)
Victim: Can include people, services, network assets or information
I initially thought that "C" was the correct answer but, based on the description of "Infrastructure" it is definitely "A":
Infrastructure
The technical resources and assets used by the attacker to perform the attack, such as servers, domains, and IP addresses
C=Infrastructure
The infrastructure includes the physical or logical communication structures such as IP or e-mail addresses, domain names, and others, employed by an adversary to deliver a capability.
The information about the domain, IP address, email address, and software version represents the "Infrastructure" point of the Diamond Model of Intrusion Analysis.
So the correct answer is:
A. Infrastructure
infrastructure includes the physical or logical communication structures such as IP or e-mail addresses, domain names, and others, employed by an adversary to deliver a capability. cyware website gives clear definition.
Chatgpt went with A as the correct answer. When asked why it picked A over C, this is what it said...
The domain, IP address, email address, and software version are all part of the infrastructure that the adversary used to carry out the intrusion. Therefore, this intelligence would represent the "Infrastructure" point in the Diamond Model of Intrusion Analysis, which is why option A is the correct answer. The "Adversary" point in the Diamond Model would represent information about the identity, motivations, and tactics of the attackers themselves, which is not directly represented by the artifacts listed in the question.
Answer is C.
I think you guys are making this question harder than it is supposed to be. In the Diamond Model of Intrusion Analysis, it talks about analytical pivoting, meaning IP address, domain name, and email address can also be the victim, it all depends on where in the diamond you are coming from. In this case, we are the analyst and all we have is an IP address, an email address, and software version. This would point to the Adversary responsible for the recent intrusion. There is no way you can tell what the infrastructure is based on just an IP, email address, and software version. That's how I am approaching this question.
The key to this question is how you interpret the first 8 words of the sentence, "An analyst receives artifacts from a recent Intrusion." If you believe that these artifacts are from the local system, then the answer would be A.
In this context, artifacts would be referring to the breadcrumb trail left behind by the attacker. So that would make the correct answer C as this information would belong to the Adversary
Infrastructure
The information provided in the question, such as domain, IP address, email address, and software version, falls under the "Infrastructure" point of the Diamond Model of Intrusion Analysis. This information can be used to identify the infrastructure that the adversary used during the intrusion, including the tools, networks, and systems that were compromised. By analyzing the infrastructure, analysts can identify the tactics, techniques, and procedures (TTPs) used by the adversary and create a better understanding of the overall intrusion.
The BEST approach for the consultant to consider when modeling the client's attack surface would be to answer the question: "What are the most likely attack vectors for this particular client?"
Option C is the best approach for the consultant to take, as it involves analyzing attacks against similar industry peers and assessing the probability of the same attacks happening. This approach would help the consultant to identify the most likely attack vectors and prioritize their attention on those areas.
Option A is helpful in understanding external scans, but may not give the full picture of the client's attack surface.
Option B is focused on potential solutions to reduce the likelihood of an attack, but it does not provide insight into the specific risks that the client may be facing.
Option D is focused on funding for solutions, which may not be the primary concern at this stage.
Correct answer is A
The infrastructure includes the physical or logical communication structures such as IP or e-mail addresses, domain names, and others, employed by an adversary to deliver a capability.
Correct answer is A
The infrastructure includes the physical or logical communication structures such as IP or e-mail addresses, domain names, and others, employed by an adversary to deliver a capability.
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
rivo3
Highly Voted 2 years, 1 month agoLearner213
Most Recent 4 months, 4 weeks agonelombg
1 year, 4 months ago581777a
1 year, 6 months ago581777a
1 year, 6 months agoKwame25
1 year, 8 months agoKwame25
1 year, 8 months agoKainas
2 years agoSnkrsnaker1
2 years agoOnA_Mule
2 years, 1 month ago2Fish
2 years, 1 month agokiduuu
2 years, 1 month agoboletri
2 years, 1 month agoencxorblood
2 years, 2 months agoomer123456
2 years, 3 months agoomer123456
2 years, 3 months agoCyberNoob404
2 years, 3 months agoiraidesc
2 years, 4 months ago