Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Exam CS0-002 topic 1 question 90 discussion

Actual exam question from CompTIA's CS0-002
Question #: 90
Topic #: 1
[All CS0-002 Questions]

A cybersecurity analyst is responding to an incident. The companyג€™s leadership team wants to attribute the incident to an attack group. Which of the following models would BEST apply to the situation?

  • A. Intelligence cycle
  • B. Diamond Model of Intrusion Analysis
  • C. Kill chain
  • D. MITRE ATT&CK
Show Suggested Answer Hide Answer

Suggested Answer: B

Comments

I_heart_shuffle_girls
Highly Voted 2 months, 4 weeks ago
D MITRE ATT&CK
upvoted 9 times
Obi_Wan_Jacoby
2 months, 2 weeks ago
Concur with D. MITRE specifically mentions having details on threat actor groups
upvoted 4 times
who__cares123456789___
2 weeks, 1 day ago
From WGU's text in UCertify..."ATT&CK matrices include preattack, enterprise matrices focusing on Windows, macOS, Linux, and cloud computing, as well as iOS and Android mobile platforms. It also includes details of mitigations, threat actor groups, software, and a host of other useful details. All of this adds up to make ATT&CK the most comprehensive freely available database of adversary techniques, tactics, and related information that the authors of this course are aware of."
upvoted 1 times
...
...
...
zaqwsx
Most Recent 2 weeks, 5 days ago
D https://attack.mitre.org/groups/
upvoted 1 times
...
tterka
1 month, 2 weeks ago
Im going with B here. Check this pic: https://cdn-cybersecurity.att.com/blog-content/forza3.png (step 5) a similar picture is in Sybex book, it all leads to identifying the adversary
upvoted 1 times
...
somsom
1 month, 2 weeks ago
D is the answer
upvoted 1 times
...
Matchy
1 month, 3 weeks ago
Also agree that its D, in the Sybex study guide ATT&K matrices includes details of mitigations, threat actor groups, software, and host.
upvoted 1 times
...
americaman80
1 month, 3 weeks ago
I'm going with D on this one. The Diamond Model doesn't seem to give us specific intel on the attacking group, but MITRE does.
upvoted 1 times
...
AES
2 months, 1 week ago
B is correct. "to uncover additional details about the adversary, infrastructure, capabilities, and victims in order to piece together a more cohesive picture of the threat and how that threat operates. These additional data points can complement internal data and other intelligence in correlating and attributing malicious activity to an adversary." https://www.recordedfuture.com/diamond-model-intrusion-analysis/
upvoted 4 times
...
BearNun22
2 months, 1 week ago
Thanks for the link, I'll go with D also. MITRE
upvoted 2 times
...
BearNun22
2 months, 2 weeks ago
I'm leaning towards B on this. Diamond Model says "- & attributing malicious activity to an adversary." I think MITRE is more to find the attack itself.
upvoted 1 times
Obi_Wan_Jacoby
2 months, 2 weeks ago
This is the specific site for info on threat groups on the MITRE site. It is indeed MITRE , answer C. "https://attack.mitre.org/groups/" Hope it helps :)
upvoted 3 times
...
...

SaveCancel