Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Exam CS0-002 topic 1 question 90 discussion

Actual exam question from CompTIA's CS0-002
Question #: 90
Topic #: 1
[All CS0-002 Questions]

A cybersecurity analyst is responding to an incident. The company's leadership team wants to attribute the incident to an attack group. Which of the following models would BEST apply to the situation?

  • A. Intelligence cycle
  • B. Diamond Model of Intrusion Analysis
  • C. Kill chain
  • D. MITRE ATT&CK
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
I_heart_shuffle_girls
Highly Voted 1 year, 7 months ago
D MITRE ATT&CK
upvoted 27 times
Obi_Wan_Jacoby
1 year, 6 months ago
Concur with D. MITRE specifically mentions having details on threat actor groups
upvoted 7 times
who__cares123456789___
1 year, 4 months ago
From WGU's text in UCertify..."ATT&CK matrices include preattack, enterprise matrices focusing on Windows, macOS, Linux, and cloud computing, as well as iOS and Android mobile platforms. It also includes details of mitigations, threat actor groups, software, and a host of other useful details. All of this adds up to make ATT&CK the most comprehensive freely available database of adversary techniques, tactics, and related information that the authors of this course are aware of."
upvoted 3 times
...
...
...
AES
Highly Voted 1 year, 6 months ago
B is correct. "to uncover additional details about the adversary, infrastructure, capabilities, and victims in order to piece together a more cohesive picture of the threat and how that threat operates. These additional data points can complement internal data and other intelligence in correlating and attributing malicious activity to an adversary." https://www.recordedfuture.com/diamond-model-intrusion-analysis/
upvoted 10 times
...
FrancisBakon
Most Recent 2 weeks, 3 days ago
Selected Answer: B
First of all it is management. Second they are asking to relate the attacker. Diamond model has this kind of processes. Going with B
upvoted 1 times
...
harrJ
2 weeks, 6 days ago
Selected Answer: B
Management wants to know (who) -Diamond Model: The Diamond Model provides a framework and process for identifying groups of related events on an organization’s systems. By identifying events and linking them into activity threads, an analyst gains information regarding what occurred during an attack. By looking at the gaps in their knowledge (i.e. missing features), the analyst identifies where further information is needed. -MITRE ATT&CK: The MITRE ATT&CK framework outlines the various ways in which an attacker can achieve a particular objective (the Tactics in the various MITRE ATT&CK matrices). This makes it useful for ensuring that incident response and forensic investigation activities are comprehensive and decreases the probability that crucial evidence is overlooked.
upvoted 1 times
...
miabe
3 weeks, 1 day ago
Selected Answer: D
looks good to me
upvoted 1 times
...
EVE12
1 month, 2 weeks ago
Selected Answer: B
The Diamond Model of Intrusion Analysis The Diamond Model of Intrusion Analysis emphasizes the relationships and characteristics of four basic components: the adversary, capabilities, infrastructure, and victims. The main axiom of this model states, “For every intrusion event there exists an adversary taking a step towards an intended goal by using a capability over infrastructure against a victim to produce a result
upvoted 1 times
...
Flavio113
2 months, 4 weeks ago
Selected Answer: B
Guys,I think it's B https://warnerchad.medium.com/diamond-model-for-cti-5aba5ba5585
upvoted 2 times
...
cysa_1127
4 months, 1 week ago
Selected Answer: D
D MITRE ATT&CK
upvoted 1 times
...
thegreatnivram
5 months ago
Selected Answer: D
MITRE ATT&CK indicates specific tactics and techniques than can be mapped to threat actor groups
upvoted 2 times
...
bzpunk
5 months, 4 weeks ago
Selected Answer: B
Anything that deals with specific victims or attackers is going to be Diamond. It was designed with correlation relationships in mind.
upvoted 2 times
...
cysa_1127
6 months ago
Selected Answer: D
ITS D mitre attack
upvoted 1 times
...
cysa_1127
6 months, 1 week ago
Selected Answer: D
ITS D MITRE ATTCK
upvoted 1 times
...
Charlieb123
7 months ago
D - MITRE ATT&CK - "leadership team wants to attribute the incident to an attack group" The diamond model doesn't provide you with a list of identified attack groups, MITRE does.
upvoted 2 times
...
usoldier
7 months, 2 weeks ago
B. https://www.recordedfuture.com/diamond-model-intrusion-analysis/
upvoted 1 times
...
ionutdi
11 months, 1 week ago
Even though Mitre ATT&CK gives more details on threat actor groups, the question asks "which of the following *models* would BEST apply". So I'll go with B. Also the dumps bought from passleader says confirms.
upvoted 3 times
...
magicbr3
12 months ago
"The Diamond Model focuses heavily on understanding the attacker and their motivations, and the uses relationships between these elements to allows security analyst to both understand the threat and consider what other data or information they may need to obtain or may already have available" - going with B
upvoted 4 times
...
Kane4555
1 year ago
B. You don't know the TTPs, only that there's been an incident, ATT&CK isn't going to help you. You first need to identify the attack, which the Diamond Model would help you do.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...