CompTIA A+ Core 1 (CA1-005) — Question 11

While performing threat-hunting functions, an analyst is using the Diamond Model of Intrusion Analysis. The analyst identifies the likely adversary, the infrastructure involved, and the target. Which of the following must the threat hunter document to use the model effectively?

Answer options

• A. Knowledge
• B. Capabilities
• C. Phase
• D. Methodologies

Correct answer: D

Explanation

The correct answer is D, as documenting methodologies is crucial for understanding the strategies and techniques employed by adversaries. Knowledge, capabilities, and phase are important but do not specifically address the systematic approach needed to analyze and respond to threats effectively.