CompTIA SecurityX (CAS-005) — Question 306

While performing threat-hunting functions, an analyst is using the Diamond Model of Intrusion Analysis. The analyst identifies the likely adversary, the infrastructure involved, and the target. Which of the following must the threat hunter document to use the model effectively?

Answer options

• A. Knowledge
• B. Capabilities
• C. Phase
• D. Methodologies

Correct answer: B

Explanation

The correct answer is B, as documenting the capabilities of the adversary is essential for understanding their potential actions and strategies. Options A, C, and D, while important in different contexts, do not specifically align with the need to assess and record the adversary's abilities in the Diamond Model framework.