CompTIA CySA+ (CS0-002) — Question 290

An analyst receives artifacts from a recent intrusion and is able to pull a domain, IP address, email address, and software version. Which of the following points of the Diamond Model of Intrusion Analysis does this intelligence represent?

Answer options

• A. Infrastructure
• B. Capabilities
• C. Adversary
• D. Victims

Correct answer: A

Explanation

The correct answer is A, Infrastructure, because the domain, IP address, and software version relate to the technical framework used by the intruder. The other options do not fit as they refer to different components of the Diamond Model; Capabilities focus on the skills or tools of the adversary, Adversary represents the entity behind the attack, and Victims pertain to the targets of the intrusion.