CompTIA CySA+ (CS0-003) — Question 268

Which of the following is the best framework for assessing how attackers use techniques over an infrastructure to exploit a target’s information assets?

Answer options

• A. Structured Threat Information Expression
• B. OWASP Testing Guide
• C. Open Source Security Testing Methodology Manual
• D. Diamond Model of Intrusion Analysis

Correct answer: D

Explanation

The Diamond Model of Intrusion Analysis is specifically designed to analyze and understand how attackers exploit vulnerabilities within an infrastructure. The other options, while valuable in their own contexts, do not focus primarily on the techniques used by attackers in the same comprehensive manner.