CompTIA Security+ (SY0-501) — Question 636

A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

Answer options

• A. The Diamond Model of Intrusion Analysis
• B. The Cyber Kill Chain
• C. The MITRE CVE database
• D. The incident response process

Correct answer: A

Explanation

The Diamond Model of Intrusion Analysis is specifically designed to analyze adversary actions by linking their capabilities, infrastructure, and victims. While the Cyber Kill Chain outlines stages of an attack, it does not focus on the relations between an adversary's attributes. The MITRE CVE database catalogs vulnerabilities rather than tracking adversaries, and the incident response process is a reactive measure rather than an analysis framework.