A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify:
A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify:
A . detection and prevention capabilities to improve.
B . which systems were exploited more frequently.
C . possible evidence that is missing during forensic analysis.
D . which analysts require more training.
E . the time spent by analysts on each of the incidents.
Answer: A
Explanation:
A Diamond Model analysis of an incident is a framework that identifies the four essential features of
an attack: adversary, capability, infrastructure, and victim1 By analyzing these features and their relationships, a security analyst can gain insights into the attack’s objectives, methods, sources, and targets. A potential benefit of this activity is that it can identify detection and prevention capabilities to improve, such as gaps in security controls, indicators of compromise, or mitigation strategies2
Reference: 1 What is the Diamond Model of Intrusion Analysis? 2 How to use the MITRE ATT&CK® framework and diamond model of intrusion analysis together
Latest CS0-002 Dumps Valid Version with 220 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund