210-255 · Question #179
Which concept is used to understand instances of the same cybersecurity event occurring over the course of a few weeks that could be linked together through multiple illustrations and then linked back
The correct answer is C. compliance and Intrusion model. The compliance and intrusion model is used to correlate multiple related security event instances observed over time and attribute them collectively to a single adversary.
Question
Which concept is used to understand instances of the same cybersecurity event occurring over the course of a few weeks that could be linked together through multiple illustrations and then linked back to the same adversary?
Options
- Athreat model
- Bintrusion threat intelligence model
- Ccompliance and Intrusion model
- Ddiamond model of intrusion
How the community answered
(30 responses)- A10% (3)
- B3% (1)
- C73% (22)
- D13% (4)
Why each option
The compliance and intrusion model is used to correlate multiple related security event instances observed over time and attribute them collectively to a single adversary.
A threat model focuses on identifying and prioritizing potential threats to a system during the design or assessment phase, not on correlating observed historical events to a specific adversary.
The intrusion threat intelligence model is oriented toward gathering and processing threat intelligence feeds and indicators, rather than correlating repeated event occurrences over weeks to establish single-adversary attribution.
The compliance and intrusion model provides a structured framework for tracking cybersecurity events that share common indicators or characteristics across an extended period such as several weeks. By linking these event instances through shared illustrations or data points, analysts can establish patterns of behavior and trace the activity back to a single responsible threat actor. This longitudinal correlation and attribution function is the model's primary purpose.
The diamond model of intrusion describes the structural relationship between adversary, capability, infrastructure, and victim for individual events, but its primary purpose is not the longitudinal correlation of recurring event instances over weeks.
Concept tested: Correlating recurring security events to one adversary over time
Topics
Community Discussion
No community discussion yet for this question.