nerdexam
Cisco

210-255 · Question #179

Which concept is used to understand instances of the same cybersecurity event occurring over the course of a few weeks that could be linked together through multiple illustrations and then linked back

The correct answer is C. compliance and Intrusion model. The compliance and intrusion model is used to correlate multiple related security event instances observed over time and attribute them collectively to a single adversary.

Network Intrusion Analysis

Question

Which concept is used to understand instances of the same cybersecurity event occurring over the course of a few weeks that could be linked together through multiple illustrations and then linked back to the same adversary?

Options

  • Athreat model
  • Bintrusion threat intelligence model
  • Ccompliance and Intrusion model
  • Ddiamond model of intrusion

How the community answered

(30 responses)
  • A
    10% (3)
  • B
    3% (1)
  • C
    73% (22)
  • D
    13% (4)

Why each option

The compliance and intrusion model is used to correlate multiple related security event instances observed over time and attribute them collectively to a single adversary.

Athreat model

A threat model focuses on identifying and prioritizing potential threats to a system during the design or assessment phase, not on correlating observed historical events to a specific adversary.

Bintrusion threat intelligence model

The intrusion threat intelligence model is oriented toward gathering and processing threat intelligence feeds and indicators, rather than correlating repeated event occurrences over weeks to establish single-adversary attribution.

Ccompliance and Intrusion modelCorrect

The compliance and intrusion model provides a structured framework for tracking cybersecurity events that share common indicators or characteristics across an extended period such as several weeks. By linking these event instances through shared illustrations or data points, analysts can establish patterns of behavior and trace the activity back to a single responsible threat actor. This longitudinal correlation and attribution function is the model's primary purpose.

Ddiamond model of intrusion

The diamond model of intrusion describes the structural relationship between adversary, capability, infrastructure, and victim for individual events, but its primary purpose is not the longitudinal correlation of recurring event instances over weeks.

Concept tested: Correlating recurring security events to one adversary over time

Topics

#diamond model#intrusion analysis#threat intelligence#adversary attribution

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice