Cisco
210-255 · Question #179
210-255 Question #179: Real Exam Question with Answer & Explanation
The correct answer is C: compliance and Intrusion model. The compliance and intrusion model is used to correlate multiple related security event instances observed over time and attribute them collectively to a single adversary.
Network Intrusion Analysis
Question
Which concept is used to understand instances of the same cybersecurity event occurring over the course of a few weeks that could be linked together through multiple illustrations and then linked back to the same adversary?
Options
- Athreat model
- Bintrusion threat intelligence model
- Ccompliance and Intrusion model
- Ddiamond model of intrusion
Explanation
The compliance and intrusion model is used to correlate multiple related security event instances observed over time and attribute them collectively to a single adversary.
Common mistakes.
- A. A threat model focuses on identifying and prioritizing potential threats to a system during the design or assessment phase, not on correlating observed historical events to a specific adversary.
- B. The intrusion threat intelligence model is oriented toward gathering and processing threat intelligence feeds and indicators, rather than correlating repeated event occurrences over weeks to establish single-adversary attribution.
- D. The diamond model of intrusion describes the structural relationship between adversary, capability, infrastructure, and victim for individual events, but its primary purpose is not the longitudinal correlation of recurring event instances over weeks.
Concept tested. Correlating recurring security events to one adversary over time
Topics
#diamond model#intrusion analysis#threat intelligence#adversary attribution
Community Discussion
No community discussion yet for this question.