A cybersecurity analyst detects a significant and anomalous increase in outbound data from a critical server, consistent with data exfiltration. To trace the path of the stolen data and identify the external systems involved, which core component of the Diamond Model of Intrusion Analysis should the analyst prioritize investigating?
The correct answer is 'Infrastructure'. In the Diamond Model, the 'Infrastructure' vertex represents the systems and networks, such as C2 servers, IP addresses, and domains, that the adversary uses to conduct the attack. When responding to data exfiltration, prioritizing the investigation of the adversary's infrastructure is critical for identifying the destination of the stolen data and disrupting the C2 channels. While the 'Adversary', 'Victim', and 'Capability' are all essential components of the model, 'Infrastructure' is the most direct element to investigate to trace the data's path and identify external connections.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Diamond Model of Intrusion Analysis?
Open an interactive chat with Bash
How does analyzing adversary infrastructure help in data exfiltration cases?
Open an interactive chat with Bash
How does adversary infrastructure differ from adversary tools?