CompTIA CySA+ CS0-003 Practice Question
During an incident analysis session, a security analyst is charting out an intrusion based on the intersection of different elements like the tools used, the infrastructure leveraged for attack execution, and the profile of the threat actor. Without explicitly classifying these elements, the analyst is attempting to recognize patterns and adversaries through correlating disparate but related events. Which analysis framework aligns with the analyst's approach for gaining actionable intelligence?
Diamond Model of Intrusion Analysis
Indicators of Compromise (IoCs) framework
Adversary Tactics, Techniques, and Common Knowledge (ATT&CK)
Preparation phase of Incident Response lifecycle