In the Diamond Model of Intrusion Analysis, 'Capability' is the correct component that answers the question 'What was exploited during the incident?' as it encompasses the adversary's tools, techniques, and the knowledge they use to exploit vulnerabilities. 'Infrastructure' relates to the physical and digital means through which the adversary operates. 'Victim' denotes the entities affected by the incident, and 'Adversary' refers to the individual, group, or organization perpetrating the intrusion, neither of which directly relates to the exploited aspects in the incident.
Learn More
AI Generated Content may display inaccurate information, always double-check anything important.
What is the Diamond Model of Intrusion Analysis?
What does 'Capability' specifically refer to in the Diamond Model?
How do the components of the Diamond Model interact with each other?