In the Diamond Model of Intrusion Analysis, 'Capability' is the correct component that answers the question 'What was exploited during the incident?' as it encompasses the adversary's tools, techniques, and the knowledge they use to exploit vulnerabilities. 'Infrastructure' relates to the physical and digital means through which the adversary operates. 'Victim' denotes the entities affected by the incident, and 'Adversary' refers to the individual, group, or organization perpetrating the intrusion, neither of which directly relates to the exploited aspects in the incident.