Digital : Threat Modeling_FP (58579)
Software Security (4774) : SSA E1 Developer (13256)
Digital : Threat Modeling_FP Assessment Answers (58579)
Which of the following terms can be used to describe the scenario where a program or user is technically able to do things they are not supposed to do?
a. Tampering
b. Elevation of Privilege
c. Repudiation
d. Spoofing
Answer: Elevation of Privilege
Which of the following mitigation strategies might be effective in handling threats caused by network monitoring?
a. Logging and auditing
b. Access Control
c. Encryption
d. Filtering
Answer: Encryption
In DFDs, the context diagram represents the ____________.
a. All the options
b. Overview of processes, inputs and outputs
c. Data flow in all modules
d. Complete system design
Answer: Overview of processes, inputs and outputs
DFDs can be used to determine the timing sequencing of the processes. Choose the correct option from below list
a. True
b. False
Answer: False
An action that harms an asset is ________. Choose the correct option from below list
a. Attack
b. Threat
c. Vulnerability
Answer: Attack
The number of distinct symbols that can be used in DFDs is __________. Choose the correct option from below list
a. Six
b. Five
c. Depends on the application
d. Four
Answer: Five
The output of the threat modeling process is a _________ which details out the threats and mitigation steps. Choose the correct option from below list
a. Document
b. DFD
c. PFD
d. List
Answer: Document
Which of the following threat can be handled using access control? Choose the correct option from below list
a. Information Disclosure
b. Tampering
c. Denial of Service
d. Elevation of privilege
e. All the options
Answer: All the options
The theft of intellectual property is a threat to information security. Choose the correct option from below list
a. True
b. False
Answer: True
_________ is a medium that allows data to flow between domains of trust. Choose the correct option from below list
a. Data Flow
b. Data Store
c. Trust boundary
d. Attack Vector
Answer: Trust boundary
Denial of Service hinders _________. Choose the correct option from below list
a. Integrity
b. Confidentiality
c. Availability
d. Authenticity
Answer: Availability
Process Flow Diagrams are used by ___________. Choose the correct option from below list
a. Application Threat Models
b. Operational Threat Models
Answer: Application Threat Models
Which of the following security property does Tampering violate? Choose the correct option from below list
a. Authentication
b. Integrity
c. Confidentiality
d. Availability
Answer: Integrity
The following is a part of a threat model, except _________. Choose the correct option from below list
a. Mitigation steps for each threat
b. Implementation of processes
c. A list of potential threats
d. Analysis of actions taken
Answer: Implementation of processes
Which of the following is a tangible asset? Choose the correct option from below list
a. Brand Reputation
b. Data on a database
c. Patent
d. Goodwill
Answer: Data on a database
DREAD model can be used for ________. Choose the correct option from below list
a. Identifying threats
b. Rating threats
c. Identifying assets
d. Documentation
Answer: Rating threats
Which among the following methodologies distinguishes the security concerns of development from those of the infrastructure team? Choose the correct option from below list
a. VAST
b. OCTAVE
c. Trike
d. STRIDE
Answer: VAST
Identity theft is an example of __________. Choose the correct option from below list
a. Spoofing
b. Non-Repudiation
c. DoS
d. Tampering
Answer: Spoofing
Which of the following issues can be addressed using an efficient logging system? Choose the correct option from below list
a. Spoofing
b. Tampering
c. Repudiation
d. Denial of Service
Answer: Repudiation
Microsoft’s Threat Modeling tool uses __________ threat classification scheme. Choose the correct option from below list
a. VAST
b. STRIDE
c. Trike
d. PASTA
e. OCTAVE
Answer: STRIDE
Multifactor authentication can be used to handle _________. Choose the correct option from below list
a. Spoofing
b. Repudiation
c. Tampering
d. DoS
Answer: Spoofing
Which of the following are the advantages of threat modeling? Choose the correct option from below list
a. Helps engineer and deliver better products
b. Helps find security bugs early
c. All the options
d. Helps understand security requirements
Answer: All the options
Choose the correct option. Choose the correct option from below list
a. Threat = Risk * Vulnerability
b. Threat = Vulnerability * Attack
c. Risk = Threat * Loss
d. Risk = Threat * Vulnerability
Answer: Risk = Threat * Vulnerability
A 'requirements model' is the foundation of the __________ methodology. Choose the correct option from below list
a. PASTA
b. Trike
c. OCTAVE
d. STRIDE
Answer: Trike
________ generates a map that illustrates how the user moves through various features of the application. Choose the correct option from below list
a. Process Flow Diagram
b. Sequence Diagram
c. Data Flow Diagram
d. Entity Diagram
Answer: Process Flow Diagram
Which of the following security property does Spoofing violate? Choose the correct option from below list
a. Authentication
b. Availability
c. Confidentiality
d. Integrity
Answer: Authentication
Which of the following best describes the threat modeling process? Choose the correct option from below list
a. Fixed
b. Iterative
c. Seldom refined
d. Deterministic
Answer: Iterative
It is better to perform threat modeling from the early stages of the SDLC. Choose the correct option from below list
a. True
b. False
Answer: True
Note: This MCQ aims to achieve a 90% accuracy rate. If you notice any errors in the answers, please comment below and contribute to reaching 100% accuracy.
----------------------
TAGS: Software Security Answers, 4774 Course Answers, IEvolve 4774, iEvolve Answers, SSA E1 Developer Assessment, 58579 Course Answers, SSA Developer, SSA E1 Developer Course Answers, iEvolve 58579 Course Answers, Software Security SSA Developer Answers, Software Security E1 Answers, Course Answers, IEvolve Course Answers.