A)

i) Threat modelling is the process of identifying threats to a data-tier application and then classify and rate the threats that have been discovered in order to determine the most critical to address.

-List the six steps for threat modelling.

ii) Chris receives a message that his clients cannot research the company's website. Upon investigation he discovers that the router responsible for directing traffic to the web server is receiving an alarming amount of malformed ICMP (Internet Control Message Protocol) requests per second.

- What type of attack is the company currently victim of? In order to analyse the attack clearly state three actions required by the security team to respond to the network incident.

iii) Access controls are a collection of mechanisms that work together to protect the assets of the enterprise. Give four examples of what access control enables management to do.

-WRITE THE ANSWER BY THE KEYBOARD-