Question
Can any one help with quiz QUESTION 5 What is the best definition of a trust boundary? a. The border between two countries b. Everywhere
Can any one help with quiz
QUESTION 5
What is the best definition of a trust boundary?
a. The border between two countries | ||
b. Everywhere two principals interact | ||
c. Where you start threat modeling | ||
d. Where there is untrusted data |
10.00000 points
QUESTION 6
What is the focus of privacy?
a. Data | ||
b. The individual | ||
c. Confidentiality | ||
d. Being undetected |
10.00000 points
QUESTION 7
What is one drawback to focusing on assets when threat modeling?
a. Stepping stones may be lower in priority | ||
b. Impossible to enumerate all assets | ||
c. Difficult to place a value on assets | ||
d. Asset valuation is an accounting concept, not security |
10.00000 points
QUESTION 8
What is the most likely response an attacker will have to a mitigation you have deployed?
a. Defeat the mitigation control | ||
b. Attack some other system | ||
c. Look for an easier attack path | ||
d. Give up |
10.00000 points
QUESTION 9
What is the visual goal for presenting an attack tree?
a. No more than a single page | ||
b. No more than a page for each level | ||
c. Between 1 and 3 pages | ||
d. As many pages as necessary to include all nodes |
10.00000 points
QUESTION 10
What is the best way to accept risk in an internal software project? (Choose the best answer)
a. Developers do this all the time | ||
b. File a bug | ||
c. Discuss the decision with management | ||
d. Via a modal dialog |
10.00000 points
QUESTION 11
When should you start to threat model in a software development project?
a. When coding starts | ||
b. When the project begins | ||
c. When initial coding is complete | ||
d. As part of the delivery phase |
10.00000 points
QUESTION 12
Which approach to threat modeling is best when time is limited?
a. Depth first | ||
b. Top down | ||
c. Breadth first | ||
d. Bottom up |
10.00000 points
QUESTION 13
Which attack tree representation generally takes more work but can help the reader to focus their attention better?
a. Graphically | ||
b. Linear map | ||
c. Directed graph | ||
d. Outline |
10.00000 points
QUESTION 14
Which of the following can have integrity protections applied to them? (choose all that apply)
a. Disk | ||
b. People | ||
c. Network | ||
d. Memory |
10.00000 points
QUESTION 15
Which of these is NOT a good prioritization strategy? (choose all that apply)
a. Wait and see | ||
b. Randomly fix issues | ||
c. DREAD | ||
d. Bug bars |
10.00000 points
QUESTION 16
Which of these is not an appropriate way to address a threat?
a. Fix it | ||
b. Accept it | ||
c. Document it internally so you can manage it in the next release | ||
d. Transfer the risk |
10.00000 points
QUESTION 17
Which two are examples of E threats (in STRIDE)?
a. Calling web pages directly without credentials | ||
b. Claiming that a package was never received | ||
c. Finding crypto keys on disk | ||
d. Sending input to a program that causes it to crash |
10.00000 points
QUESTION 18
Which two are examples of I threats (in STRIDE)?
a. Sending input to a program that causes it to crash | ||
b. Using SQL injection to read database tables | ||
c. Finding crypto keys on disk | ||
d. Filling the disk with useless data |
10.00000 points
QUESTION 19
Which two are examples of R threats (in STRIDE)?
a. Calling web pages directly without credentials | ||
b. Claiming that a package was never received | ||
c. Filling logs files with useless data | ||
d. Finding crypto keys on disk |
10.00000 points
QUESTION 20
Which two are examples of S threats (in STRIDE)?
a. Creating an executable file in a local directory | ||
b. Redirecting an IP address to another host | ||
c. Finding crypto keys on disk | ||
d. Claiming that a package was never received |
10.00000 points
QUESTION 21
Which type of STRIDE threat violates Authentication?
a. Spoofing | ||
b. Repudiation | ||
c. Information Disclosure | ||
d. Tampering |
10.00000 points
QUESTION 22
Which type of STRIDE threat violates Authorization?
a. Tampering | ||
b. Denial-of-Service | ||
c. Information Disclosure | ||
d. Elevation of Privilege |
10.00000 points
QUESTION 23
Which type of STRIDE threat violates Availability?
a. Repudiation | ||
b. Denial-of-Service | ||
c. Spoofing | ||
d. Elevation of Privilege |
10.00000 points
QUESTION 24
Which type of attack tree contains nodes that are true if any of the nodes below it are true?
a. OR | ||
b. AND | ||
c. NOT | ||
d. NOR |
10.00000 points
QUESTION 25
Which is the most difficult type of attack tree for you to create?
a. Trees developed by someone else for their organization | ||
b. Trees you develop for your own organization | ||
c. Trees you develop for general use | ||
d. Commercially developed attack trees |
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started