Question 19 Match the threat category to its definition Accidental Discovery Automated Malware The Curious Attacker Script Kiddies The Motivated Attacker Organized Crime A a security researcher or ordinary user, who notices something wrong with the application, and decides to pursue further B Criminals seeking high stake payouts C a disgruntled staff member with inside knowledge or a paid professional attacker D An ordinary user stumbles across a functional mistake in your application, just using a web browser, and gains access to privileged information or functionality E Common renegades F Programs or scripts, which are searching for known vulnerabilities, and then report them back to a central collection site 10 points Question 20 Impersonating something or someone else spoofing aliasing decoy imposter 10 points Question 21 Modifying code or data without authorization rendering modification meddle tampering 10 points Question 22 NOT (the ability to claim to have not performed some action against an application) non repudiation encryption debunking non exposure 10 points Question 23 What does elevation of privilege mean the ability of a user to elevate their privileges by signing on to a system with a higher level user the ability of a user to elevate their privileges with an application without authorization the ability of a user to elevate their privileges by impersonating someone else the ability of a user to elevate their privileges by using a man in the middle attack 10 points Question 24 What is the name of the Microsoft tool that based upon CISF Risk Tracker WPL SDL TAM 10 points Question 25 Which is an open source threat modeling tool TAM TRIKE ThreatMind CORBA 10 points Question 26 What is the name of the threat modeling tool developed by CERT CVSS TRIKE OCTAVE AS NZ 4360 10 points Question 27 Risk is when the risk inherent in the action is illustrated to the user and the user accepts that risk in order to use that feature accepted avoided transferred reduced 10 points Question 28 The Microsoft SDL tool is based upon the STRIDE approach True False 10 points Question 29 OWASP recommends Microsofts threat modeling process because it works well for addressing the unique challenges facing web application security and is simple to learn and adopt by designers, developers, code reviewers, and the quality assurance team True False 10 points Question 30 Using strong cryptography appropriately is believed to be a strong countermeasure to many types of denial of service threats True False

The Answer is in the image, click to view ...

Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Sep 25, 2024

Question 19 Match the threat category to its definition. Accidental Discovery Automated Malware The Curious Attacker Script Kiddies The Motivated Attacker Organized Crime A. a

Question 19

Match the threat category to its definition.

Accidental Discovery

Automated Malware

The Curious Attacker

Script Kiddies

The Motivated Attacker

Organized Crime

A.	a security researcher or ordinary user, who notices something wrong with the application, and decides to pursue further.
B.	Criminals seeking high stake payouts
C.	a disgruntled staff member with inside knowledge or a paid professional attacker
D.	An ordinary user stumbles across a functional mistake in your application, just using a web browser, and gains access to privileged information or functionality.
E.	Common renegades
F.	Programs or scripts, which are searching for known vulnerabilities, and then report them back to a central collection site.

10 points

Question 20

Impersonating something or someone else.

		spoofing
		aliasing
		decoy
		imposter

10 points

Question 21

Modifying code or data without authorization.

		rendering
		modification
		meddle
		tampering

10 points

Question 22

NOT (the ability to claim to have not performed some action against an application).

		non-repudiation
		encryption
		debunking
		non-exposure

10 points

Question 23

What does elevation of privilege mean?

		the ability of a user to elevate their privileges by signing on to a system with a higher level user
		the ability of a user to elevate their privileges with an application without authorization
		the ability of a user to elevate their privileges by impersonating someone else
		the ability of a user to elevate their privileges by using a man-in-the-middle attack

10 points

Question 24

What is the name of the Microsoft tool that based upon CISF?

		Risk Tracker
		WPL
		SDL
		TAM

10 points

Question 25

Which is an open source threat modeling tool?

		TAM
		TRIKE
		ThreatMind
		CORBA

10 points

Question 26

What is the name of the threat modeling tool developed by CERT?

		CVSS
		TRIKE
		OCTAVE
		AS/NZ 4360

10 points

Question 27

Risk is _____ when the risk inherent in the action is illustrated to the user and the user accepts that risk in order to use that feature.

		accepted
		avoided
		transferred
		reduced

10 points

Question 28

The Microsoft SDL tool is based upon the STRIDE approach.

True

False

10 points

Question 29

OWASP recommends Microsofts threat modeling process because it works well for addressing the unique challenges facing web application security and is simple to learn and adopt by designers, developers, code reviewers, and the quality assurance team.

True

False

10 points

Question 30

Using strong cryptography appropriately is believed to be a strong countermeasure to many types of denial of service threats.

True

False