Answered step by step
Verified Expert Solution
Link Copied!
Question
1 Approved Answer

Question 19 Match the threat category to its definition. Accidental Discovery Automated Malware The Curious Attacker Script Kiddies The Motivated Attacker Organized Crime A. a

Question 19

Match the threat category to its definition.

Accidental Discovery

Automated Malware

The Curious Attacker

Script Kiddies

The Motivated Attacker

Organized Crime

A.

a security researcher or ordinary user, who notices something wrong with the application, and decides to pursue further.

B.

Criminals seeking high stake payouts

C.

a disgruntled staff member with inside knowledge or a paid professional attacker

D.

An ordinary user stumbles across a functional mistake in your application, just using a web browser, and gains access to privileged information or functionality.

E.

Common renegades

F.

Programs or scripts, which are searching for known vulnerabilities, and then report them back to a central collection site.

10 points

Question 20

Impersonating something or someone else.

spoofing

aliasing

decoy

imposter

10 points

Question 21

Modifying code or data without authorization.

rendering

modification

meddle

tampering

10 points

Question 22

NOT (the ability to claim to have not performed some action against an application).

non-repudiation

encryption

debunking

non-exposure

10 points

Question 23

What does elevation of privilege mean?

the ability of a user to elevate their privileges by signing on to a system with a higher level user

the ability of a user to elevate their privileges with an application without authorization

the ability of a user to elevate their privileges by impersonating someone else

the ability of a user to elevate their privileges by using a man-in-the-middle attack

10 points

Question 24

What is the name of the Microsoft tool that based upon CISF?

Risk Tracker

WPL

SDL

TAM

10 points

Question 25

Which is an open source threat modeling tool?

TAM

TRIKE

ThreatMind

CORBA

10 points

Question 26

What is the name of the threat modeling tool developed by CERT?

CVSS

TRIKE

OCTAVE

AS/NZ 4360

10 points

Question 27

Risk is _____ when the risk inherent in the action is illustrated to the user and the user accepts that risk in order to use that feature.

accepted

avoided

transferred

reduced

10 points

Question 28

The Microsoft SDL tool is based upon the STRIDE approach.

True

False

10 points

Question 29

OWASP recommends Microsofts threat modeling process because it works well for addressing the unique challenges facing web application security and is simple to learn and adopt by designers, developers, code reviewers, and the quality assurance team.

True

False

10 points

Question 30

Using strong cryptography appropriately is believed to be a strong countermeasure to many types of denial of service threats.

True

False

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image
Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Intelligent Information And Database Systems Asian Conference Aciids 2012 Kaohsiung Taiwan March 2012 Proceedings Part 2 Lnai 7197

Authors: Jeng-Shyang Pan ,Shyi-Ming Chen ,Ngoc-Thanh Nguyen

2012th Edition

3642284892, 978-3642284892

More Books

Students explore these related Databases questions