PREVIOUS QUESTION & ANSWER

Q :
A :

 ·         Question 1

5 out of 5 points

   

Correct

What is one drawback to the "Think like an attacker" approach to threat modeling?

     

Selected Answer:

Correct 

b. If you get things wrong, your threat model is wrong

Answers:

a. Attackers are often more sophisticated than security professionals

 

Correct 

b. If you get things wrong, your threat model is wrong

 

c. Attackers just think differently from "normal" people

 

d. There really aren't any drawbacks to this approach

     

·         Question 2

5 out of 5 points

   

Correct

Which two are examples of D threats (in STRIDE)?

     

Selected Answers:

Correct 

b. Filling the disk with useless data

 

Correct 

d. Flooding a server with more network packets than it can handle

Answers:

a. Modifying a file without authorization

 

Correct 

b. Filling the disk with useless data

 

c. Using SQL injection to read database tables

 

Correct 

d. Flooding a server with more network packets than it can handle

     

·         Question 3

5 out of 5 points

   

Correct

Which two are examples of T threats (in STRIDE)?

     

Selected Answers:

Correct 

a. Modifying a file without authorization

 

Correct 

c. Modifying intercepted network packets

Answers:

Correct 

a. Modifying a file without authorization

 

b. Claiming that a package was never received

 

Correct 

c. Modifying intercepted network packets

 

d. Using SQL injection to read database tables

     

·         Question 4

5 out of 5 points

   

Correct

What is one drawback for using Pen tests and Red teams to find security issues?

     

Selected Answer:

Correct 

b. Bug (issue) fixes are more expensive to implement after a software product is complete.

Answers:

a. Pen tests and Red teams only look for recurring issues.

 

Correct 

b. Bug (issue) fixes are more expensive to implement after a software product is complete.

 

c. Pen tests and Red teams are better at finding the low hanging fruit.

 

d. Red teams require eternal personnel to be productive.

     

·         Question 5

5 out of 5 points

   

Correct

What is a threat?

     

Selected Answer:

Correct 

b. Some bad thing that might happen

Answers:

a. An attempt to attack some weakness

 

Correct 

b. Some bad thing that might happen

 

c. A weakness that may be exploited

 

d. The likelihood that an attack will succeed against a weakness

     

·         Question 6

5 out of 5 points

   

Correct

What is the first question you must ask when threat modeling?

     

Selected Answer:

Correct 

c. What are you building?

Answers:

a. What are you looking for?

 

b. What are the risks?

 

Correct 

c. What are you building?

 

d. What is the impact?

     

·         Question 7

5 out of 5 points

   

Correct

What is the last step in threat modeling?

     

Selected Answer:

Correct 

Check your work on 1-3

Answers:

What are you building?

 

What can go wrong?

 

What are you going to do about it?

 

Correct 

Check your work on 1-3

     

·         Question 8

5 out of 5 points

   

Correct

What is threat modeling?

     

Selected Answer:

Correct 

b. Using models to find security threats

Answers:

a. Simulating threats by examining fictitious software products

 

Correct 

b. Using models to find security threats

 

c. Mapping known attacks to a functioning system

 

d. Attempting to think like an attacker

     

·         Question 9

5 out of 5 points

   

Correct

Which methods are commonly used to build visual models of your system?

     

Selected Answers:

Correct 

b. Whiteboards

 

Correct 

d. Swim lanes

Answers:

a. Brainstorming

 

Correct 

b. Whiteboards

 

c. Monte Carol simulation

 

Correct 

d. Swim lanes

     

·         Question 10

5 out of 5 points

   

Correct

Threat modeling benefits software development more than just finding security issues by:

     

Selected Answer:

Correct 

a. Helping to understand requirements better.

Answers:

Correct 

a. Helping to understand requirements better.

 

b. Reducing the cost of software development.

 

c. Reducing the "time-to-market" for distributed applications.

 

d. Increasing the number of software bugs found.

     

·         Question 1

10 out of 10 points

   
 

Confidentiality is about the individual.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 2

10 out of 10 points

   
 

In regards to the nymity slider, it is easy to move to the left (less privacy) and hard to move to the right (more privacy).

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 3

10 out of 10 points

   
 

LINDDUN is an explicit mirror of STRIDE-per-element for privacy threat modeling.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 4

10 out of 10 points

   
 

Privacy is about the individual.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 5

10 out of 10 points

   
 

The I in LINDDUN represents:

     

Selected Answer:

Identifiability

Answers:

Information Disclosure

 

Identifiability

 

Impact Assessment

 

Interoperability

     

·         Question 6

10 out of 10 points

   
 

A PIA is?

     

Selected Answer:

A systematic process that identifies and evaluates, from the perspective of all stakeholders the potential effects on privacy.

Answers:

A way to determine risk factors.

 

A systematic process that identifies and evaluates, from the perspective of all stakeholders the potential effects on privacy.

 

A methodology addressing variations of attacks.

 

done at the beginning of the project.

     

·         Question 7

10 out of 10 points

   
 

When using a contextual integrity approach, which of the following is not associated with a context?

     

Selected Answer:

nymity

Answers:

nymity

 

roles

 

activities

 

norms

     

·         Question 8

10 out of 10 points

   
 

Which of the following should you track when tracking assumptions?

     

Selected Answers:

The assumption

 

The impact if it's wrong

 

Who can tell you if it's wrong

 

A bug # for tracking

Answers:

The assumption

 

The impact if it's wrong

 

Who can tell you if it's wrong

 

A bug # for tracking

     

·         Question 9

10 out of 10 points

   
 

Which of these are poor definitions of privacy?

     

Selected Answers:

Lots of land with trees & bushes

 

Curtains or venetian blinds

 

Freedom from surveillance

 

Anonymity

 

Swiss bank accounts

 

A property you can achieve by simply applying security technologies.

Answers:

Lots of land with trees & bushes



 

Curtains or venetian blinds

 

Freedom from surveillance

 

Anonymity

 

Swiss bank accounts

 

A property you can achieve by simply applying security technologies.

     

·         Question 10

10 out of 10 points

   
 

Privacy threats are?

     

Selected Answer:

Where a required privacy is violated.

Answers:

Outbound data flows.

 

Where a required privacy is violated.

 

Cryptographic hashes.

 

Adaptive chosen ciphertext attacks.

     

 


Related Questions & Answer

Get Your Solution Free




Get Your Solution Paid




DEMO