Q.1 The following is a part of a threat model, except _________.
A. A list of potential threats
B. Analysis of actions taken
C. Implementation of processes
D. Mitigation steps for each threat
Ans : Analysis of actions taken
Q.2 Which of the following security property does Spoofing violate?
A. Confidentiality
B. Authentication
C. Integrity
D. Availability
Ans : Authentication
Q.3 ________ generates a map that illustrates how the user moves through various features of the application.
A. Data Flow Diagram
B. Process Flow Diagram
C. Entity Diagram
D. Sequence Diagram
Ans : Process Flow Diagram
Q.4 DREAD model can be used for ________.
A. Identifying threats
B. Documentation
C. Rating threats
D. Identifying assets
Ans : Rating threats
Q.5 Which of the following is a tangible asset?
A. Data on a database
B. Brand Reputation
C. Patent
D. Goodwill
Ans : Data on a database
Q.6 A ‘requirements model’ is the foundation of the __________ methodology.
A. PASTA
B. OCTAVE
C. Trike
D. STRIDE
Ans : Trike
Q.7 Which of the following threat can be handled using access control?
A. Elevation of privilege
B. Tampering
C. Denial of Service
D. Information Disclosure
E. All the options
Ans : All the options
Q.8 ________ helps bridge the gap between development and security.
A. Threat Modeling
B. Visualization using DFDs
C. Testing
D. Security analysis
Ans : Threat Modeling
Q.9 Which of the following are the advantages of threat modeling?
A. Helps find security bugs early
B. Helps understand security requirements
C. Helps engineer and deliver better products
D. All the options
Ans : All the options
Q.10 Which of the following security property does Tampering violate?
A. Availability
B. Integrity
C. Authentication
D. Confidentiality
Ans : Integrity
Q.11 Identity theft is an example of __________.
A. Tampering
B. Non-Repudiation
C. DoS
D. Spoofing
Ans : Spoofing
Q.12 Multifactor authentication can be used to handle _________.
A. Spoofing
B. Tampering
C. DoS
D. Repudiation
Ans : Spoofing
Q.13 The number of distinct symbols that can be used in DFDs is __________.
A. Four
B. Six
C. Depends on the application
D. Five
Ans : Five
Q.14 Which of the following terms can be used to describe the scenario where a program or user is technically able to do things they are not supposed to do?
A. Elevation of Privilege
B. Spoofing
C. Repudiation
D. Tampering
Ans : Elevation of Privilege
Q.15 Denial of Service hinders _________.
A. Availability
B. Authenticity
C. Confidentiality
D. Integrity
Ans : Availability
Q.16 _________ is a medium that allows data to flow between domains of trust.
A. Trust boundary
B. Attack Vector
C. Data Flow
D. Data Store
Ans : Trust boundary
Q.17 Which of the following issues can be addressed using an efficient logging system?
A. Denial of Service
B. Repudiation
C. Tampering
D. Spoofing
Ans : Repudiation
Q.18 Microsoft’s Threat Modeling tool uses __________ threat classification scheme.
A. VAST
B. OCTAVE
C. STRIDE
D. Trike
Ans : STRIDE
Q.19 In DFDs, the context diagram represents the ____________.
A. Overview of processes, inputs and outputs
B. Data flow in all modules
C. Complete system design
D. All the options
Ans : Data flow in all modules
Q.20 DFDs can be used to determine the timing/sequencing of the processes.
A. True
B. False
Ans : False