AB_Security and Risk Management > Threat Modeling > Flashcards

Threat Modeling Flashcards

(11 cards)

Study These Flashcards
1
Q

What is a defensive approach to Threat Modeling?

A

Prediction of threats and designing in specific defenses during the coding and crafting process, rather than relying on post deployment mitigation such as patches and updates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is FUZZ testing?

A

Subjecting software to invalid inputs to trigger known software vulnerabilities such as buffer overflows, software crashes, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name the three types of Threat Modeling?

A
  1. Focused on Assets
  2. Focused on Attackers
  3. Focused on Software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Name the elements of the STRIDE model (Microsoft).

A
  1. Spoofing-bypass security mechanisms with fake credentials
  2. Tampering- affect the integrity of
  3. Repudiation-ability to deny accountability
  4. Information disclosure
  5. DoS
  6. Elevation of privilege
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the purpose of creating a Threat Model Diagram?

A

Helps detail the function and purpose of each element of a business task, development process or work activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Reduction Analysis?

A

Also known as decomposing the application, system, or environment to gain a greater understanding of the logic of products as well as its interactions and external elements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the Key Concepts in Reduction Analysis? (TDIPD)

A
  1. Trust Boundaries- where level of trust changes
  2. Data Flow Paths- Movement of data between locations
  3. Input Points- Location where external input received
  4. Privileged Operations- Any activity that requires greater privileges than a standard user
  5. Details about Security Stance and Approach- Declaration of the security: policy, foundations and assumptions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the DREAD system used for?

A

DREAD is used to rank or rate threats identified in Threat Modeling for prioritization and response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does DREAD stand for?

A

D=Damage potential-How sever would damage be
R=Reproducibility-How complicated to reproduce the exploit
E=How hard is it to exploit the attack
A=Affected users-How many users can be affected?
D=Discoverability= How hard for an attacker to discover the weakness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are three ways to integrate security risk considerations in an acquisition strategy and practice?

A
  1. Onsite assessment
  2. Document and exchange review
  3. Process/Policy review
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the elements of a Security Plan?

A
  1. Security policy
  2. Standards
  3. Baselines
  4. Guidelines
  5. Procedures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
AB_Security and Risk Management
flashcards
Decks in class (4)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions