wk-2 Quiz

Which is a privacy analog to security threat modeling?

	a.	Privacy impact statement
	b.	Disclosure
	c.	Privacy ratchet
	d.	Slider

Sending an email with confidential information to the wrong email address is an example of which component of STRIDE?

	a.	Spoofing
	b.	Information disclosure
	c.	Repudiation
	d.	Elevation of privileges

Failure to review privileges after a corporate reorganization is an example of which component of STRIDE?

	a.	Elevation of privilege
	b.	Denial of service
	c.	Tampering
	d.	Spoofing

Which of the following steps are not part of developing an attack tree?

	a.	Create subnodes
	b.	Decide on representation
	c.	Attack the system
	d.	Consider completeness

Forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source is an example of which component of STRIDE?

	a.	Denial of Service
	b.	Tampering
	c.	Spoofing
	d.	Elevation of privileges

Flooding a website with requests is an example of which component of STRIDE?

	a.	Elevation of privilege
	b.	Tampering
	c.	Spoofing
	d.	Denial of service

Having no proof after the fact of the principals involved in a transaction is an example of which component of STRIDE?

	a.	Elevation of privileges
	b.	Tampering
	c.	Repudiation
	d.	Spoofing

Which is a comprehensive dictionary and classification taxonomy of known attacks that can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses?

	a.	KUPCHAK
	b.	CPAP
	c.	PAYCHECK
	d.	CAPEC

Modification of a file that is owned by another user is an example of which component of STRIDE?

	a.	Tampering
	b.	Elevation of privileges
	c.	Spoofing
	d.	Denial of service

What type of an attack tree requires the state of the node to depend on all sub nodes to be true?

	a.	IIF Tree
	b.	NEUTRAL Tree
	c.	AND Tree
	d.	OR Tree