App Security Engineer Threat Modeling

Question 1

What is the primary goal of threat modeling?

Accepted Answer

To identify and mitigate security risks early

Answer

Threat modeling helps identify security risks early in the software development lifecycle to mitigate potential threats before deployment.

Question 2

Which of the following is a widely used threat modeling framework?

Accepted Answer

STRIDE

Answer

The STRIDE model categorizes threats into Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

Question 3

Why is data flow analysis important in threat modeling?

Accepted Answer

It identifies vulnerabilities in data transmission and storage

Answer

Analyzing data flow helps identify potential security vulnerabilities at various points where data is transmitted, processed, or stored.

Question 4

Which threat category in STRIDE involves unauthorized data modification?

Accepted Answer

Tampering

Answer

Tampering occurs when an attacker modifies data to alter its integrity, leading to compromised security.

Question 5

What is the primary benefit of implementing threat modeling in the early stages of development?

Accepted Answer

It reduces the cost of fixing security issues

Answer

Early threat modeling reduces the cost and effort of fixing security vulnerabilities compared to addressing them post-deployment.

(CASE) Certified Application Security Engineer Practice Test