SDL Threat Modeling & Risk Assessment

Question 1

What is the main purpose of threat modeling in software development?

Accepted Answer

To identify security threats and mitigate risks

Answer

To design user interfaces.

Answer

To speed up deployment.

Answer

To write code faster.

Question 2

Which technique is commonly used for systematic threat modeling?

Accepted Answer

STRIDE

Answer

PERT.

Answer

Gantt chart.

Answer

Fishbone diagram.

Question 3

What does the 'D' in STRIDE stand for?

Accepted Answer

Denial of Service

Answer

Data theft.

Answer

Debugging.

Answer

Deployment.

Question 4

Why is risk assessment important after threat modeling?

Accepted Answer

To prioritize and manage risks effectively

Answer

To ignore low priority risks.

Answer

To delay project deadlines.

Answer

To reduce software quality.

Question 5

What is an attack surface in threat modeling?

Accepted Answer

All points vulnerable to attack

Answer

The project schedule.

Answer

The project budget.

Answer

The team size.

Question 6

Which is a key output of risk assessment?

Accepted Answer

Risk register

Answer

Final project report.

Answer

Budget forecast.

Answer

User manuals.

Question 7

What is residual risk?

Accepted Answer

Risk remaining after mitigation

Answer

Risk before mitigation.

Answer

Risk transferred to another party.

Answer

Risk accepted by stakeholders.

Question 8

Why is documentation critical in threat modeling?

Accepted Answer

It supports communication and traceability

Answer

It is optional.

Answer

It increases workload unnecessarily.

Answer

It delays project deployment.

Question 9

Which stakeholder is typically responsible for managing identified risks?

Accepted Answer

Project manager

Answer

End users.

Answer

Vendors.

Answer

Testers only.