Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Can any one help with the Quiz QUESTION 1 What is a vulnerability? a. An attempt

ID: 3699194 • Letter: C

Question

Can any one help with the Quiz

QUESTION 1

What is a vulnerability?

a. An attempt to attack some weakness

b. Some bad thing that might happen

c. A weakness that may be exploited

d. The likelihood that an attack will succeed against a weakness

10.00000 points   

QUESTION 2

What is an attack library?

a. Central repository of all known attacks

b. Collection of detailed lists of common problems

c. Structured list of threats and prioritized remediations

d. Commercially available collections of attack trees

10.00000 points   

QUESTION 3

What is an attack tree?

a. Formal way to categorize attacks based on severity

b. Formal way to describe the security of a system based on attacks

c. Informal diagramming option when attempting to organize discovered threats

d. Structured way to categorize discovered threats

10.00000 points   

QUESTION 4

An engineering approach to threat modeling provides what benefits (choose all that apply):

a. Predictable

b. General

c. Reliable

d. Scalable

10.00000 points   

QUESTION 5

What is the best definition of a trust boundary?

a. The border between two countries

b. Everywhere two principals interact

c. Where you start threat modeling

d. Where there is untrusted data

10.00000 points   

QUESTION 6

What is the focus of privacy?

a. Data

b. The individual

c. Confidentiality

d. Being undetected

10.00000 points   

QUESTION 7

What is one drawback to focusing on assets when threat modeling?

a. Stepping stones may be lower in priority

b. Impossible to enumerate all assets

c. Difficult to place a value on assets

d. Asset valuation is an accounting concept, not security

10.00000 points   

QUESTION 8

What is the most likely response an attacker will have to a mitigation you have deployed?

a. Defeat the mitigation control

b. Attack some other system

c. Look for an easier attack path

d. Give up

10.00000 points   

QUESTION 9

What is the visual goal for presenting an attack tree?

a. No more than a single page

b. No more than a page for each level

c. Between 1 and 3 pages

d. As many pages as necessary to include all nodes

10.00000 points   

QUESTION 10

What is the best way to accept risk in an internal software project? (Choose the best answer)

a. Developers do this all the time

b. File a bug

c. Discuss the decision with management

d. Via a modal dialog

10.00000 points   

QUESTION 11

When should you start to threat model in a software development project?

a. When coding starts

b. When the project begins

c. When initial coding is complete

d. As part of the delivery phase

10.00000 points   

QUESTION 12

Which approach to threat modeling is best when time is limited?

a. Depth first

b. Top down

c. Breadth first

d. Bottom up

10.00000 points   

QUESTION 13

Which attack tree representation generally takes more work but can help the reader to focus their attention better?

a. Graphically

b. Linear map

c. Directed graph

d. Outline

10.00000 points   

QUESTION 14

Which of the following can have integrity protections applied to them? (choose all that apply)

a. Disk

b. People

c. Network

d. Memory

10.00000 points   

QUESTION 15

Which of these is NOT a good prioritization strategy? (choose all that apply)

a. Wait and see

b. Randomly fix issues

c. DREAD

d. Bug bars

10.00000 points   

QUESTION 16

Which of these is not an appropriate way to address a threat?

a. Fix it

b. Accept it

c. Document it internally so you can manage it in the next release

d. Transfer the risk

10.00000 points   

QUESTION 17

Which two are examples of E threats (in STRIDE)?

a. Calling web pages directly without credentials

b. Claiming that a package was never received

c. Finding crypto keys on disk

d. Sending input to a program that causes it to crash

10.00000 points   

QUESTION 18

Which two are examples of I threats (in STRIDE)?

a. Sending input to a program that causes it to crash

b. Using SQL injection to read database tables

c. Finding crypto keys on disk

d. Filling the disk with useless data

10.00000 points   

QUESTION 19

Which two are examples of R threats (in STRIDE)?

a. Calling web pages directly without credentials

b. Claiming that a package was never received

c. Filling logs files with useless data

d. Finding crypto keys on disk

10.00000 points   

QUESTION 20

Which two are examples of S threats (in STRIDE)?

a. Creating an executable file in a local directory

b. Redirecting an IP address to another host

c. Finding crypto keys on disk

d. Claiming that a package was never received

10.00000 points   

QUESTION 21

Which type of STRIDE threat violates Authentication?

a. Spoofing

b. Repudiation

c. Information Disclosure

d. Tampering

10.00000 points   

QUESTION 22

Which type of STRIDE threat violates Authorization?

a. Tampering

b. Denial-of-Service

c. Information Disclosure

d. Elevation of Privilege

10.00000 points   

QUESTION 23

Which type of STRIDE threat violates Availability?

a. Repudiation

b. Denial-of-Service

c. Spoofing

d. Elevation of Privilege

10.00000 points   

QUESTION 24

Which type of attack tree contains nodes that are true if any of the nodes below it are true?

a. OR

b. AND

c. NOT

d. NOR

10.00000 points   

QUESTION 25

Which is the most difficult type of attack tree for you to create?

a. Trees developed by someone else for their organization

b. Trees you develop for your own organization

c. Trees you develop for general use

d. Commercially developed attack trees

a. An attempt to attack some weakness

b. Some bad thing that might happen

c. A weakness that may be exploited

d. The likelihood that an attack will succeed against a weakness

Explanation / Answer

Answer:

1. c. A weakness that may be exploited , Vulnerability is a digital security term that alludes to a blemish in a system that can abandon it open to assault. A vulnerability may likewise allude to a shortcoming in a PC system itself, in an arrangement of methods, or in anything that leaves data security presented to a danger.

2.  a. Central repository of all known attacks, collection all attacks listed.

3.  a. Formal way to categorize attacks based on severity , Attack trees are reasonable graphs indicating how a benefit, or target, may be attacked. Attack trees have been utilized as a part of an assortment of uses. In the field of data innovation, they have been utilized to depict threats on computer systems and conceivable attacks to understand those threats. Be that as it may, their utilization isn't limited to the examination of customary data systems.

4. a, c and d

Related Questions

Can a particle moving with instantaneous speed 3.00 m/s on a path with radius of
Question #1642595
Can a particle traveling along a straight path have an angular acceleration? Exp
Question #2205803
Can a perfect competitor be X-inefficient in the long run? Explain why or why no
Question #1212741
Can a person with male mama ry glands breastfeed a child? In February 2018, auth
Question #255677
Can a person\'s body mass index (or BMI) be used to predict his or her total cho
Question #3224455
Can a pretest on mathaics skills predict success in a statistics course? The 82
Question #3375155
Can a pretest on mathematics skills predict success in a statistics course? The
Question #3183070
Can a pretest on mathematics skills predict success in a statistics course? The
Question #3183118
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Can any one help with quiz QUESTION 5 What is the best definition of a trust bou
Next
Can any one help with the quiz QUESTION 1 A message from one party to another th

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.