QUESTION 16 Which of these is not an appropriate way to address a threat? a. Fix

Question

QUESTION 16 Which of these is not an appropriate way to address a threat? a. Fix it b. Accept it c. Document it internally so you can manage it in the next release d. Transfer the risk 10.00000 points

QUESTION 17 Which two are examples of E threats (in STRIDE)? a. Calling web pages directly without credentials b. Claiming that a package was never received c. Finding crypto keys on disk d. Sending input to a program that causes it to crash 10.00000 points

QUESTION 18 Which two are examples of I threats (in STRIDE)? a. Sending input to a program that causes it to crash b. Using SQL injection to read database tables c. Finding crypto keys on disk d. Filling the disk with useless data 10.00000 points

QUESTION 19 Which two are examples of R threats (in STRIDE)? a. Calling web pages directly without credentials b. Claiming that a package was never received c. Filling logs files with useless data d. Finding crypto keys on disk 10.00000 points

QUESTION 20 Which two are examples of S threats (in STRIDE)? a. Creating an executable file in a local directory b. Redirecting an IP address to another host c. Finding crypto keys on disk d. Claiming that a package was never received

Explanation / Answer

Solution:

16)

b. Accept it

17)

c. Finding crypto keys on disk

Explanation:

Elevation of privilege needs to be done by finding the keys.

18)

c. Finding crypto keys on disk

b. Using SQL injection to read database tables

19)

a. Calling web pages directly without credentials

d. Claiming that a package was never received

20)

b. Redirecting an IP address to another host

c. Finding crypto keys on disk

I hope this helps if you find any problem. Please comment below. Don't forget to give a thumbs up if you liked it. :)

Related Questions

Navigate

• Browse (All)
• Browse Q
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.