What does STRIDE stand for in threat modeling?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Get ready for the Cybersecurity and Digital Forensics Test with comprehensive multiple choice questions, flashcards, and detailed explanations. Enhance your skills and prepare for success in the digital security field!

Multiple Choice

What does STRIDE stand for in threat modeling?

Explanation:
STRIDE is a threat-modeling framework that groups potential security threats into six categories to help teams think through where a system might be vulnerable. The six categories are: Spoofing (pretending to be someone or something else), Tampering (unauthorized modification of data or code), Repudiation (the ability to deny actions or evade accountability), Information disclosure (exposure of data to unauthorized parties), Denial of service (making a service unavailable or unreliable), and Elevation of privileges (gaining higher access than allowed). Understanding these categories helps you map threats to concrete controls. For example, defenses against Spoofing include strong authentication and identity verification; against Tampering, integrity checks and tamper-evident mechanisms; against Repudiation, non-repudiation and proper logging; against Information disclosure, encryption and access controls; against Denial of service, rate limiting and redundancy; and against Elevation of privileges, least-privilege access and strict authorization checks. The other options mix terms that aren’t part of the STRIDE framework, such as unrelated cryptographic protocols, or combine concepts like system layers with non-threat terms. The exact set above is the standard STRIDE expansion.

STRIDE is a threat-modeling framework that groups potential security threats into six categories to help teams think through where a system might be vulnerable. The six categories are: Spoofing (pretending to be someone or something else), Tampering (unauthorized modification of data or code), Repudiation (the ability to deny actions or evade accountability), Information disclosure (exposure of data to unauthorized parties), Denial of service (making a service unavailable or unreliable), and Elevation of privileges (gaining higher access than allowed).

Understanding these categories helps you map threats to concrete controls. For example, defenses against Spoofing include strong authentication and identity verification; against Tampering, integrity checks and tamper-evident mechanisms; against Repudiation, non-repudiation and proper logging; against Information disclosure, encryption and access controls; against Denial of service, rate limiting and redundancy; and against Elevation of privileges, least-privilege access and strict authorization checks.

The other options mix terms that aren’t part of the STRIDE framework, such as unrelated cryptographic protocols, or combine concepts like system layers with non-threat terms. The exact set above is the standard STRIDE expansion.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy