Which threat modeling methodologies are commonly used in practice?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Get ready for the Cybersecurity and Digital Forensics Test with comprehensive multiple choice questions, flashcards, and detailed explanations. Enhance your skills and prepare for success in the digital security field!

Multiple Choice

Which threat modeling methodologies are commonly used in practice?

Explanation:
Threat modeling relies on structured frameworks that help identify how attackers might compromise a system. STRIDE provides a clear taxonomy of threats—Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege—giving a concrete checklist of categories to consider across design components. PASTA, short for Process for Attack Simulation and Threat Analysis, is a risk-centric methodology that walks through stages from defining business objectives to analyzing the attack surface and assessing risk, which helps teams prioritize mitigations based on potential impact. These two are commonly used in practice because STRIDE offers broad, systematic coverage of threat types, while PASTA emphasizes risk prioritization and attacker perspective. Together, they support both identifying potential threats and determining where to focus defensive efforts. The other options come from standards or verification frameworks rather than threat-modeling methods. NIST SP 800-53 and PCI DSS specify controls and compliance requirements; OWASP ASVS and CVSS relate to verification and vulnerability scoring; ISO 27001 and ITIL are management and service frameworks.

Threat modeling relies on structured frameworks that help identify how attackers might compromise a system. STRIDE provides a clear taxonomy of threats—Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege—giving a concrete checklist of categories to consider across design components. PASTA, short for Process for Attack Simulation and Threat Analysis, is a risk-centric methodology that walks through stages from defining business objectives to analyzing the attack surface and assessing risk, which helps teams prioritize mitigations based on potential impact.

These two are commonly used in practice because STRIDE offers broad, systematic coverage of threat types, while PASTA emphasizes risk prioritization and attacker perspective. Together, they support both identifying potential threats and determining where to focus defensive efforts.

The other options come from standards or verification frameworks rather than threat-modeling methods. NIST SP 800-53 and PCI DSS specify controls and compliance requirements; OWASP ASVS and CVSS relate to verification and vulnerability scoring; ISO 27001 and ITIL are management and service frameworks.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy