Top 25+ Application Threat Modeling MCQ Interview Questions and Answers 2021

  • by
Threat Modeling

Top 25+ Application Threat Modeling MCQ Questions and Answers

Q1. An action that harms an asset is ________.

(1)Attack
(2)Threat
(3)Vulnerability

Answer:-(1)Attack

Q2. The number of distinct symbols that can be used in DFDs is __________.

(1)Six
(2)Five
(3)Depends on the application
(4)Four

Answer:-(2)Five

Q3. The output of the threat modeling process is a _________ which details out the threats and mitigation steps.

(1)Document
(2)DFD
(3)PFD
(4)List

Answer:-(1)Document

Q4. Which of the following threat can be handled using access control?

(1)Information Disclosure
(2)Tampering
(3)Denial of Service
(4)Elevation of privilege
(5)All the options

Answer:-(5)All the options

Q5. The theft of intellectual property is a threat to information security.

(1)True
(2)False

Answer:-(1)True


Q6. _________ is a medium that allows data to flow between domains of trust.

(1)Data Flow
(2)Data Store
(3)Trust boundary
(4)Attack Vector

Answer:-(3)Trust boundary


Q7. Denial of Service hinders _________.

(1)Integrity
(2)Confidentiality
(3)Availability
(4)Authenticity

Answer:-(3)Availability

Q8. Process Flow Diagrams are used by ___________.

(1)Application Threat Models
(2)Operational Threat Models

Answer:-(1)Application Threat Models

Q9. Which of the following security property does Tampering violate?

(1)Authentication
(2)Integrity
(3)Confidentiality
(4)Availability

Answer:-(2)Integrity

Q10. The following is a part of a threat model, except _________.

(1)Mitigation steps for each threat
(2)Implementation of processes
(3)A list of potential threats
(4)Analysis of actions taken

Answer:-(2)Implementation of processes

Q11. Which of the following is a tangible asset?

(1)Brand Reputation
(2)Data on a database
(3)Patent
(4)Goodwill

Answer:-(2)Data on a database


Q12. DREAD model can be used for ________.

(1)Identifying threats
(2)Rating threats
(3)Identifying assets
(4)Documentation

Answer:-(2)Rating threats


Q13. Which among the following methodologies distinguishes the security concerns of development from those of the infrastructure team?

(1)VAST
(2)OCTAVE
(3)Trike
(4)STRIDE

Answer:-(1)VAST

Q14. Identty theft is an example of __________.

(1)Spoofing
(2)Non-Repudiation
(3)DoS
(4)Tampering

Answer:-(1)Spoofing


Q15. Which of the following issues can be addressed using an efficient logging system?

(1)Spoofing
(2)Tampering
(3)Repudiation
(4)Denial of Service

Answer:-(3)Repudiation

Q16. Microsoft’s Threat Modeling tool uses __________ threat classification scheme.

(1)VAST
(2)STRIDE
(3)Trike
(4)PASTA
(5)OCTAVE

Answer:-(2)STRIDE

Q17. Multifactor authentication can be used to handle _________.

(1)Spoofing
(2)Repudiation
(3)Tampering
(4)DoS

Answer:-(1)Spoofing

Q18. Which of the following are the advantages of threat modeling?

(1)Helps engineer and deliver better products
(2)Helps find security bugs early
(3)All the options
(4)Helps understand security requirements

Answer:-(3)All the options

Q19. Choose the correct option.

(1)Threat = Risk * Vulnerability
(2)Threat = Vulnerability * Attack
(3)Risk = Threat * Loss
(4)Risk = Threat * Vulnerability

Answer:-(4)Risk = Threat * Vulnerability

Q20. A ‘requirements model’ is the foundation of the __________ methodology.

(1)PASTA
(2)Trike
(3)OCTAVE
(4)STRIDE

Answer:-(2)Trike

Q21. ________ generates a map that illustrates how the user moves through various features of the application.

(1)Process Flow Diagram
(2)Sequence Diagram
(3)Data Flow Diagram
(4)Entity Diagram

Answer:-(1)Process Flow Diagrams

Q22. Which of the following best describes the threat modeling process?

(1)Fixed
(2)Iterative
(3)Seldom refined
(4)Deterministic

Answer:-(2)Iterative

Q23. It is better to perform threat modeling from the early stages of the SDLC.

(1)True
(2)False

Answer:-(1)True

Top 100+ Ethical hacking MCQ and Interview questions and answers

Latest HTML & CSS MCQ and Interview Questions and Answers

Leave a Reply

Your email address will not be published. Required fields are marked *