Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

cissp domain 1 > Threat Modeling, Concepts, Methodologies > Flashcards

Threat Modeling, Concepts, Methodologies Flashcards

1
Q

Threat Focus

A

Focused on assets
Focused on attackers
Focuses on software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

STRIDE

A 
Spoofing
Tampering
Repudiation
Information disclosure
Denial of Service (DoS)
Elevation of privilege
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

PASTA - Process for Attack Simulation and Threat Analysis (7 Stages)

A
  1. Definition of the Objectives (for analysis of risk)
  2. Definition of Technical Scope
  3. Application Decomposition and analysis
  4. Threat analysis
  5. Weakness and vulnerability analysis
  6. Attack Modeling & Simulation
  7. Risk analysis & Management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Trike

A

risk based approach instead of depending upon aggregated threat model use in STRIDE and DREAD; performing security audit in reliable + repeatable way

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

DREAD stands for:

A

Disaster, Reproducibility, Exploitability, Affected Users, Discoverability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

VAST stands for:

A

Visual, Agile and Simple Threat;
Based on agile project management and programming;
scalable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

cissp domain 1 (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions