- Interview Prep
- Tutorials
- Tracks
Threat Modelling
Question 1
What is the primary purpose of threat modeling?
To write security policies
To identify and prioritize potential threats early in the design phase
To install antivirus software
To conduct penetration testing
Question 2
Which step comes FIRST in the threat modeling process?
Design mitigations
Diagram the system
Define scope & objectives
Analyze & prioritize risks
Question 3
What does the STRIDE threat model acronym represent?
Six categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege
Seven risk factors for vulnerabilities
Steps for mitigation planning
Types of network firewalls
Question 4
What advantage does Process Flow Diagram (PFD) threat modeling have over Data Flow Diagrams (DFD)?
PFDs require more security expertise
PFDs model from the attacker's perspective, focusing on user interactions rather than just data movement
PFDs only work for web applications
PFDs ignore trust boundaries
Question 5
Which best practice ensures threat modeling remains effective as systems evolve?
Complete it once during initial design
Review and iterate regularly, updating diagrams and mitigations as architecture changes
Delegate it entirely to security teams
Only model external threats
There are 5 questions to complete.