TMIS Quiz

Question 1

What is the primary purpose of threat modeling in the application development lifecycle?

Answer 1

The primary purpose of threat modeling is to identify and manage application threats in a structured manner, preventing security flaws and reducing risks effectively.

Question 2

What are the four main steps involved in the threat modeling process?

Answer 2

The four main steps are: Diagram the application, Identify threats, Mitigate identified vulnerabilities, and Validate the previous steps and act upon them.

Question 3

What does the acronym STRIDE stand for in the context of threat identification?

Answer 3

STRIDE stands for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege.

Question 4

During which phase of the application lifecycle is threat modeling typically performed?

Answer 4

Threat modeling is typically performed during the design stage of a new application.

Question 5

What is a key advantage of performing threat modeling early in the development process?

Answer 5

A key advantage is preventing security flaws when there is time to fix them, specifically in the design phase.

Question 6

Name two categories of threat actors.

Answer 6

Two categories are: Insider trusted (privileged users) and External untrusted (competitors, cybercriminals). (Other valid answers include: Insider untrusted, External trusted).

Question 7

What is a “doomsday scenario” in threat modeling, and what is its purpose?

Answer 7

A doomsday scenario is a hypothetical worst-case situation for an application and business. Its purpose is to proactively anticipate and potentially prevent catastrophic events.

Question 8

What is a data flow diagram (DFD), and how is it useful in threat modeling?

Answer 8

A data flow diagram is a graphical representation of data flow through an information system. It’s useful in threat modeling for understanding the application, identifying where data comes from and how it’s processed, and serving as a foundation for the STRIDE stage.

Question 9

What is a “trust boundary” in the context of DFDs for threat modeling?

Answer 9

A trust boundary represents a change of trust levels as data flows through an application, indicating attack surfaces where an attacker can interject.

Question 10

For which types of applications is threat modeling most relevant?

Answer 10

Threat modeling is most relevant for important applications that bring in a lot of revenue or handle important data for an organization.

Question 11

What is threat modeling and why is it important?

Answer 11

Threat modeling, also known as Architectural Risk Analysis, is a structured activity for identifying and managing application threats. It’s considered an essential step in the development lifecycle, particularly during the design phase. Without threat modeling, security protection is described as a “shot in the dark.” It allows for finding vulnerabilities early, considering security implications of design, code, and configurations, and documenting and discussing these aspects. Performing threat modeling early is emphasized as an effective way to reduce risks.

Question 12

When should threat modeling be performed during the application development lifecycle?

Answer 12

Threat modeling should be performed as soon as possible in the application development lifecycle, ideally during the design stage of a new application. This timely approach is crucial because it allows for preventing security flaws when they are easiest and least expensive to fix. While security issues can arise in different phases (design, build, test, production), starting with threat modeling in the design phase provides a foundational understanding of potential vulnerabilities.

Question 13

Explain “diagram the application”.

Answer 13

This initial step involves gaining a comprehensive understanding of the application’s mechanics, including what is being built and identifying clear security objectives. This helps in uncovering relevant and detailed threats.

Question 14

Explain “identify threats”.

Answer 14

Using details from the diagramming phase, threats relevant to the application’s scenario and context are identified. The STRIDE methodology (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) is a common tool used in this step to systematically identify potential vulnerabilities.

Question 15

Explain “mitigate identified vulnerabilities”.

Answer 15

In this step, the application’s layers are reviewed to identify necessary security controls that address the identified threats. Vulnerability categories can help focus on areas more prone to mistakes.

Question 16

Explain “validate”.

Answer 16

The final step involves validating the entire threat model. This includes confirming whether each threat has been mitigated or if the residual risks of unmitigated threats are clearly explained and tied to business risks. This step also involves deciding and following up on the next actions to manage the identified threats.

Question 17

Beyond the technical analysis, what other aspects are important for comprehensive threat modeling?

Answer 17

• The ecosystem
• The business context
• Business risks

Question 18

How are data flow diagrams (DFDs) used in threat modeling?

Answer 18

Data flow diagrams (DFDs) provide a graphical representation of the data flow through an information system, offering a common understanding of the application. They are particularly useful in the diagramming stage of threat modeling (Step 1) and serve as a foundation for the threat identification stage (Step 2, including STRIDE). DFDs help identify where important data originates, how it is processed, and where it is stored.

Question 19

Name key elements in a DFD for threat modeling.

Answer 19

• External entities
• Processes
• Data stores
• Data flows
• Trust boundaries

Question 20

What are the benefits of conducting threat modeling?

Answer 20

• Preventing security flaws early
• Selecting appropriate mitigation strategies
• Identifying and addressing the greatest risks
• Prioritizing development efforts
• Increasing risk awareness and understanding
• Facilitating consensus and better trade-off decisions
• Communicating results
• Cost justification and support for controls
• Documenting due diligence

Question 21

For which types of applications is threat modeling most relevant?

Question 22

What are the three primary views of Threat Modeling according to the source material?

Answer 22

While beneficial for all applications, threat modeling is particularly relevant and valuable for important applications. These are typically applications that generate significant revenue for an organization or handle sensitive and critical data. The time and cost investment in threat modeling are most justified for applications where the potential impact of a security breach is high.

Question 23

What are the three primary views of Threat Modeling according to the source material?

Answer 23

The three primary views are Attacker (A), Architecture (A), and Assets (A).

Question 24

Explain the fundamental definition of a “Model” as presented in the material.

Answer 24

A model is defined as an abstraction from real-world phenomena, developed to reduce overall complexity by aggregating information and documenting only relevant aspects.

Question 25

What are the three main properties of abstraction in software development?

Answer 25

The three main properties of abstraction are hiding or removing details, generalization, and the concept of idea versus reality.

Question 26

Define "Threat," "Vulnerability," and "Risk" based on the provided definitions.

Answer 26

A Threat is a new incident with the potential to harm a system. A Vulnerability is a known weakness an attacker could exploit. Risk is the potential for damage when a Threat exploits a Vulnerability.

Question 27

According to the source, why is understanding a system crucial for defending it?

Answer 27

If you cannot understand a system, you cannot defend it.

Question 28

Name three "GAINs" of implementing Threat Modeling.

Answer 28

Three GAINs are understanding the real attack surface, identifying inter-connectedness, and visualizing attack scenarios. (Other valid answers from the source include gaining comprehensive understanding of real exploit impact).

Question 29

Briefly describe the purpose of an Attack Tree.

Answer 29

An Attack Tree is a method to model threats against a system in a graphical, easy-to-understand manner, showing how attacks might succeed.

Question 30

How do Attack-Defense Trees (ADTree) extend the concept of Attack Trees?

Answer 30

Attack-Defense Trees extend Attack Trees by including nodes that represent defensive measures, allowing the modeling of interactions between an attacker and a defender.

Question 31

What is the primary function of the STRIDE threat modeling method?

Answer 31

STRIDE is a method used for determining threats against a system.

Question 32

Explain the key difference between Authentication and Authorization.

Answer 32

Authentication is the practice of proving who you are, while Authorization is about proving what you are allowed to do within a system.