CISSP · Question #1371
Which of the following techniques evaluates the secure Bet principles of network or software architectures?
The correct answer is A. Threat modeling. Threat modeling is a structured process used to identify, evaluate, and address security weaknesses in network or software architectures, including validating secure design principles. It helps teams proactively assess how systems can be attacked and what controls are needed.
Question
Options
- AThreat modeling
- BRisk modeling
- CWaterfall method
- DFuzzing
How the community answered
(23 responses)- A91% (21)
- B4% (1)
- C4% (1)
Why each option
Threat modeling is a structured process used to identify, evaluate, and address security weaknesses in network or software architectures, including validating secure design principles. It helps teams proactively assess how systems can be attacked and what controls are needed.
Threat modeling is a security engineering technique specifically used to evaluate architectural designs against secure design principles (such as least privilege, defense in depth, and Zero Trust/BET principles) by systematically identifying threats, vulnerabilities, and mitigations early in the design phase. Frameworks like STRIDE, PASTA, and DREAD are commonly used during threat modeling to assess how well an architecture adheres to security best practices. This makes it the correct choice for evaluating the security posture of network or software architectures.
Risk modeling is a broader quantitative or qualitative process focused on assessing and prioritizing business risks, not specifically evaluating the secure design principles of a network or software architecture.
The Waterfall method is a sequential software development lifecycle (SDLC) methodology that defines phases of development (requirements, design, implementation, testing), but it is not a security evaluation technique and does not assess secure design principles.
Fuzzing is a dynamic application security testing (DAST) technique that sends malformed or random inputs to a running application to discover bugs and vulnerabilities, but it does not evaluate architectural secure design principles.
Concept tested: Threat modeling for evaluating secure architecture principles
Source: https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool
Topics
Community Discussion
No community discussion yet for this question.