CISSP · Question #1387
CISSP Question #1387: Real Exam Question with Answer & Explanation
The correct answer is A: A new data repository is added.. A threat model is a structured representation of the potential threats and vulnerabilities that may affect an application or system. A threat model should be revised whenever there is a significant change in the design, architecture, functionality, or environment of the applicati
Question
A financial services organization has employed a security consultant to review processes used by employees across various teams. The consultant interviewed a member of the application development practice and found gaps in their threat model. Which of the following correctly represents a trigger for when a threat model should be revised?
Options
- AA new data repository is added.
- Bis After operating system (OS) patches are applied
- CAfter a modification to the firewall rule policy
- DA new developer is hired into the team.
Explanation
A threat model is a structured representation of the potential threats and vulnerabilities that may affect an application or system. A threat model should be revised whenever there is a significant change in the design, architecture, functionality, or environment of the application or system that may introduce new threats or vulnerabilities or alter the existing ones. A new data repository is an example of such a change, as it may affect the confidentiality, integrity, or availability of the data stored or processed by the application or system. Therefore, a new data repository is a trigger for when a threat model should be revised.
Topics
Community Discussion
No community discussion yet for this question.