(ISC)2(ISC)2
CSSLP · Question #385
CSSLP Question #385: Real Exam Question with Answer & Explanation
The correct answer is B: Use cases. Abuse cases, also known as misuse cases, are developed by analyzing existing use cases to identify potential malicious or unauthorized interactions with a system.
Secure Software Requirements
Question
Which of the following are used in the development of abuse cases?
Options
- ACase reports
- BUse cases
- CRisk results
- DComplaints
Explanation
Abuse cases, also known as misuse cases, are developed by analyzing existing use cases to identify potential malicious or unauthorized interactions with a system.
Common mistakes.
- A. Case reports document specific incidents or issues, but they are not the primary input for creating proactive abuse scenarios during design.
- C. Risk results are outcomes of risk assessments, which might inform the prioritization of abuse cases but are not the fundamental input for their development.
- D. Complaints are user feedback about issues, which are reactive and not the structured input for defining potential misuse scenarios.
Concept tested. Abuse case development
Topics
#Abuse Cases#Use Cases#Security Requirements#Threat Modeling
Community Discussion
No community discussion yet for this question.