SC-100 · Question #133
SC-100 Question #133: Real Exam Question with Answer & Explanation
The correct answer is A: the STRIDE model. {"question_number": 3, "correct_answer": "A", "explanation": "The Microsoft Cloud Adoption Framework DevSecOps guidance recommends the STRIDE threat model as the starting point for a top-down threat modeling approach. STRIDE (Spoofing, Tampering, Repudiation, Information disclosu
Question
Your company plans to follow DevSecOps best practices of the Microsoft Cloud Adoption Framework for Azure. You need to perform threat modeling by using a top-down approach based on the Microsoft Cloud Adoption Framework for Azure. What should you use to start the threat modeling process?
Options
- Athe STRIDE model
- Bthe DREAD model
- COWASP threat modeling
Explanation
{"question_number": 3, "correct_answer": "A", "explanation": "The Microsoft Cloud Adoption Framework DevSecOps guidance recommends the STRIDE threat model as the starting point for a top-down threat modeling approach. STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) is a Microsoft-developed framework that begins at the system architecture level - identifying trust boundaries, data flows, and components - and systematically enumerates threats across those categories. This top-down approach starts with the big picture (the system design) and works down to specific threats. DREAD is a risk-scoring model used after threats are identified, not for starting the process. OWASP threat modeling is a valid methodology but is not the Microsoft-recommended starting framework in the CAF.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.