App Security Engineer Threat Modeling

Question 1

What is the primary goal of threat modeling?

Accepted Answer

To identify and mitigate security risks early

Answer

To increase software complexity

Answer

To replace penetration testing

Answer

To delay security assessments until post-deployment

Question 2

Which of the following is a widely used threat modeling framework?

Accepted Answer

STRIDE

Answer

ISO 27001

Answer

NIST 800-53

Answer

GDPR

Question 3

Why is data flow analysis important in threat modeling?

Accepted Answer

It identifies vulnerabilities in data transmission and storage

Answer

It helps in UI/UX design

Answer

It replaces security controls

Answer

It ensures faster software performance

Question 4

Which threat category in STRIDE involves unauthorized data modification?

Accepted Answer

Tampering

Answer

Spoofing

Answer

Denial of Service

Answer

Information Disclosure

Question 5

What is the primary benefit of implementing threat modeling in the early stages of development?

Accepted Answer

It reduces the cost of fixing security issues

Answer

It ensures all threats are eliminated

Answer

It replaces penetration testing

Answer

It increases software complexity

Question 6

Which security principle is essential in mitigating threats identified in threat modeling?

Accepted Answer

The principle of least privilege

Answer

Granting full access to all users

Answer

Delaying security assessments

Answer

Disabling encryption for faster access