Can you help for the quiz Question 1 Forgery of an email header so that the mess
ID: 3731941 • Letter: C
Question
Can you help for the quiz
Question 1
Forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source is an example of which component of STRIDE?
Spoofing
Tampering
Elevation of privileges
Denial of service
5.00000 points
QUESTION 2
Modification of a file that is owned by another user is an example of which component of STRIDE?
Spoofing
Tampering
Elevation of privileges
Denial of service
5.00000 points
QUESTION 3
Having no proof after the fact of the principals involved in a transaction is an example of which component of STRIDE?
Spoofing
Tampering
Elevation of privilege
Repudiation
5.00000 points
QUESTION 4
Sending an email with confidential information to the wrong email address is an example of which component of STRIDE?
Spoofing
Information disclosure
Elevation of privileges
Repudiation
5.00000 points
QUESTION 5
Flooding a website with requests is an example of which component of STRIDE?
Spoofing
Tampering
Elevation of privileges
Denial of service
5.00000 points
QUESTION 6
Failure to review privileges after a corporate reorganization is an example of which component of STRIDE?
Spoofing
Tampering
Elevation of privileges
Denial of service
5.00000 points
QUESTION 7
Which of the steps are not part of developing an attack tree?
Decide on a representation
Create subnodes
Consider completeness
Attack the system
5.00000 points
QUESTION 8
What type of an attack three requires the state of the node to depend on all sub nodes to be true?
OR Tree
IIF Tree
AND Tree
NEUTRAL Tree
5.00000 points
QUESTION 9
Which is a comprehensive dictionary and classification taxonomy of known attacks that can be used by analysts, developers, testers, andeducators to advance community understanding and enhance defences?
CPAP
CAPEC
PAYCHECK
KUPCHAK
5.00000 points
QUESTION 10
Which is a privacy analog to security threat modeling?
Privacy impact statement
Disclosure
Slider
Privacy ratchet
a.Spoofing
b.Tampering
c.Elevation of privileges
d.Denial of service
Explanation / Answer
1) Spoofing
Explanation: email spoofing means when someone send the emails using a forged email header
2) Elevation of privileges
Explanation: Any person with a privilege set to read to any file when change the privilege to read and write is known as Elevation of privileges hence the option Elevation of privileges is correct. Here modification of a file is done by another user without having the modification privilege.
3) Repudiation
4) Information disclosure
Explanation: This is information/data leak as confidential data is being sent to unintended email id.
5) Denial of Service
Explanation: As in this attack attacker manipulates the unwanted requests in order to attack the application or web.
6) Elevation of privileges
Explanation: As this component talks about the act of exploiting a hole when it gets oversight (failure to review) result in an application to be accessed with unauthorized access.
7) Attack the system
Explanation: Attacking a system cannot be part of building an attack tree. Attack trees are used to describe the security of system.
8) AND tree
9) CAPEC
It means Common Attack Pattern Enumeration and Classification.
10) Privacy impact statement
Explanation: It helps in defining a process which helps to identify ways to mitigate risks or negative impacts hence it’s an analog to threat modeling.