6.
Which of the following lists the correct six components of the STRIDE threat model?
- A.Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege
- B.Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Social Engineering Elasticity
- C.Spoofing, Tampering, Repudiation, Information Disclosure, Distributed Denial of Service, and Elevation of Privilege
- D.Spoofing, Tampering, Nonrepudiation, Information Disclosure, Denial of Service, and Elevation of Privilege
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| The letters in STRIDE threat model represent Spoofing of identity, Tampering with data, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. The other options are simply mixed up or incorrect versions of the same. |
7.
What is the term for the assurance that a specific author actually created and sent a specific
item to a specific recipient, and that the message was successfully received?
- A.PKI
- B.DLP
- C.Nonrepudiation
- D.Bit splitting
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Nonrepudiation means that a specific author or user cannot refute or repudiate that he or she created and/or sent a message and the receiver of the data or message cannot deny they received it. |
8.
What is the correct term for the process of deliberately destroying the encryption keys used
to encrypt data?
- A.Poor key management
- B.PKI
- C.Obfuscation
- D.Crypto-shredding
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| The act of crypto-shredding means destroying the key that was initially used to encrypt the data, thereby making it forever unrecoverable. |
9.
In a federated environment, who is the relying party, and what do they do?
- A.The relying party is the service provider and they would consume the tokens generated by the identity provider.
- B.The relying party is the service provider and they would consume the tokens generated by the customer.
- C.The relying party is the customer and they would consume the tokens generated by the identity provider.
- D.The relying party is the identity provider and they would consume the tokens generated by the service provider.
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| The identity provider would hold all of the identities and generate a token for known users. The relying party (RP) would be the service provider and would consume the tokens. All other answers are incorrect. |
10.
What is the process of replacing sensitive data with unique identification symbols that
retain all the essential information about the data without compromising its security?
- A.Randomization
- B.Elasticity
- C.Obfuscation
- D.Tokenization
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| Replacing sensitive data with unique identification symbols is known as tokenization, a simple and only somewhat effective way of hiding or concealing sensitive data with the replacement of unique identification symbols. It is not considered as strong as encryption but can be effective in keeping prying eyes off of sensitive information. While randomization and obfuscation are also means of concealing information, they are done quite differently. |
|
|
||||||||||||||||||||||||||||
