Certified Cloud Security Professional (CCSP) Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Boost your CCSP exam readiness with precise flashcards and multiple-choice questions. Each question includes explanations to ensure a solid understanding. Start your preparation journey today!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

STRIDE Threat Model does NOT include which of the following categories?

  1. Spoofing identity

  2. Tampering with data

  3. Information encryption

  4. Repudiation

The correct answer is: Information encryption

The STRIDE threat model is a framework used for identifying different types of security threats to a system. It encompasses six categories: Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, and Elevation of privileges. Each of these categories addresses a specific form of threat that can impact the integrity, availability, or confidentiality of a system. In this context, information encryption does not fit within the STRIDE categories. While encryption is a critical security mechanism used to protect data and ensure confidentiality, it is not itself a category of threat. Instead, encryption can be seen as a mitigative approach to counter threats such as information disclosure. Recognizing this distinction helps clarify that the STRIDE model focuses on identifying threats rather than the security controls or mechanisms used to address those threats. Overall, understanding the specific threats outlined in the STRIDE model aids in developing comprehensive security strategies and defenses tailored to mitigate those threats effectively.

More Questions Like This