Certified Cloud Security Professional (CCSP) Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Boost your CCSP exam readiness with precise flashcards and multiple-choice questions. Each question includes explanations to ensure a solid understanding. Start your preparation journey today!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following is not part of the STRIDE Threat Model?

  1. Denial of service

  2. Information encryption

  3. Elevation of privilege

  4. Spoofing identity

The correct answer is: Information encryption

The STRIDE threat model is a widely recognized framework used to identify different types of security threats. It stands for Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. Each of these categories addresses specific security concerns that can arise during system design and implementation. Information encryption does not fall within the STRIDE framework. Instead, encryption is a security measure or control used to protect data confidentiality, rather than a type of threat. In fact, encryption can help mitigate some threats identified by the STRIDE model, such as information disclosure, by ensuring that sensitive data is not readable without proper authorization. The other elements of the STRIDE model, including denial of service, elevation of privilege, and spoofing identity, represent distinct threats that can be exploited by attackers. These components focus on different ways systems can be compromised, highlighting the importance of understanding potential vulnerabilities when designing secure applications.

More Questions Like This