Threat Model Documentation

10. If there is not sufficient time to finish the threat model documentation, the team should:

A. Request a waiver from the security team

Don't use plagiarized sources. Get Your Custom Essay on
Threat Model Documentation
Just from $13/Page
Order Essay

B. Push the documentation into the next phase as an item to be finished

C. Delay the gate until the documentation is complete

D. Don’t worry about the documentation if the work is done correctly

11. The primary purpose behind security reviews is to:

A. Ensure that all steps of the SDL are being properly followed

B. Ensure that the attack surface model is updated at each phase

C. Assess the quality of security actions, including mitigations for vulnerabilities

D. Ensure that the threat model is updated at each phase

12. The STRIDE model is applied to:

A. Attack surfaces in the attack surface model

B. Threat identification efforts as part of threat modeling

C. Determine the risk from a threat

D. Every threat found during the attack surface area measurement effort


and taste our undisputed quality.