27d ago (edited) in 🙋♂️ Practice Questions
Chapter#1: Security Governance
Question that I found interesting:
Microsoft's STRIDE threat assessment framework uses six categories for threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. If a penetration tester is able to modify audit logs, what STRIDE categories best describe this issue?
A#Tampering and information disclosure
B#Elevation of privilege and tampering
C#Repudiation and denial of service
D#Repudiation and tampering
A#Tampering and information disclosure
B#Elevation of privilege and tampering
C#Repudiation and denial of service
D#Repudiation and tampering
3
1 comment
Chapter#1: Security Governance
skool.com/cissp
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+79
2
+44
3
+37
4
+36
5
+34
powered by