Exam CS0-002 topic 1 question 313 discussion

C. Spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege (STRIDE)

The STRIDE was initially created as part of the process of threat modeling. STRIDE is a model of threats, used to help reason and find threats to a system. It is used in conjunction with a model of the target system that can be constructed in parallel. This includes a full breakdown of processes, data stores, data flows, and trust boundaries.

STRIDE is not mentioned in any official study materials or the objectives so I would never choose it as an option. D is describing the Diamond Model (Victim, Adversary, Infrastructure, Capability).

he other options (A, B, and C) include elements related to threat modeling, but they are not part of a known threat modeling method. Option A includes considerations like threat profile and security strategy, while Option B includes elements related to project management. Option C lists common security threats (spoofing, tampering, etc.) but doesn't address the overall threat modeling process.

Even though I understand what you all mean when you say STRIDE, it's not in the objectives. What is instead, is Diamond model. That is D.

C, STRIDE. This excerpt taken from another member. Hello everyone, I'm going with A "STRIDE is a model of threats, used to help reason and find threats to a system." "Teams can use the STRIDE threat model to spot threats during the design phase of an app or system." "Threat modeling is becoming a more commonly used tool by software development teams as they integrate security into their development lifecycle. " -Blehbleh

https://www.examtopics.com/discussions/comptia/view/69694-exam-cs0-002-topic-1-question-278-discussion/

Stride for the win. gnng x3 didn't even need ai for that one