ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 218 discussion

Actual exam question from ISC's CISSP
Question #: 218
Topic #: 1
[All CISSP Questions]

A financial services organization has employed a security consultant to review processes used by employees across various teams. The consultant interviewed a member of the application development practice and found gaps in their threat model. Which of the following correctly represents a trigger for when a threat model should be revised?

  • A. After operating system (OS) patches are applied
  • B. A new developer is hired into the team.
  • C. After a modification to the firewall rule policy
  • D. A new data repository is added.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Rollizo at Oct. 2, 2022, 9:35 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
74gjd_37
5 months, 3 weeks ago
Selected Answer: D
The correct answer is D. While the other factors (A, B, C) can impact the security of a system, they may not necessarily require a revision of the threat model unless they introduce new potential threats that were not previously considered. The addition of a new data repository, on the other hand, can change the threat landscape of the system and introduce new potential threats that were not previously considered, making it a more likely trigger for revising the threat model.
upvoted 3 times
...
DJOEK
1 year, 2 months ago
Selected Answer: D
the other options seem of too little impact compared to D
upvoted 1 times
jackdryan
10 months, 1 week ago
D is correct
upvoted 1 times
...
...
oudmaster
1 year, 2 months ago
Selected Answer: D
A new data repository is added, means a new a attack surface. threat Model should be reviewed and revised if needed.
upvoted 2 times
...
sec_007
1 year, 4 months ago
Selected Answer: D
D is correct. Adding a new data repository affects the attack vector.
upvoted 2 times
...
Rollizo
1 year, 5 months ago
Selected Answer: D
"interviewed a member of the application development", then it is related with application modification => new repository
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago