The correct answer is C:
Threat modeling analyzes an application's architecture, data flows, trust boundaries, etc. to systematically uncover risks and determine mitigating controls that need to be implemented. This aligns with identifying controls in development.
-Agile and secure development are general methodologies, not specific analysis techniques.
-Pen testing validates controls but comes after development.
Application threat modeling visualizes an application's attack surface to identify threats and vulnerabilities that pose a risk to functionality or data. By decomposing the application architecture into its security-relevant components, teams can better understand the various threats and risks the application might face.
This section is not available anymore. Please use the main Exam Page.CISSP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ServerBrain
1 month agoSoleandheel
10 months, 1 week agoInclusiveSTEAM
1 year agordy4u
1 year, 11 months agojackdryan
1 year, 5 months ago