During the design phase of a new online service, a team wants to discover how malicious actions might be performed to compromise data. Which approach uncovers these misuse patterns for further risk reduction?
Developing negative usage scenarios to identify harmful interactions
Applying patches after the service is released
Performing reviews of documentation against rules and policies
Developing negative usage scenarios highlights potentially harmful interactions that normal design processes may not consider. Compliance-based documentation reviews do not directly capture destructive behavior paths. Routine patch application happens after the release and misses design-stage threats. Validating user acceptance criteria with standard test plans focuses on expected usage rather than harmful activities. Negative usage scenarios concentrate on how malicious users might misuse features, so vulnerabilities are identified early.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are negative usage scenarios?
Open an interactive chat with Bash
Why is addressing threats in the design phase important?
Open an interactive chat with Bash
How do negative usage scenarios differ from standard test plans?