ISC2 Certified Cloud Security Professional (CCSP) Practice Question
During a security design review for a cloud-hosted serverless API, your team performs a STRIDE threat modeling exercise. You notice the function trusts client-supplied JSON that is deserialized into application objects; a malicious user could alter the serialized data to change parameter values and run unintended operations. Which STRIDE threat category should you record for this risk?
The threat involves an attacker modifying data in transit (the serialized JSON) before it is processed by the serverless function. In STRIDE, unauthorized or malicious modification of data is categorized as Tampering. Spoofing concerns impersonating identities, Repudiation involves denying an action, and Denial of Service is about disrupting availability. Therefore, classifying this scenario as Tampering is correct, while the other categories do not accurately describe the risk.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is STRIDE in threat modeling?
Open an interactive chat with Bash
Why is tampering the correct threat category for the described risk?
Open an interactive chat with Bash
How can risks like JSON tampering be mitigated in serverless applications?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .