ISC2 Certified Cloud Security Professional (CCSP) Practice Question
During sprint zero of a new multitenant PaaS project, the security champion is asked to select a threat-modeling approach that will be applied early in the SDLC, simulate realistic attacker behavior against the proposed architecture, and produce a risk-ranked list of exploit scenarios that can guide subsequent sprints. Which methodology should the champion recommend?
STRIDE classification model
DREAD risk-rating system
Process for Attack Simulation and Threat Analysis (PASTA)
OWASP Application Security Verification Standard (ASVS)
Process for Attack Simulation and Threat Analysis (PASTA) is a seven-stage, risk-centric threat-modeling methodology that begins during the requirements and design phases of the SDLC. It explicitly models attacker behavior, simulates potential attacks against the architecture, and assigns business-driven risk ratings to each identified threat so development teams can prioritize mitigations in future iterations.
STRIDE is primarily a taxonomy for classifying threats but does not prescribe attack simulation or risk ranking. DREAD is only a scoring system for ranking already identified threats and is not, by itself, a complete threat-modeling process. The OWASP Application Security Verification Standard (ASVS) provides security control requirements and verification guidance rather than a methodology for identifying and ranking threats. Therefore, PASTA best meets the project's needs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Process for Attack Simulation and Threat Analysis (PASTA)?
Open an interactive chat with Bash
How does PASTA compare to the STRIDE model?
Open an interactive chat with Bash
Why is PASTA preferred over methods like DREAD or OWASP ASVS for this scenario?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .