ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
During the early design phase of a new AWS-based e-commerce platform, the security team must analyze how data moves between microservices and pinpoint threats such as spoofing, tampering, repudiation, information disclosure, denial of service, and privilege escalation. Which risk management technique should they apply to best meet this requirement?
Conduct a Business Impact Analysis to estimate financial losses from service outages.
Populate the corporate risk register with identified risks and assign owners for treatment.
Apply the STRIDE threat modeling framework to map potential attacker goals and system vulnerabilities.
Calculate Annualized Loss Expectancy (ALE) for each identified asset and threat pair.
The technique that explicitly examines spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege is the STRIDE threat-modeling framework. STRIDE guides security practitioners to create data-flow diagrams, define trust boundaries, and systematically identify how each of the six threat classes could exploit the system. A Business Impact Analysis focuses on operational and financial effects of outages rather than enumerating attack vectors. Annualized Loss Expectancy is a quantitative risk calculation that requires threat likelihood and impact values but does not reveal specific technical threats. Populating a risk register records identified risks and treatments, yet it depends on prior discovery work such as threat modeling; it is not itself a technique for uncovering detailed threats. Therefore, using STRIDE is the most appropriate choice in this scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the STRIDE threat modeling framework?
Open an interactive chat with Bash
How does STRIDE differ from a Business Impact Analysis (BIA)?
Open an interactive chat with Bash
Why is STRIDE important in designing systems involving microservices?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .