In STRIDE threat-modeling, which category describes an attacker pretending to be someone else?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Enhance your NSF Specialist Training skills. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

In STRIDE threat-modeling, which category describes an attacker pretending to be someone else?

Explanation:
In STRIDE, spoofing covers impersonation—an attacker pretends to be someone else to gain access or trust. This targets authentication and identity verification, such as forging credentials, tokens, or a device’s identity to act as a legitimate user or system. That’s precisely what “pretending to be someone else” describes. Tampering would involve altering data, repudiation is arguing a claim wasn’t made or actions weren’t taken, and Denial of Service aims to disrupt availability. So impersonation best fits spoofing.

In STRIDE, spoofing covers impersonation—an attacker pretends to be someone else to gain access or trust. This targets authentication and identity verification, such as forging credentials, tokens, or a device’s identity to act as a legitimate user or system. That’s precisely what “pretending to be someone else” describes.

Tampering would involve altering data, repudiation is arguing a claim wasn’t made or actions weren’t taken, and Denial of Service aims to disrupt availability. So impersonation best fits spoofing.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy