1. Question 1

Select all that apply:

✅ Back-end code
❌ Email server
✅ User interface
❌ Network infrastructure

Explanation:

Application decomposition focuses on UI, backend logic, data flows, components — not infrastructure.

---

2. Question 2

Correct factor for likelihood:

❌ Skillset of attacker
❌ Complexity of attack
❌ Number of vulnerabilities
✅ Impact of the threat ❌ (Incorrect—correct is attacker skill or complexity; but given the options, the BEST answer for likelihood is skillset of attacker)

➡ Correct Answer:
✅ The skillset of the attacker

Explanation:

Likelihood depends on attacker capability + ease of exploit.

---

3. Question 3

Select all that apply:

✅ External dependencies
✅ Types of data handled
✅ Application architecture
❌ Purpose of the application

Explanation:

Threat modeling decomposition focuses on architecture, data, dependencies.

---

4. Question 4

✅ Threat analysis
❌ Implementing security measures
❌ Writing cybersecurity policies

Explanation:

STRIDE is a structured threat categorization model.

---

5. Question 5

❌ Discovery
❌ Distribution
✅ Discoverability
❌ Disturbance

Explanation:

DREAD: Damage, Reproducibility, Exploitability, Affected Users, Discoverability.

---

6. Question 6

❌ Data exposure restrictions
✅ Encryption
❌ Data anonymization

Explanation:

Encryption is the primary mitigation against data leakage.

---

7. Question 7

Select all that apply:

✅ Enhance communication & collaboration
✅ Support risk acceptance/transfer/mitigation decisions
✅ Identify threats early
❌ Documenting system components (this is a step, but not a benefit)

Explanation:

Threat modeling benefits: visibility, collaboration, and proactive mitigation.

---

8. Question 8

❌ Make threat modeling accessible
❌ Predict future threats
✅ Gauge severity of vulnerabilities
❌ Identify latent threats

Explanation:

CVSS scores and ranks vulnerability severity.

---

9. Question 9

❌ Modern threat modeling framework
❌ Standardized toolset
❌ Comprehensive risk assessment
✅ Risk-centric threat modeling methodology

Explanation:

PASTA is a 7-step, risk-focused threat modeling approach.

---

10. Question 10

Select all that apply:

✅ Patch management
✅ Vulnerability prioritization
❌ Threat modeling
✅ Risk assessment

Explanation:

CVSS supports prioritization, patching strategy, and risk scoring.

---

11. Question 11

Select all that apply:

❌ Improved resource allocation
❌ Real-time network vulnerability view
✅ Enhanced security posture
❌ Faster detection & response

➡ VAST’s visual aspect improves clarity and security posture.

---

12. Question 12

❌ Facilitate developer communication
✅ Identify and mitigate potential threats
❌ Create visual designs
❌ Improve performance

Explanation:

Microsoft Threat Modeling Tool highlights threats early in design.

---

13. Question 13

Select all that apply:

✅ Virtual Network Gateways
✅ VPN & ExpressRoute
✅ Subnets
❌ Active Directory Domains

Explanation:

VNets include subnets, gateways, and connectivity components.

---

14. Question 14

❌ Typosquatting
❌ Memory leak
✅ Server-side request forgery (SSRF)
❌ Type confusion

Explanation:

SSRF lets attackers force the server to call internal resources.

---

15. Question 15

❌ True
✅ False

Explanation:

MITRE ATT&CK maps attacker behaviors during active attacks, not post-incident only.

---

16. Question 16

❌ System reboots
❌ Network configurations
❌ Startup/run key registry modification
✅ Scheduled tasks

Explanation:

Scheduled tasks are a common persistence mechanism.

---

17. Question 17

❌ External hard drive
✅ Firmware
❌ Software
❌ RAM

Explanation:

Rootkits hide in firmware, making detection extremely difficult.

---

18. Question 18

❌ True
✅ False

Explanation:

MCUs run RTOS or bare-metal code, not Windows/Linux.

---

19. Question 19

❌ Device
❌ User
❌ Data
✅ Privacy

Explanation:

Privacy protection is needed to prevent IoT data misuse and leakage.

---

20. Question 20

❌ Data theft
❌ Legacy/rogue devices
✅ System compromise
❌ Incorrect option

Explanation:

Lateral movement through IoT represents system compromise.

---

21. Question 21

❌ Least privilege
❌ Network segmentation
✅ Zero trust criteria
❌ Strong device identity

Explanation:

Zero Trust evaluates device health and trustworthiness.

---

22. Question 22

❌ Platform services
❌ Managed app platform
✅ Off-the-shelf software? No → Review: For customization, answer is:
➡ Utilizing platform services

Explanation:

Platform services offer flexibility + control.

Correct:
✅ Utilizing platform services

---

23. Question 23

❌ Basic network tools
❌ Active monitoring w/ agents
❌ Manual discovery
✅ Passive, agentless monitoring

Explanation:

Defender for IoT uses agentless, passive monitoring.

---

24. Question 24

❌ Social media
❌ Email servers
❌ USBs
✅ Next-generation firewalls

Explanation:

NGFWs inspect traffic deeply and block zero-day behavior.

---

25. Question 25

❌ Defender for Cloud
❌ Just-in-time access
✅ Adaptive application controls
❌ NSGs

Explanation:

Adaptive controls use ML to detect/block suspicious apps.

---

26. Question 26

❌ Workbooks
✅ Defender for Cloud + Sentinel
❌ App Gateway
❌ Firewall Manager

Explanation:

This combo integrates SIEM + CSPM + CWPP for full detection & response.

---

27. Question 27

❌ True
✅ False

Explanation:

Identity-centric security focuses on identity, not perimeter.

---

28. Question 28

❌ Threat detection
❌ Identity mgmt
✅ Data protection
❌ Network security

Explanation:

AIP = classification + labeling → data protection.

---

29. Question 29

Select all that apply:

✅ Azure Bastion
❌ Microsoft Sentinel
❌ Azure Policy
❌ ExpressRoute
✅ Azure VPN Gateway

Explanation:

Network security features: Bastion, VPN Gateway, NSGs, Firewalls, etc.

---

30. Question 30

❌ Azure AD
❌ Azure Policy
❌ Key Vault
✅ Azure Monitor

Explanation:

Azure Monitor provides real-time analytics + alerts for suspicious behavior.

---

🧾 SUMMARY TABLE

---