Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 4: Trust and Threat Model

Full screen (f)
exit full mode
Question
3)In the Web trust model, the management of who to trust is essentially pushed down to the user level.
Use Space or
up arrow
down arrow
to flip the card.
Question
12)The ____ trust model is a general trust model that applies in the areas of e-commerce, Web services, and peer-to-peer (P2P) systems.

A) distributed
B) reputation
C) strict hierarchy
D) web of trust
Question
17)A(n) ____ is a type of methodology commonly used to identify all the threats associated with a system.

A) attack pattern
B) qualitative assessment
C) quantitative assessment
D) attack tree
Question
5)All keys in PGP are stored in encrypted form.
Question
7)In a ____, the tree is structured as a shallow hierarchy where there is no subordinate CAs.

A) web of trust
B) Web hierarchy
C) distributed model
D) trusted issuer hierarchy
Question
11)PGP allows revocation on two levels: signature level and ____ level.

A) key
B) DN
C) certificate
D) user
Question
18)In an attack tree, each path tracing from the root node to a leaf node represents a unique way to achieve the goal of the attacker. This path is also called a(n) "____."

A) attack path
B) validation path
C) risk path
D) trust path
Question
14)____ risk is one that affects only individuals and not the entire organization.

A) Implicit
B) Marginal
C) Particular
D) Fundamental
Question
10)In PGP, ____ trust is established when a user trusts his or her own key pair.

A) marginal
B) complete
C) explicit
D) implicit
Question
19)Once a basic attack tree is completed, you can assign values to each leaf node. These values are often called ____.

A) weights
B) ranks
C) risk levels
D) indicators
Question
6)The ____ trust model is the most common trust model used by PKI.

A) strict hierarchy
B) distributed
C) Web
D) web of trust
Question
16)____ is a threat-rating system developed by Microsoft and is used to assess risk with great granularity.

A) Qualitative assessment
B) DREAD
C) Quantitative assessment
D) Risk-scaling
Question
9)In a ____ configuration, all peer trust anchors are potentially cross-certified among each other.

A) hub configuration
B) line configuration
C) mesh configuration
D) star configuration
Question
1)Trust by itself can be measured quantitatively.
Question
13)A(n) ____ risk is one that affects the entire organization or large numbers of persons or groups within the organization.

A) fundamental
B) particular
C) marginal
D) implicit
Question
20)____ speed up the overall development process by providing tested and proven development paradigms.

A) Attack patterns
B) Design patterns
C) Tree patterns
D) Attack trees
Question
4)The digital certificate used by PGP is equal to the standard X.509 certificate.
Question
15)____ assessment is a weighted risk measurement with input from various parties.

A) Qualitative
B) Quantitative
C) Marginal
D) ALE
Question
8)____ configurations connects each peer trust anchor to a hub.

A) Tree
B) Hub
C) Mesh
D) Line
Question
2)The strict hierarchy model is appropriate for every environment.
Question
34)Describe the strict hierarchy trust model.
Question
27)The term _________________________ is used to address the pair of forward and reverse certificates associated with a particular CA.
Question
40)What does DREAD stand for?
Question
36)Describe the Web trust model.
Question
31)______________________________ is a process of computing and assigning numeric values for each object being assessed.
Question
39)What are the steps involved in a quantitative assessment?
Question
37)What are the core assumptions for validation and trust in PGP?
Question
22)____ is a security vulnerability at the application level using a database.

A) Phishing
B) XSS
C) Cross-site scripting
D) SQL injection
Question
41)What are the possible damages caused by phishing?
Question
23)The goal of the ____ attacker is to inject a SQL query/command as an input, possibly via Web pages.

A) phishing
B) XSS
C) SQL injection
D) denial of service
Question
26)____ is a security vulnerability when malicious client-side script is injected into a Web application to gather sensitive user data.

A) Buffer overflow
B) Phishing
C) XSS
D) SQL injection
Question
38)What are some of the characteristics of a centralized system that implements a reputation trust model?
Question
30)_________________________ is an organizational process that identifies potential loss exposures and selects the most appropriate techniques for treating such exposures.
Question
35)What are the three variations of the distributed trust model?
Question
21)____ is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information by posing as a trustworthy person or business in an apparently official electronic communication.

A) Cross-site scripting
B) Denial of service
C) Phishing
D) SQL injection
Question
25)A ____ policy prevents a document or script loaded from one "origin" from accessing or modifying the properties of a document from a different "origin."

A) same-origin
B) trust domain
C) cross-certification
D) cross-domain
Question
29)____________________ is a security-analysis methodology that can be used to identify risks and to guide subsequent software development decisions.
Question
33)How is trust defined?
Question
24)The original definition of ____ is a software security vulnerability in Web applications that can be used by an attacker to compromise the same origin policy of client-side scripting languages.

A) denial of service
B) cross-site scripting
C) phishing
D) SQL injection
Question
28)______________________________ is the best implementation of the web of trust model.
Question
Match between columns
Premises:
Responses:
process of connecting the peer trust anchors in a distributed trust model
Web of trust model
process of connecting the peer trust anchors in a distributed trust model
Cross-certification
process of connecting the peer trust anchors in a distributed trust model
Attack patterns
process of connecting the peer trust anchors in a distributed trust model
Design patterns
process of connecting the peer trust anchors in a distributed trust model
Qualitative assessment
process of connecting the peer trust anchors in a distributed trust model
Risk
process of connecting the peer trust anchors in a distributed trust model
Attack tree
process of connecting the peer trust anchors in a distributed trust model
Trust model
process of connecting the peer trust anchors in a distributed trust model
Web trust model
provides a formal way of describing the security of systems based on various attacks
Web of trust model
provides a formal way of describing the security of systems based on various attacks
Cross-certification
provides a formal way of describing the security of systems based on various attacks
Attack patterns
provides a formal way of describing the security of systems based on various attacks
Design patterns
provides a formal way of describing the security of systems based on various attacks
Qualitative assessment
provides a formal way of describing the security of systems based on various attacks
Risk
provides a formal way of describing the security of systems based on various attacks
Attack tree
provides a formal way of describing the security of systems based on various attacks
Trust model
provides a formal way of describing the security of systems based on various attacks
Web trust model
decentralizes the task of trust management to the users
Web of trust model
decentralizes the task of trust management to the users
Cross-certification
decentralizes the task of trust management to the users
Attack patterns
decentralizes the task of trust management to the users
Design patterns
decentralizes the task of trust management to the users
Qualitative assessment
decentralizes the task of trust management to the users
Risk
decentralizes the task of trust management to the users
Attack tree
decentralizes the task of trust management to the users
Trust model
decentralizes the task of trust management to the users
Web trust model
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Web of trust model
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Cross-certification
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Attack patterns
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Design patterns
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Qualitative assessment
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Risk
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Attack tree
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Trust model
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Web trust model
standard solutions to common problems in software design
Web of trust model
standard solutions to common problems in software design
Cross-certification
standard solutions to common problems in software design
Attack patterns
standard solutions to common problems in software design
Design patterns
standard solutions to common problems in software design
Qualitative assessment
standard solutions to common problems in software design
Risk
standard solutions to common problems in software design
Attack tree
standard solutions to common problems in software design
Trust model
standard solutions to common problems in software design
Web trust model
the most popular PKI trust model used today
Web of trust model
the most popular PKI trust model used today
Cross-certification
the most popular PKI trust model used today
Attack patterns
the most popular PKI trust model used today
Design patterns
the most popular PKI trust model used today
Qualitative assessment
the most popular PKI trust model used today
Risk
the most popular PKI trust model used today
Attack tree
the most popular PKI trust model used today
Trust model
the most popular PKI trust model used today
Web trust model
sometimes referred as organizational survey assessment
Web of trust model
sometimes referred as organizational survey assessment
Cross-certification
sometimes referred as organizational survey assessment
Attack patterns
sometimes referred as organizational survey assessment
Design patterns
sometimes referred as organizational survey assessment
Qualitative assessment
sometimes referred as organizational survey assessment
Risk
sometimes referred as organizational survey assessment
Attack tree
sometimes referred as organizational survey assessment
Trust model
sometimes referred as organizational survey assessment
Web trust model
uncertainty concerning the occurrence of a loss
Web of trust model
uncertainty concerning the occurrence of a loss
Cross-certification
uncertainty concerning the occurrence of a loss
Attack patterns
uncertainty concerning the occurrence of a loss
Design patterns
uncertainty concerning the occurrence of a loss
Qualitative assessment
uncertainty concerning the occurrence of a loss
Risk
uncertainty concerning the occurrence of a loss
Attack tree
uncertainty concerning the occurrence of a loss
Trust model
uncertainty concerning the occurrence of a loss
Web trust model
speed up security analysis by providing tested and proven problem/solution pairs
Web of trust model
speed up security analysis by providing tested and proven problem/solution pairs
Cross-certification
speed up security analysis by providing tested and proven problem/solution pairs
Attack patterns
speed up security analysis by providing tested and proven problem/solution pairs
Design patterns
speed up security analysis by providing tested and proven problem/solution pairs
Qualitative assessment
speed up security analysis by providing tested and proven problem/solution pairs
Risk
speed up security analysis by providing tested and proven problem/solution pairs
Attack tree
speed up security analysis by providing tested and proven problem/solution pairs
Trust model
speed up security analysis by providing tested and proven problem/solution pairs
Web trust model
Question
42)What are the possible damages caused by a cross-site scripting attack?
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/42
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 4: Trust and Threat Model
1
3)In the Web trust model, the management of who to trust is essentially pushed down to the user level.
True
2
12)The ____ trust model is a general trust model that applies in the areas of e-commerce, Web services, and peer-to-peer (P2P) systems.

A) distributed
B) reputation
C) strict hierarchy
D) web of trust
B
3
17)A(n) ____ is a type of methodology commonly used to identify all the threats associated with a system.

A) attack pattern
B) qualitative assessment
C) quantitative assessment
D) attack tree
D
4
5)All keys in PGP are stored in encrypted form.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
5
7)In a ____, the tree is structured as a shallow hierarchy where there is no subordinate CAs.

A) web of trust
B) Web hierarchy
C) distributed model
D) trusted issuer hierarchy
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
6
11)PGP allows revocation on two levels: signature level and ____ level.

A) key
B) DN
C) certificate
D) user
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
7
18)In an attack tree, each path tracing from the root node to a leaf node represents a unique way to achieve the goal of the attacker. This path is also called a(n) "____."

A) attack path
B) validation path
C) risk path
D) trust path
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
8
14)____ risk is one that affects only individuals and not the entire organization.

A) Implicit
B) Marginal
C) Particular
D) Fundamental
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
9
10)In PGP, ____ trust is established when a user trusts his or her own key pair.

A) marginal
B) complete
C) explicit
D) implicit
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
10
19)Once a basic attack tree is completed, you can assign values to each leaf node. These values are often called ____.

A) weights
B) ranks
C) risk levels
D) indicators
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
11
6)The ____ trust model is the most common trust model used by PKI.

A) strict hierarchy
B) distributed
C) Web
D) web of trust
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
12
16)____ is a threat-rating system developed by Microsoft and is used to assess risk with great granularity.

A) Qualitative assessment
B) DREAD
C) Quantitative assessment
D) Risk-scaling
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
13
9)In a ____ configuration, all peer trust anchors are potentially cross-certified among each other.

A) hub configuration
B) line configuration
C) mesh configuration
D) star configuration
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
14
1)Trust by itself can be measured quantitatively.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
15
13)A(n) ____ risk is one that affects the entire organization or large numbers of persons or groups within the organization.

A) fundamental
B) particular
C) marginal
D) implicit
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
16
20)____ speed up the overall development process by providing tested and proven development paradigms.

A) Attack patterns
B) Design patterns
C) Tree patterns
D) Attack trees
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
17
4)The digital certificate used by PGP is equal to the standard X.509 certificate.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
18
15)____ assessment is a weighted risk measurement with input from various parties.

A) Qualitative
B) Quantitative
C) Marginal
D) ALE
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
19
8)____ configurations connects each peer trust anchor to a hub.

A) Tree
B) Hub
C) Mesh
D) Line
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
20
2)The strict hierarchy model is appropriate for every environment.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
21
34)Describe the strict hierarchy trust model.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
22
27)The term _________________________ is used to address the pair of forward and reverse certificates associated with a particular CA.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
23
40)What does DREAD stand for?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
24
36)Describe the Web trust model.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
25
31)______________________________ is a process of computing and assigning numeric values for each object being assessed.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
26
39)What are the steps involved in a quantitative assessment?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
27
37)What are the core assumptions for validation and trust in PGP?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
28
22)____ is a security vulnerability at the application level using a database.

A) Phishing
B) XSS
C) Cross-site scripting
D) SQL injection
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
29
41)What are the possible damages caused by phishing?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
30
23)The goal of the ____ attacker is to inject a SQL query/command as an input, possibly via Web pages.

A) phishing
B) XSS
C) SQL injection
D) denial of service
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
31
26)____ is a security vulnerability when malicious client-side script is injected into a Web application to gather sensitive user data.

A) Buffer overflow
B) Phishing
C) XSS
D) SQL injection
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
32
38)What are some of the characteristics of a centralized system that implements a reputation trust model?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
33
30)_________________________ is an organizational process that identifies potential loss exposures and selects the most appropriate techniques for treating such exposures.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
34
35)What are the three variations of the distributed trust model?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
35
21)____ is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information by posing as a trustworthy person or business in an apparently official electronic communication.

A) Cross-site scripting
B) Denial of service
C) Phishing
D) SQL injection
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
36
25)A ____ policy prevents a document or script loaded from one "origin" from accessing or modifying the properties of a document from a different "origin."

A) same-origin
B) trust domain
C) cross-certification
D) cross-domain
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
37
29)____________________ is a security-analysis methodology that can be used to identify risks and to guide subsequent software development decisions.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
38
33)How is trust defined?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
39
24)The original definition of ____ is a software security vulnerability in Web applications that can be used by an attacker to compromise the same origin policy of client-side scripting languages.

A) denial of service
B) cross-site scripting
C) phishing
D) SQL injection
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
40
28)______________________________ is the best implementation of the web of trust model.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
41
Match between columns
Premises:
Responses:
process of connecting the peer trust anchors in a distributed trust model
Web of trust model
process of connecting the peer trust anchors in a distributed trust model
Cross-certification
process of connecting the peer trust anchors in a distributed trust model
Attack patterns
process of connecting the peer trust anchors in a distributed trust model
Design patterns
process of connecting the peer trust anchors in a distributed trust model
Qualitative assessment
process of connecting the peer trust anchors in a distributed trust model
Risk
process of connecting the peer trust anchors in a distributed trust model
Attack tree
process of connecting the peer trust anchors in a distributed trust model
Trust model
process of connecting the peer trust anchors in a distributed trust model
Web trust model
provides a formal way of describing the security of systems based on various attacks
Web of trust model
provides a formal way of describing the security of systems based on various attacks
Cross-certification
provides a formal way of describing the security of systems based on various attacks
Attack patterns
provides a formal way of describing the security of systems based on various attacks
Design patterns
provides a formal way of describing the security of systems based on various attacks
Qualitative assessment
provides a formal way of describing the security of systems based on various attacks
Risk
provides a formal way of describing the security of systems based on various attacks
Attack tree
provides a formal way of describing the security of systems based on various attacks
Trust model
provides a formal way of describing the security of systems based on various attacks
Web trust model
decentralizes the task of trust management to the users
Web of trust model
decentralizes the task of trust management to the users
Cross-certification
decentralizes the task of trust management to the users
Attack patterns
decentralizes the task of trust management to the users
Design patterns
decentralizes the task of trust management to the users
Qualitative assessment
decentralizes the task of trust management to the users
Risk
decentralizes the task of trust management to the users
Attack tree
decentralizes the task of trust management to the users
Trust model
decentralizes the task of trust management to the users
Web trust model
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Web of trust model
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Cross-certification
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Attack patterns
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Design patterns
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Qualitative assessment
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Risk
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Attack tree
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Trust model
defines what you can trust, how you are going to build a trust relationship, and when to apply and verify the trust
Web trust model
standard solutions to common problems in software design
Web of trust model
standard solutions to common problems in software design
Cross-certification
standard solutions to common problems in software design
Attack patterns
standard solutions to common problems in software design
Design patterns
standard solutions to common problems in software design
Qualitative assessment
standard solutions to common problems in software design
Risk
standard solutions to common problems in software design
Attack tree
standard solutions to common problems in software design
Trust model
standard solutions to common problems in software design
Web trust model
the most popular PKI trust model used today
Web of trust model
the most popular PKI trust model used today
Cross-certification
the most popular PKI trust model used today
Attack patterns
the most popular PKI trust model used today
Design patterns
the most popular PKI trust model used today
Qualitative assessment
the most popular PKI trust model used today
Risk
the most popular PKI trust model used today
Attack tree
the most popular PKI trust model used today
Trust model
the most popular PKI trust model used today
Web trust model
sometimes referred as organizational survey assessment
Web of trust model
sometimes referred as organizational survey assessment
Cross-certification
sometimes referred as organizational survey assessment
Attack patterns
sometimes referred as organizational survey assessment
Design patterns
sometimes referred as organizational survey assessment
Qualitative assessment
sometimes referred as organizational survey assessment
Risk
sometimes referred as organizational survey assessment
Attack tree
sometimes referred as organizational survey assessment
Trust model
sometimes referred as organizational survey assessment
Web trust model
uncertainty concerning the occurrence of a loss
Web of trust model
uncertainty concerning the occurrence of a loss
Cross-certification
uncertainty concerning the occurrence of a loss
Attack patterns
uncertainty concerning the occurrence of a loss
Design patterns
uncertainty concerning the occurrence of a loss
Qualitative assessment
uncertainty concerning the occurrence of a loss
Risk
uncertainty concerning the occurrence of a loss
Attack tree
uncertainty concerning the occurrence of a loss
Trust model
uncertainty concerning the occurrence of a loss
Web trust model
speed up security analysis by providing tested and proven problem/solution pairs
Web of trust model
speed up security analysis by providing tested and proven problem/solution pairs
Cross-certification
speed up security analysis by providing tested and proven problem/solution pairs
Attack patterns
speed up security analysis by providing tested and proven problem/solution pairs
Design patterns
speed up security analysis by providing tested and proven problem/solution pairs
Qualitative assessment
speed up security analysis by providing tested and proven problem/solution pairs
Risk
speed up security analysis by providing tested and proven problem/solution pairs
Attack tree
speed up security analysis by providing tested and proven problem/solution pairs
Trust model
speed up security analysis by providing tested and proven problem/solution pairs
Web trust model
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
42
42)What are the possible damages caused by a cross-site scripting attack?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree