🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional119 / 129
Question 119 of 129
A software security team is beginning a threat modeling exercise for a new customer-facing web application still in the design phase. The lead architect wants a structured methodology that systematically enumerates threats by category — such as spoofing, tampering, and information disclosure — mapped against the data flows and trust boundaries in the system design. Which threat modeling approach best fits this requirement?
Reviewed for accuracy · Report an issueNext question