YouTube
shieldCISSP Practice Domain 8 — Software Development Security Q112 of 120

Which secure development practice involves modeling threats during the design phase?

A CISSP practice question covering Domain 8: Software Development Security. Try answering before reading the explanation below.

Show options & answer
A
Threat modeling (STRIDE, PASTA, attack trees)
✓ Correct answer
B
Penetration testing only
C
Production monitoring
D
Code obfuscation
Why "Threat modeling (STRIDE, PASTA, attack trees)" is the right answer

Threat modeling at design time is cheaper than fixing later. STRIDE, PASTA, and attack trees are common methodologies. Pen testing finds issues but is too late and too narrow alone. Obfuscation is not security.

Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.
Start full test →

Other practice tests

All practice tests CISSP videos Glossary