Answer-first summary for fast verification
Answer: threat modeling by using the Microsoft Threat Modeling Tool
Threat modeling by using the Microsoft Threat Modeling Tool is the most suitable approach during the application design phase as part of the Microsoft Security Development Lifecycle (SDL). Threat modeling helps identify potential threats, attacks, vulnerabilities, and countermeasures, shaping the application's design to meet security objectives and reducing risk. None of the other options - software decomposition, dynamic application security testing (DAST), or static application security testing (SAST) - specifically address the comprehensive identification and mitigation of threats in the design phase as effectively as threat modeling.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In the context of creating an application lifecycle management process centered around the Microsoft Security Development Lifecycle (SDL), you are tasked with recommending a security standard for onboarding applications to Azure. This standard should encompass guidelines for the application's design, development, and deployment phases. Specifically, during the application design phase, what should be included? Note that threat modeling is a fundamental aspect of the Microsoft SDL. It is an engineering technique to identify threats, attacks, vulnerabilities, and countermeasures that could impact your application. Threat modeling can be utilized to shape your application's design, fulfill your organization's security objectives, and mitigate risks.
A
software decomposition by using Microsoft Visual Studio Enterprise
B
dynamic application security testing (DAST) by using Veracode
C
threat modeling by using the Microsoft Threat Modeling Tool
D
static application security testing (SAST) by using SonarQube
No comments yet.