DOS MIDTERM EXAM 2026 PREMIUM
REVIEW SET PROVIDING DETAILED
ANSWER KEY
◉threat modeling. Answer: thinking through how system could be
attacked -> identifying possible threats before incident happens ->
prioritizing threats so defenses can be chosen
two major tools: STRIDE (categorizing threats) and DREAD
(prioritizing threats)
◉STRIDE. Answer: spoofing, tampering, repudiation, information
disclosure, denial of service, elevation of privilege
◉spoofing. Answer: gaining access through falsified identity
examples: fake user account identity, impersonating a trusted
sender, fake login credentials
◉tampering. Answer: unauthorized changes or manipulation of data
,examples: editing records, modifying files, changing packets in
transit
◉repudiation. Answer: ability to deny having performed an action
(by maintaining plausible deniability); can result in innocent third
parties being blamed for security violations
examples: user denies sending a transaction, malicious actor tries to
avoid accountability
◉information disclosure. Answer: disclosure of private or controlled
information to unauthorized entities
examples: leaked customer data, exposed health records,
unauthorized file access
◉denial of service. Answer: attack that prevents authorized use of a
resource/makes a service unavailable
examples: traffic flooding, resource exhaustion, deliberate outage-
causing attack
◉elevation of privilege. Answer: turning a limited account into one
with greater privileges
, examples: normal user becoming admin, application exploit leading
to root access
◉STRIDE review. Answer: fake identity -> spoofing
data changed -> tampering
deny action -> repudiation
secret exposed -> information disclosure
service unavailable -> denial of service
user gains extra permissions -> elevation of privilege
◉Why is diagramming used in threat modeling?. Answer: to reveal
where a technology or system might be attacked, so threats can be
identified and prioritized
help reveal attack points and trust concerns; STRIDE used to
categorize possible threats found in design and DREAD used
afterward to prioritize them
◉DREAD. Answer: scoring criteria: damage potential,
reproducibility, exploitability, affected users, discoverability
◉how to use DREAD?. Answer: rank each threat from 1 to 10 on all 5
criteria
REVIEW SET PROVIDING DETAILED
ANSWER KEY
◉threat modeling. Answer: thinking through how system could be
attacked -> identifying possible threats before incident happens ->
prioritizing threats so defenses can be chosen
two major tools: STRIDE (categorizing threats) and DREAD
(prioritizing threats)
◉STRIDE. Answer: spoofing, tampering, repudiation, information
disclosure, denial of service, elevation of privilege
◉spoofing. Answer: gaining access through falsified identity
examples: fake user account identity, impersonating a trusted
sender, fake login credentials
◉tampering. Answer: unauthorized changes or manipulation of data
,examples: editing records, modifying files, changing packets in
transit
◉repudiation. Answer: ability to deny having performed an action
(by maintaining plausible deniability); can result in innocent third
parties being blamed for security violations
examples: user denies sending a transaction, malicious actor tries to
avoid accountability
◉information disclosure. Answer: disclosure of private or controlled
information to unauthorized entities
examples: leaked customer data, exposed health records,
unauthorized file access
◉denial of service. Answer: attack that prevents authorized use of a
resource/makes a service unavailable
examples: traffic flooding, resource exhaustion, deliberate outage-
causing attack
◉elevation of privilege. Answer: turning a limited account into one
with greater privileges
, examples: normal user becoming admin, application exploit leading
to root access
◉STRIDE review. Answer: fake identity -> spoofing
data changed -> tampering
deny action -> repudiation
secret exposed -> information disclosure
service unavailable -> denial of service
user gains extra permissions -> elevation of privilege
◉Why is diagramming used in threat modeling?. Answer: to reveal
where a technology or system might be attacked, so threats can be
identified and prioritized
help reveal attack points and trust concerns; STRIDE used to
categorize possible threats found in design and DREAD used
afterward to prioritize them
◉DREAD. Answer: scoring criteria: damage potential,
reproducibility, exploitability, affected users, discoverability
◉how to use DREAD?. Answer: rank each threat from 1 to 10 on all 5
criteria
