In STRIDE threat modeling, which threat category corresponds to impersonation or pretending to be someone else to gain access?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $24.99Unlock all

Get ready for your WGU ITEC2034 D385 Software Security and Testing Test. Study with multiple choice questions that include hints and explanations. Boost your confidence for your exam day!

Multiple Choice

In STRIDE threat modeling, which threat category corresponds to impersonation or pretending to be someone else to gain access?

Impersonating someone else to gain access is addressed by the spoofing category in STRIDE. Spoofing covers attacks where the attacker pretends to be a legitimate user, device, or service by presenting forged credentials, stolen tokens, or forged identities to bypass authentication. This is exactly what happens in impersonation, whether through stolen login details, fake certificates, or hijacked sessions.

This differs from tampering, which is changing data or code to mislead systems; repudiation, which involves denying that a user performed an action; and information disclosure, which is about exposing data to unauthorized parties without necessarily impersonating anyone. So the impersonation-focused threat is best described by spoofing.

In STRIDE threat modeling, which threat category corresponds to impersonation or pretending to be someone else to gain access?

Get ready for your WGU ITEC2034 D385 Software Security and Testing Test. Study with multiple choice questions that include hints and explanations. Boost your confidence for your exam day!

In STRIDE threat modeling, which threat category corresponds to impersonation or pretending to be someone else to gain access?

Get the latest from Examzify