Which STRIDE category is primarily about altering data to misrepresent or corrupt information?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Get ready for your WGU ITEC2034 D385 Software Security and Testing Test. Study with multiple choice questions that include hints and explanations. Boost your confidence for your exam day!

Multiple Choice

Which STRIDE category is primarily about altering data to misrepresent or corrupt information?

Explanation:
Tampering is about unauthorized changes to data to misrepresent or corrupt what the system reports. In threat modeling, tampering targets data integrity—if an attacker can modify data in storage or during transmission, the information becomes untrustworthy and decisions based on it can be wrong. Think of scenarios where someone alters a value in a database, a configuration file, or a message before it’s processed. The goal is to make the data say something different than what was originally intended, undermining trust in the system’s outputs. This fits the described goal precisely: changing data to misrepresent or corrupt information. It’s different from spoofing (impersonation to gain access), information disclosure (exposing data), or denial of service (making a service unavailable). The other STRIDE categories address those concerns, while tampering centers on data integrity through modification.

Tampering is about unauthorized changes to data to misrepresent or corrupt what the system reports. In threat modeling, tampering targets data integrity—if an attacker can modify data in storage or during transmission, the information becomes untrustworthy and decisions based on it can be wrong.

Think of scenarios where someone alters a value in a database, a configuration file, or a message before it’s processed. The goal is to make the data say something different than what was originally intended, undermining trust in the system’s outputs.

This fits the described goal precisely: changing data to misrepresent or corrupt information. It’s different from spoofing (impersonation to gain access), information disclosure (exposing data), or denial of service (making a service unavailable). The other STRIDE categories address those concerns, while tampering centers on data integrity through modification.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy