Certified Information Systems Security Professional (CISSP) — Question 356

Which of the following techniques evaluates the secure design principles of network or software architectures?

Answer options

• A. Risk modeling
• B. Waterfall method
• C. Threat modeling
• D. Fuzzing

Correct answer: C

Explanation

The correct answer is C, Threat modeling, as it specifically focuses on identifying potential threats and vulnerabilities in software or network designs. A. Risk modeling is more about assessing risks rather than evaluating design principles, B. Waterfall method refers to a software development process, and D. Fuzzing is a testing technique aimed at finding vulnerabilities in applications, not evaluating architectural design.