By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
Threat types categorize potential dangers to an organization’s assets—data, systems, people, or reputation. You use them to identify, prioritize, and mitigate risks before they cause harm.
Businesses, security teams, and IT professionals rely on threat types to build defenses, allocate resources, and respond effectively to incidents.
Threats evolve constantly—cyberattacks, insider risks, natural disasters, and supply chain disruptions cost businesses $6 trillion globally in 2023 (Cybersecurity Ventures). Understanding threat types helps you: - Reduce financial losses (e.g., ransomware, fraud).- Protect customer trust (e.g., data breaches).- Comply with regulations (e.g., GDPR, HIPAA).- Prioritize security investments (e.g., patching vs. employee training).
Without a clear threat model, you’re reacting to crises instead of preventing them.
Example: - Threat: Phishing emails.- Vulnerability: Employees clicking malicious links.- Risk: High (if successful, leads to data breach).
The path a threat takes to exploit a vulnerability: - Email (phishing, malware attachments).- Network (unsecured Wi-Fi, open ports).- Physical (tailgating, stolen devices).- Supply Chain (compromised third-party software).- Social Engineering (tricking humans, e.g., fake support calls).
Threat modeling is a structured way to identify and mitigate threats. Here’s how it works:
What are the boundaries? (e.g., cloud servers, on-premises databases).
Identify Assets & Data Flows
Map how data moves (e.g., user → web app → database).
List Potential Threats
Ask: Who would want to harm this? How?
Prioritize Risks
Focus on high-risk threats first.
Mitigate & Validate
Scenario: A simple e-commerce site with: - User login (email/password).- Product catalog.- Payment processing (via third-party API).
graph LR User -->|Login| WebApp WebApp -->|Auth| Database User -->|Browse| WebApp WebApp -->|Fetch| Database User -->|Checkout| WebApp WebApp -->|Process| PaymentAPI
Expected Outcome: - A documented threat model for the web app.- A prioritized list of risks and mitigations.- Actionable security improvements.
Fix: Monitor employee access, enforce least privilege, and train staff on security policies.
Overlooking Third-Party Risks
Fix: Audit third-party security (e.g., SOC 2 reports), use zero-trust principles.
Static Threat Models
Fix: Review and update the model quarterly or after major changes (e.g., new features, mergers).
Underestimating Human Error
Fix: Train employees on phishing, social engineering, and secure coding.
Prioritizing Low-Impact Threats
Use STRIDE, PASTA, or MITRE ATT&CK to structure your threat modeling.
Automate Where Possible
Tools like OWASP ZAP (for web apps) or Microsoft Threat Modeling Tool can identify common threats.
Assume Breach
Design systems with the mindset that some threats will succeed. Plan for detection and recovery (e.g., backups, incident response).
Test Defenses
Conduct penetration tests and red team exercises to validate mitigations.
Document Everything
A company’s database was breached because an employee reused a password from a previous leak. Which threat type does this represent?
A) Spoofing B) Tampering C) Information Disclosure D) Elevation of Privilege
Correct Answer: C) Information Disclosure Explanation: The breach exposed sensitive data (information disclosure). While the vulnerability was weak passwords, the threat was the exposure of data.Why the Distractors Are Tempting: - A) Spoofing involves impersonation (e.g., phishing), not password reuse.- B) Tampering involves modifying data, not stealing it.- D) Elevation of privilege involves gaining higher access, not data exposure.
A retail website experiences a DDoS attack, making it unavailable for 6 hours. Which STRIDE category does this fall under?
A) Denial of Service B) Tampering C) Repudiation D) Spoofing
Correct Answer: A) Denial of Service Explanation: A DDoS attack disrupts service availability, fitting the DoS category in STRIDE.Why the Distractors Are Tempting: - B) Tampering involves altering data, not availability.- C) Repudiation involves denying actions (e.g., claiming you didn’t send an email).- D) Spoofing involves impersonation (e.g., fake login pages).
A developer hardcodes API keys in a public GitHub repository. Which threat actor is most likely to exploit this?
A) Nation-State B) Script Kiddie C) Insider D) Hacktivist
Correct Answer: B) Script Kiddie Explanation: Script kiddies use automated tools to scan GitHub for exposed keys. While other actors could exploit it, script kiddies are the most likely due to low effort.Why the Distractors Are Tempting: - A) Nation-states target high-value assets (e.g., government systems).- C) Insiders have legitimate access (no need to scan GitHub).- D) Hacktivists focus on ideological targets (e.g., defacing websites).
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.