Course Name :- Hybrid Cloud Conference – App Security and Threat Modeler Lab
Question 1: “STRIDE” is an acronym and framework for considering threats to a system. What does the “S” stand for?
- Social Engineering
Question 2: Does GDPR give users the right to erasure?
Question 3: To speed up the user registration process for our lab we did the following:
- Allowed anonymous sign ins
- Disabled email verification
- Gave everyone the “admin” role
- Set everyone’s password to “1234”
Question 4: What is a recommended way to combat Spoofing?
- Making mobile apps available through trusted sources like the Apple App Store, Google Play Store
- Using industry standard authentication protocols
- Use a cloud provider with the highest level of government certification
- All of the above
Question 5: Applications registered with AppID are also known as OAuth clients. What key information is needed for authentication?
- Client id and secret
- API key and password
- Client secret and password