ExercisesSecurity Architecture Language › Security Design Review

Security Design Review

5 questions · Security Architecture Language

1. Before a new payment feature is deployed, the security team reviews the design diagrams, threat model, and proposed controls. What is this activity called?
2. The security team accepts a risk because the cost of mitigation exceeds the potential impact. Which risk treatment are they applying?
3. The team decides to implement an insurance policy for data breach costs rather than building a more expensive security control. Which risk treatment strategy is this?
4. The architecture review board uses a red/amber/green (RAG) status to communicate security findings. A 'red' finding means:
5. An engineer proposes implementing rate limiting to reduce the risk of credential stuffing attacks. The security team agrees this reduces the likelihood but does not eliminate the risk. Which risk treatment is rate limiting implementing?

Exercise complete!

out of 5 questions