Security Engineering

Threat Modeling

8 practice questions. Free questions open a full answer guide; the rest unlock with Pro.

  • What is threat modeling, and how would you approach it for a new feature you're building? Junior level
  • How do you actually run a threat-modeling exercise on a new service, and at what point in delivery do you do it?Go Pro Mid level
  • Your teams ship multiple times a day. Where does threat modeling actually fit in that workflow, and how do you keep it from becoming a one-time gate that gets skipped?Go Pro Senior level
  • STRIDE, attack trees, PASTA — how do you decide which threat modeling approach to use, and what's the failure mode you watch for regardless of method?Go Pro Senior level
  • A product team wants to wire up a third-party SaaS integration that gets read access to our customer data over OAuth. How do you threat-model that integration before it ships, and what specifically do you scrutinize?Go Pro Senior level
  • What is a trust boundary in a system diagram, and why does it matter where you draw it?Go Pro Junior level
  • After a threat model surfaces a long list of threats, how do you decide which ones to fix and which to accept?Go Pro Mid level
  • Beyond enumerating what a system should do, how do you bring an attacker's mindset into a threat model — what does thinking in terms of abuse cases actually look like?Go Pro Mid level
Want questions matched to your role? Paste a job title, job description, or CV for a personalized set, or go Pro to unlock the full bank.