Which threat modeling method provides a foundation for recognizing vulnerabilities related to the use of AI (e.g., data tampering or denial of service) but lacks AI-specific challenges?

Prepare for the AAISM Domain 2 test with flashcards and multiple choice questions. Understand the concepts and gain confidence for your exam!

Multiple Choice

Which threat modeling method provides a foundation for recognizing vulnerabilities related to the use of AI (e.g., data tampering or denial of service) but lacks AI-specific challenges?

Explanation:
Threat modeling uses structured categories to surface potential attacks. STRIDE is a widely used framework that screens threats across six categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. This makes it a solid foundation for spotting vulnerabilities that can affect AI systems because many real risks map neatly to these buckets—for example, tampering with data inputs or training data, and attacks that aim to overwhelm a service, causing downtime. It doesn’t inherently cover AI-specific challenges like data poisoning, model inversion, or adversarial examples, so you’d augment STRIDE with ML-focused threat modeling to address those gaps. Other frameworks emphasize different concerns—privacy in LINDDUN, risk depth and process orientation in PASTA, or a distinct threat-tree approach in Trike—so they don’t align as directly with the broad set of security threats you’d assess in an AI-enabled system as STRIDE does.

Threat modeling uses structured categories to surface potential attacks. STRIDE is a widely used framework that screens threats across six categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. This makes it a solid foundation for spotting vulnerabilities that can affect AI systems because many real risks map neatly to these buckets—for example, tampering with data inputs or training data, and attacks that aim to overwhelm a service, causing downtime. It doesn’t inherently cover AI-specific challenges like data poisoning, model inversion, or adversarial examples, so you’d augment STRIDE with ML-focused threat modeling to address those gaps. Other frameworks emphasize different concerns—privacy in LINDDUN, risk depth and process orientation in PASTA, or a distinct threat-tree approach in Trike—so they don’t align as directly with the broad set of security threats you’d assess in an AI-enabled system as STRIDE does.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy