CBSE - Certified Blockchain Security Expert Blockchain Threat Modeling Questions and Answers

Question 1

When applying the STRIDE threat model to a public, permissionless blockchain, which threat category would most accurately describe a 51% attack?

Accepted Answer

Tampering

Answer

Spoofing

Answer

Information Disclosure

Answer

Repudiation

Question 2

A development team is building a decentralized application (dApp) for supply chain management. During the threat modeling process, they focus on ensuring that once a shipment's status is recorded on the blockchain, no party, including the originator, can deny having submitted that transaction. Which security principle is central to this requirement?

Accepted Answer

Non-repudiation

Answer

Confidentiality

Answer

Availability

Answer

Integrity

Question 3

Which of the following is a primary focus of threat modeling specifically for the smart contract layer of a blockchain application, as opposed to the network or consensus layer?

Accepted Answer

Re-entrancy and integer overflow vulnerabilities

Answer

Sybil attacks on network nodes

Answer

Eclipse attacks isolating a particular node

Answer

Selfish mining strategies

Question 4

A security analyst is performing a threat modeling exercise on a new DeFi lending protocol. The protocol uses a decentralized price oracle to determine asset values for collateralization. A potential threat identified is that an attacker could manipulate the oracle's price feed to cause unfair liquidations. Using the DREAD model to rate this threat, which component would likely score the highest?

Accepted Answer

Damage Potential

Answer

Reproducibility

Answer

Discoverability

Answer

Affected Users

Question 5

When creating a comprehensive threat model for a decentralized application (dApp), why is it insufficient to only analyze the on-chain components like smart contracts?

Accepted Answer

Because dApps also include off-chain components like web front-ends and wallets which introduce their own attack surfaces.

Answer

Because smart contracts are immutable and cannot be changed once deployed.

Answer

Because all dApp logic is contained within the smart contract.

Answer

Because on-chain threat modeling is already handled by the blockchain's consensus mechanism.

Question 6

Which threat modeling methodology is specifically designed to focus on privacy-related threats, making it a valuable complement to STRIDE when analyzing blockchain systems that handle sensitive personal or enterprise data?

Accepted Answer

LINDDUN

Answer

PASTA

Answer

CVSS

Answer

DREAD