Which categories are included in the STRIDE model?

STRIDE is a threat modeling framework used to categorize potential security threats a system might face. It identifies six threat classes: Spoofing (impersonating someone or something), Tampering (altering data or programs), Repudiation (actions can be disputed or denied), Information disclosure (exposure of information to unauthorized parties), Denial of service (resource exhaustion or disruption), and Elevation of privilege (gaining higher access than authorized). The option that lists exactly these six categories matches STRIDE’s threat classes, making it the best choice. The other options point to concepts or controls rather than threat categories: the CIA-like terms refer to security goals, the speed/reliability/usability/compliance set describes performance or quality attributes, and encryption, access control, logging, and monitoring are controls or safeguards rather than STRIDE threat classes.