DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability) is a threat modeling framework used to assess and prioritize risks.
Option A (Web application test) ❌: While DREAD can be used in web security, PTES (Penetration Testing Execution Standard) is a better framework for conducting pentests.
Option B (Mobile application test) ❌: PTES provides guidelines for mobile security testing, whereas DREAD is for threat modeling.
Option C (Thick client application) ❌: Thick clients require specific testing methodologies, not DREAD.
Option D (Creating a threat model) ✅: Correct.
DREAD is designed for risk assessment and prioritization.
PTES focuses on penetration testing execution, not threat modeling.
???? Reference: CompTIA PenTest+ PT0-003 Official Guide – Threat Modeling with DREAD vs. PTES
Submit