review-1

Author: v-thpra

learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/2-spoofing-pretending-to-be-someone-or-something-else.yml

@@ -16,12 +16,12 @@ quiz:
   questions:
   - content: "Which statement describes a potential security control against spoofing?"
     choices:
-    - content: "Sender digitally signs a message so the receiver knows who the message came from"
+    - content: "Sender digitally signs a message so the receiver knows who the message came from."
       isCorrect: true
-      explanation: "This message applies to spoofing"
-    - content: "System logs all actions and users to keep everyone accountable"
+      explanation: "This message applies to spoofing."
+    - content: "System logs all actions and users to keep everyone accountable."
       isCorrect: false
-      explanation: "This statement applies to repudiation"
-    - content: "System grants administrative access to users listed on the access control list"
+      explanation: "This statement applies to repudiation."
+    - content: "System grants administrative access to users listed on the access control list."
       isCorrect: false
-      explanation: "This statement applies to tampering, information disclosure, denial of service and elevation of privilege "
+      explanation: "This statement applies to tampering, information disclosure, denial of service and elevation of privilege."

learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/includes/1-introduction.md

@@ -19,7 +19,7 @@ Using the framework, you're able to answer questions like:
 - How do I know someone can't change data in transit, in use, or at rest?
 - Can every action be tied to an identity?
 - How do I know someone can't see data in transit, in use, or at rest?
-- Are there areas in the system where resource is limited?
+- Are there areas in the system where resources are limited?
 - How do I know someone is allowed to take this action?
 
 In this module, you learn about each threat category and its corresponding security controls.

learn-pr/azure/tm-use-a-framework-to-identify-threats-and-find-ways-to-reduce-or-eliminate-risk/includes/2-spoofing-pretending-to-be-someone-or-something-else.md

@@ -3,7 +3,7 @@
 Examples include:
 
 - An attacker sends an email to users from an account that seems legitimate with malicious links and attachments to capture their credentials, data, and device access.
-- An attacker spoofs SSIDs and IP addresses while using open and inherently insecure TCP/IP protocols to send malicious payloads to victims.
+- An attacker spoofs Service Set Identifiers (SSIDs) and IP addresses while using open and inherently insecure TCP/IP protocols to send malicious payloads to victims.
 
 ## Elements and interactions at risk from spoofing attacks
 
@@ -29,8 +29,8 @@ Examples include:
 Examples include:
 
 - Sending and receiving messages signed with digital signatures to authenticate origin and ensure message integrity.
-- Securing data transmissions with SSL/TLS to encrypt traffic between source and target.
-- The use of unique credentials with expiring tokens, passwords, or multi-factor authentication to help secure user, admin, and service accounts.
+- Securing data transmissions with TLS/SSL to encrypt traffic between source and target.
+- The use of unique credentials with expiring tokens, passwords, or multifactor authentication to help secure user, admin, and service accounts.
 
 ### Common security controls to reduce or eliminate risk
 
@@ -45,7 +45,7 @@ For your system:
 - User Authentication
 - Cookie Authentication
 - Kerberos
-- SSL/TLS
+- TLS/SSL
 - Certificates
 - IPSec
 - Digitally Signed Packets