Order Description
Question 1
Fill in the blanks:
The principle of ______ says that security mechanisms should not add to the difficulty of accessing a resource; it is an idealized version of the principle of ______, which says that security mechanisms should match the user's mental model, so he or she is not surprised by what is required.
- psychological acceptability, least astonishment
- economy of mechanism, open design
- least astonishment, least privilege
- least privilege, psychological acceptability
Question 2
Which of the following is part of the principle of fail-safe defaults?
- If an action succeeds, attackers will fail and the system will be safe.
- If an action succeeds, log entries are not made as they are unnecessary; logs record problems.
- If an action fails, the system or program shuts down to prevent any compromise.
- If an action fails, the system ensures it enters a safe state.
Question 3
Which of the following is a violation of the principle of open design?
- Keeping the code in a cryptographic library secret to keep attackers from breaking it
- Keeping source code secret to protect proprietary rights over it
- Keeping passwords and cryptographic keys secret to keep attackers from logging into systems and reading files
- Publishing a design in a classified journal to comply with a regulation
Question 4
Which principle is reflected by the structure of a castle with a moat, two walls, and a keep?
- Principle of complete mediation
- Principle of separation of privilege
- Principle of least privilege
- Principle of economy of mechanism
Question 5
Which of the following is part of the principle of fail-safe defaults?
- Grant access by default; this makes the users safe against a failure to get access to needed resources
- Neither grant nor deny access by default; when a request to access a resource is made, notify the owner of the resource to decide whether the access is safe or it should fail.
- Deny access by default
- Neither grant nor deny access by default; when a request to access a resource is made, notify a system administrator to decide whether the access is safe or it should fail.
Question 6
Which of the principles does using complex interfaces and code violate? Pick the best one.
- Principle of economy of mechanism
- Principle of least privilege
- Principle of least common mechanism
- Principle of complete mediation