Secure coding practices Week2 practice
Order Description
Question 1
Fill in the blanks:
The principle of ______ says that security mechanisms should not add to the difficulty of accessing a resource; it is an idealized version of the principle of ______, which says that security mechanisms should match the user's mental model, so he or she is not surprised by what is required.
- psychological acceptability, least astonishment
- economy of mechanism, open design
- least astonishment, least privilege
- least privilege, psychological acceptability
Question 2
Which of the following is part of the principle of fail-safe defaults?
- If an action succeeds, attackers will fail and the system will be safe.
- If an action succeeds, log entries are not made as they are unnecessary; logs record problems.
- If an action fails, the system or program shuts down to prevent any compromise.
- If an action fails, the system ensures it enters a safe state.
Question 3
Which of the following is a violation of the principle of open design?
- Keeping the code in a cryptographic library secret to keep attackers from breaking it
- Keeping source code secret to protect proprietary rights over it
- Keeping passwords and cryptographic keys secret to keep attackers from logging into systems and reading files
- Publishing a design in a classified journal to comply with a regulation
Question 4
Which principle is reflected by the structure of a castle with a moat, two walls, and a keep?
- Principle of complete mediation
- Principle of separation of privilege
- Principle of least privilege
- Principle of economy of mechanism
Question 5
Which of the following is part of the principle of fail-safe defaults?
- Grant access by default; this makes the users safe against a failure to get access to needed resources
- Neither grant nor deny access by default; when a request to access a resource is made, notify the owner of the resource to decide whether the access is safe or it should fail.
- Deny access by default
- Neither grant nor deny access by default; when a request to access a resource is made, notify a system administrator to decide whether the access is safe or it should fail.
Question 6
Which of the principles does using complex interfaces and code violate? Pick the best one.
- Principle of economy of mechanism
- Principle of least privilege
- Principle of least common mechanism
- Principle of complete mediation
Payment Options
BTT Studio provides assignment and homework help for guidance and reference purposes only.
These solutions are not to be submitted as they are.
They are intended to be used for research and reference purposes only.