Security Principles Quiz

Questions and Answers

What does the principle of separation of privilege suggest?

• Security mechanisms should be compared with the resources of an attacker during design.
• Users should have separate channels to access resources to prevent security problems. (correct)
• Intrusions should be recorded rather than adopting sophisticated prevention measures.
• Security settings should adhere to what an ordinary user might expect.

What principle states that every access to a resource must be checked for compliance with a protection scheme?

• Complete mediation (correct)
• Work factor
• Least privilege
• Psychological acceptability

According to the principle of least privilege, a system protecting military secrets should have what type of security measures?

• Ease of circumventing security mechanisms.
• Less sophisticated security measures compared to a system protecting student grades. (correct)
• Reinforcing doors and windows against physical attacks.
• Sophisticated intrusion recording mechanisms.

Which principle suggests that a system should require users to sign on again after a certain period of time to enhance security?

Least common mechanism (A)

What is the main concept behind the principle of least common mechanism?

Avoiding shared mechanisms to reduce the impact of security breaches. (D)

Which principle advocates that the security architecture and design of a system should be publicly available?

Open design (D)

How is the work factor principle related to the design of security schemes?

Comparing the cost of circumventing security mechanisms with attacker resources. (C)

Which security principle stresses simplicity in the design and implementation of security measures?

Least common mechanism (C)

What does the principle of psychological acceptability emphasize in user interfaces?

Ensuring interfaces are well designed and intuitive. (B)

Which concept states that performance improvement techniques should not save the results of previous authorization checks?

Complete mediation (D)

Which system would likely require more sophisticated security measures: one protecting student grades or one protecting military secrets?

One protecting military secrets (A)

Which principle allows for the scrutiny of a system by multiple parties?

Open design (C)

Which principle emphasizes that security should rely on keeping cryptographic keys secret?

Work factor (C)

Which security principle states that the default configuration of a system should have a conservative protection scheme?

Least privilege (C)

In security, which principle involves integrating multiple data sources to determine the source of specific information?

Work factor (C)

Which security principle emphasizes limiting users' access rights to only what is necessary for their tasks?

Separation of privilege (A)

Which security principle focuses on ensuring that system designs are comprehensible by developers and users?

Least common mechanism (A)

Which security principle relates to the efficiency in the development and verification of enforcement methods?

Least privilege (D)

Flashcards are hidden until you start studying