Usable Security Week 4 Quiz Answer

Niyander October 02, 2021
Usable Security Week 4 Quiz Answer



Usable Security Week 4 Quiz Answer

By University Of Maryland



About this Course

This course focuses on how to design and build secure systems with a human-centric focus. We will look at basic principles of human-computer interaction, and apply these insights to the design of secure systems with the goal of developing security measures that respect human performance and their goals within a system.




 Week 4 Quiz - Guidelines for Usable Security 




Q1) What is the principle of least privilege?
  • Users are given limited administrative privileges in a secure system
  • The least privileged users are not allowed to use a secure system
  • A system should be able to access only the information it needs to perform its functions



Q2) Which of the following is not a guideline for creating usable security systems?
  • Create interfaces that make it clear what software the user is interacting with and providing information to
  • Make sure users know what authority they hold
  • Make sure that users know what authority they have granted and what that means for security decisions
  • Prevent users from granting authority unless their request is approved by the security staff



Q3) Which of the following is a good guideline about showing detail to users?
  • Show a level of detail that's informative and useful to the user, and no more than that
  • Show users a much technical detail as possible so they can make an informed decision
  • Withhold all details from users because it will only confuse them


Q4) If you are warning users about a security problem that has been detected, which is the best message to show them?
  • A detailed technical description of the error so the user can make the most informed decision about what action to take
  • A message that alerts them to the error and makes the most obvious option the one that stops the user from proceeding. A small link is given to ignore the warning and proceed
  • A subtle message at the top of the page that a user can see but that will not interrupt their workflow.



Q5) In a system where a person can grant authority to others to his or her own access resources, which of the following is true?
  • The interface should help users be aware of what authority they have granted in the past
  • The easiest way to do a task should require the most minimal granting of authority
  • Authority should be granted without requiring the user to explicitly give consent
  • Users should be able to reduce the authority granted to others




Q6) True or False: A design guideline for creating usable secure systems is to make the most secure way to complete a task the easiest way to complete the task.
  • True
  • False


Q7) For an average user, which of the following is the most usable way to set file permissions?
  • A graphical user interface menu with options the user, group, and global permissions, next to which a user can check boxes labeled "r", "w", and "x" to grant permission
  • unix command line based access using the chmod command
  • A pop up menu that allows a user to select a document as "private", "shared with select users", or "public". If one of the latter two options are selected, the user is then prompted to select "others can read" or "others can edit"




Q8) Which guideline is violated when an interface does not make capitalization differences unambiguous (e.g, a lower case "L" and capital "i" appear to be the same thing)
  • Make it easy for users to control access to their resources
  • Show a level of detail that's informative and useful to the user, and no more than that
  • Make it easy to see the differences between objects and actions that could be confused



Q9) True or false: Users should be aware of what authority they hold, what authority they have granted, and what the implications are for security decisions
  • True
  • False


Q10) Which of the following is true?
  • The more usable a system is, the less secure it is because users do not understand security, so to make a usable system, security must be downgraded or left off.
  • The more usable a system is, the more secure it is because usable systems help users make good security decisions and easily choose the most secure actions












-----------------------------------------------------------------------------------------------------------------------------------




-----------------------------------------------------------------------------------------------------------------------------------




Tags
Reactions

Post a Comment

1 Comments