Usable Security Week 6 Quiz Answer

By University Of Maryland

About this Course

This course focuses on how to design and build secure systems with a human-centric focus. We will look at basic principles of human-computer interaction, and apply these insights to the design of secure systems with the goal of developing security measures that respect human performance and their goals within a system.

Week 6 Quiz - Usable Privacy

Q1) Which of these is not a guideline for usable privacy?

Make privacy systems match users' expectations from previous experiences
Clearly indicate what information will be shared, with whom, and how.
Make privacy part of the natural workflow
Provide detailed privacy controls

Q2) A mobile app uses a phone's microphone to listen in the background for commercials, songs, and TV shows that a person is hearing in order to target ads at the user. The app does not store any information about users' conversations nor does it store recordings. Should the app disclose that it is listening to this background sound?

No, since no personal conversation data is recorded it would be inaccurate to mislead users into believing audio data is being collected.

Yes, users should be informed that sound from their environment is being collected.

Q3) Which of the following is true of privacy policies?

When people read them, they often feel like they don't understand them.
Most people read privacy policies when they register for sites.
There is a standard format that all privacy policies are supposed to follow.
Privacy policies are usually written in very technical legal language

Q4) True or false: Alternatives to privacy policies can be as effective in teaching users about how their data is shared.

True

False

Q5) Which of these attributes can be automatically inferred on social media, even if users don't provide any obvious clues.

Intelligence
Personality
Sexual Orientation
All of the Above

Q6) If a company has collected an American user's personal data without their consent, how can the user respond?

The user can file a complaint with their local police department.
They can sue the company who collected their data.
The government can file charges against the company.
They have no rights to their data.

Q7) Which of the following describes informed consent?

A person has read a system's privacy policy.
A person has agreed to use a system.
A person knows how their data is used and competently agrees to that use.
A person with a full understanding of the privacy policy agrees to share data to avoid negative consequences.

Q8) A website provides an extensive 50-printed-page privacy policy written in common language that describes every detail of how users' data is collected, used, and shared. Which of the following is true of informed consent?

The policy does not meet the requirement of minimal distraction
An average user would not consider this disclosure.
Comprehension is a challenge with this policy.
There is informed consent.

Q9) Which of the following questions is NOT answered as part of the disclosure component of informed consent?

How is an individual's identity protected?
What privacy settings do users have access to?
What information is collected?
What is the information used for?

Q10) True or false: Providing complete and detailed explanations of how data is collected and used can overwhelm the user and lead to a less usable privacy system.