Secure Design Tenets 1
Which statements accurately describe the principle of least privilege?
1. Least privilege may be applied for application runtime
2. Least privilege is applied to human users only
3. Lowest level of rights for user to perform their current task
4. Highest level of rights for a limited period only
1. Least privilege may be applied for application runtime
3. Lowest level of rights for user to perform their current task
Which of these statements accurately describe the purpose of the design principle of least common mechanism?
1. To avoid unintentional sharing of information
2. Generate pathways for information sharing amongst users
3. Eliminate potential pathways for information sharing
4. Generate pathways for information sharing among processes
1. To avoid unintentional sharing of information
3. Eliminate potential pathways for information sharing
Which access control mechanism provides the owner of an object the opportunity to determine the access control permissions for other subjects?
Mandatory
Role-based
Discretionary
Token-based
Discretionary
Which of these statements best describe secret sharing and splitting?
1. Typically applied in situations involving very sensitive information
2. Only one of the participants has their true secret
3. Multiple participants allocated a share of the secret
4. Any single share may be used to generate the full secret
1. Typically applied in situations involving very sensitive information
3. Multiple participants allocated a share of the secret
Which of these statements accurately describe psychological acceptability principles?
1. Security should be perceived to impede
2. Users should not factor into security design
3. Security should be easy for users
4. Security should be simple and transparent
3. Security should be easy for users
4. Security should be simple and transparent
What was described in the chapter as being essential in order to implement discretionary access controls?
Object owner–defined security access
Certificates
Labels
Security classifications
Object owner–defined security access
Which of these statements accurately describes security zones?
1. Avoids flat networks
2. Makes use of flat networks
3. Avoids network segmentation
4. Uses network segmentation
1. Avoids flat networks
4. Uses network segmentation
Which of these are advantages to leveraging existing components?
1. Larger failure footprint
2. Security testing already in place
3. Fewer new vulnerabilities
4. Increased attack surface area
2. Security testing already in place
3. Fewer new vulnerabilities
Which statement accurately describes the principle of failsafe?
1. Only exceptions adhere to the principle of failsafe
2. In the event of failure, the system should be shut down
3. Errors should not display detailed error messages
4. In the event of failure, assets must be protected
3. Errors should not display detailed error messages
4. In the event of failure, assets must be protected
Complete mediation is an approach to security that includes what?
Protecting systems and networks by using defense in depth
A security design that cannot be bypassed or circumvented
Using interlocking rings of trust to ensure protection to data elements
Using access control lists to enforce security rules
A security design that cannot be bypassed or circumvented
How are essential services and protocols typically determined?
1. Start with all protocols and eliminate non-essentials
2. Start with minimal services and activate as required
3. Start with minimal protocols and activate as required
4. Start with all services and eliminate non-essentials
2. Start with minimal services and activate as required
3. Start with minimal protocols and activate as required
Using the principle of keeping things simple is related to what?
Layered security
Simple Security Rule
Economy of mechanism
Implementing least privilege for access control
Economy of mechanism