Answered step by step
Verified Expert Solution
Question
1 Approved Answer
Question 1 ( Mandatory ) ( 1 0 points ) New Brooklyn Bank employees have a problem sometimes. They complain that the customers are unhappy
Question Mandatory points
New Brooklyn Bank employees have a problem sometimes. They complain that the customers are unhappy when they tell them that they have to wait for other people to do parts of the acount management job. The employees say that each of them should be able to complete all parts of account management so that it can be done by one person in one meeting with the client. The bank claims that it is necessary that different employees are responsible for different parts of the job so that if there is a security flaw in the process, it can be identified as relating to one specific employee. They say this design practice is called
Question options:
access control.
least privilege.
separation of domains.
minimization of implementation.
Question Mandatory points
Our company just acquired a new software that requires two of three methods to login to use it It says that one should use two of the following three: 'something you are', 'something you have', or 'something you know'.
This is a best practice to implement
Question options:
usability.
modularity.
minimization of implementation.
authentication which is part of access control.
Question Mandatory points
Our company executives have two types of accounts, in one type they can access all company resources, and in the other one they use a small subset of resources, such as just the email. The idea is not to use a highly privileged account for something that does not require access to everything. This is an example of implementing
Question options:
separation of domains.
least privilege.
account auditing.
usability.
Question Mandatory points
The new database system that our bank has acquired has an interesting behavior. If even a legitimate user causes a system failure, the whole system shuts out until the administrator verifies that there is no attack going on and restarts the database system. We are told that this is an example of security design practice called
Question options:
separation of domains.
least astonishment.
access control.
fail secure
Question Mandatory points
Our company redesigned the user interface for our best seller security app. The display showed all the previous functions with some differences from the previous version in that the icons were on different places on the screen. Some of our customers complained that we have not cared about the design principle called
Question options:
least astonishment.
updates and patches.
modularity.
access control.
Question Mandatory points
Our company has completely redesigned our main security app so that it is broken down into independent parts that have welldefined interfaces with exactly two other parts, one to get information and the other to provide information to In this way, our future versions will not need to be designed and replaced in entirety. Instead, only the part undergoing improvement is replaced by update, just like major operating systems do This is design practice called
Question options:
modularity.
open design.
separation of domain.
least privilege.
Question Mandatory points
Arguably, the most secure encryption decryption algorithm, called Rijndael, that is used for the advanced encryption system AES in USA is not a secret. It is available in public domain which makes it more secure because the adversary can try breaking it if they can. Having an algorithm in public domain like this is an example of the security design practice called
Question options:
minimization of implementation.
least astonishment.
authorization.
open design.
Question Mandatory points
Vulnerabilities in a software or hardware system are not always known. The ones that are not known are called zeroday vulnerabilities because once they are discovered by the adversary, you have zero days to do something. The vendors usually find a solution as soon as they discover a zeroday vulnerability and contact the buyers directly to either update their software or send them the solution. This design practice is called
Question options:
logging and auditing.
updates and patches.
backups and restorations.
usability.
Question Mandatory points
Saved
The router that we bought had the options to have secure communications with multiple brands, but we use only one brand. Therefore, we turned off the security features regarding all other brands. This is an example of a design practice called
Question options:
updates and patching.
separation of domain.
least privilege.
minimization of implementation.
Question Mandatory points
Earlier versions of our software had only one user account and password combination for the administrator. Now, we ship it with a hiera
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started