Week 2 Quiz 2 Security Principles

What is the principle that advocates for giving users and processes only the minimum privileges needed to perform their functions?

According to the presentation, what is the core concept of "Fail-Safe Defaults"?

Role-Based Access Control (RBAC) simplifies privilege management by assigning permissions based on what?

How does the Principle of Least Privilege (PoLP) help to reduce the attack surface of systems?

A company's new file server is configured to block all inbound and outbound network traffic by default. The administrator must then create specific rules to allow necessary services like HTTP and SSH. This configuration is an example of which secure design principle?

A large corporation has different levels of employees: Admins, HR staff, and Finance Team members. The company uses a system that automatically grants access to specific files and applications based on these defined job functions. This approach is an effective implementation of which security concept?

A software development team is creating a new application. They decide to design the application so that if a component fails, it will stop all operations until the issue is resolved, rather than continuing to run in a potentially vulnerable state. By adopting this approach, which security principle are they prioritizing?

A junior data analyst is given access to a database. They are only allowed to view customer data for reporting purposes but are explicitly denied permissions to modify or delete any records. Which principle is being enforced in this scenario to reduce potential damage from accidental or malicious misuse?

An organization is deciding between two security models. Model A grants every employee full access to all company data and systems by default, while Model B restricts all employee access by default, only granting specific permissions when a request is approved. Which model is more aligned with the principle of "Deny by default, permit by exception," and why is this model safer?

A hospital's IT department is implementing new security protocols. They decide that a backup service should only have the permissions necessary to access and back up patient records, and nothing else. They also implement a policy that requires a nurse to manually enable file sharing on their computer each time they need it. How do these two actions collectively demonstrate the application of secure design principles?