Human factors summary questions

The questions are randomised per student, and for these questions you will only receive correct/incorrect feedback. In Problem 1, each question has exactly one correct answer.

In Problem 2, each student will have at least one correct option, usually more. For a partially correct answer, Plussa gives feedback incorrect, but Problem 2 is accepted when the score is 12 or more, and the points are shown with a yellow background. Points only start to accumulate when more than half of the selections in the task are correct. The score alone does not directly indicate whether an individual selection is correct.

Question 1

Often, improving the security of an information system reduces usability, but the opposite can also occur. How is that possible?

The security system is first built so complete that it no longer needs updating. After that, usability is optimised with instructions and support functions based on user feedback.

The importance of security arrangements is instilled so clearly in users that their sense of security improves and any usability problems no longer seem important.

Usability features and security measures are built into the system at the same time as the system itself, and these aspects are tested alongside functionality.

Security-critical parts of the information system are separated and their security is improved at the expense of usability. The security of less critical parts is reduced to improve usability.

Question 2

What does it mean for usability if one design goal of a secure system is to make misuse very difficult?

The goal has very little to do with usability.

The system’s security becomes an integral part of usability.

The system will likely become unusable.

The system cannot be made secure in this respect.

Question 3

In information security, striving for usability

is contradictory, because usability usually also makes things easier for the attacker.

means reducing the effectiveness of security systems, because more resources are needed.

has, to some extent, replaced the traditional information security goal of availability.

can be difficult if the security task must be adapted to many different types of users.

Question 4

When human factors are involved in a security failure,

it is because humans are the weakest link in security.

the reason is that security tools are too complex.

it is due to poor security instructions and practices.

it is often influenced by user error, which may have many causes, including ones not directly dependent on the user.

Question 5

What types of social engineering attacks are included in the following example? ”In the lobby of Hipster Inc., several groups of employees are returning from lunch, and one person opens the door for everyone else using their access card. Shortly after this, one of the employees receives an email from a client stating that they likely dropped their USB drive in a Hipster Inc. meeting room during yesterday’s meeting. The drive contains an important file that the client needs immediately. The employee goes to find the drive and sends the file to the client by email. After some time, the client replies, puzzled to receive an unsolicited document containing cat pictures. The employee contacts the information security officer, and malware is found on the employee’s computer.”

Tailgating and waterholing

Baiting and phishing

Pretexting and tailgating

Baiting and CEO fraud

Question 6

When promoting cybersecurity awareness, the goal is

to get people to practise cybersecurity skills.

to get people to see security as something they can influence themselves.

to teach people how to act securely.

to create a secure organisational culture.

Question 7

A successful social engineering attacker may be able to do and know all the things listed in the options, but most importantly, they

are technically skilled and good at speaking.

infiltrate the target’s circle of acquaintances.

are able to create an atmosphere in which refusal is difficult.

bend the rules governing the target to support their goals.

Question 8

The way cybersecurity is discussed,

can also involve engaging the audience.

is not important for achieving security.

is best when it consists of clear instructions.

often emphasises too little the seriousness of security threats and incidents.

Select the correct statements. You may select one or more options.

Question 1

Social engineering attacks can consist of different components and can vary greatly from one another.

A common feature of social engineering attacks is deceiving ignorant and gullible people.

Listening to employees on security matters improves security.

Incorrect mental models related to security can be eliminated through education.

An organisation’s security culture consists of cybersecurity awareness, education, and training.

Attacks can exploit people’s tendency to develop routines in their work.

Organisations can hardly influence the number of human errors.

Hidden issues, for example in systems consisting of multiple subsystems, are the main cause of security risks.

Users’ capability limitations reduce usability.

Considering the physical and social context is part of usability.

Taking security into account rarely happens automatically for users; it requires attention.

Posting submission...