Skip to content

This textbook is in beta – content is actively being refined. Report issues or suggestions

14.03 User Centered Security Design - Quiz

Check your understanding

Question 1: What is the primary problem with security controls that are difficult or inconvenient for users?

  • They cost more to implement
  • They slow down system performance
  • Users find ways to circumvent them, creating new vulnerabilities { data-correct }
  • They require more technical support staff

Question 2: According to the section, what percentage of IT help desk tickets relate to security issues?

  • 30%
  • 50%
  • 70% { data-correct }
  • 90%

Question 3: Which user-centered security design principle involves “matching security to risk levels”?

  • Security transparency
  • Progressive security { data-correct }
  • Contextual guidance
  • Inclusive security

Question 4: What is an “abuse case” in security design?

  • A case where security features are too complex for users
  • A description of how malicious users might misuse system features { data-correct }
  • A scenario where security systems fail technically
  • A situation where users complain about security requirements

Question 5: In the progressive authentication example for financial aid applications, what security level is required for checking application status?

  • Username + simple PIN or biometric { data-correct }
  • Full password + SMS verification
  • Password + SMS + additional verification
  • Multi-factor authentication required

Question 6: What does “security transparency” mean in user-centered design?

  • Making all security code open source
  • Removing all hidden security features
  • Making security status visible so users understand their protection { data-correct }
  • Publishing all security policies publicly

Question 7: Which design principle focuses on providing security help exactly when users need it?

  • Progressive security
  • Recoverable security
  • Contextual guidance { data-correct }
  • Security transparency

Question 8: In the user testing simulation exercise, what was the target success rate for daily use of the new authentication system?

  • 85%
  • 90%
  • 95% { data-correct }
  • 99%

Question 9: What is a key characteristic of “inclusive security” design?

  • Including security in every system feature
  • Supporting diverse users, devices, disabilities, and contexts { data-correct }
  • Making security mandatory for all users
  • Including security training in user onboarding

Question 10: According to the section, what happens when users are overloaded with security tasks?

  • They become security experts
  • They request additional security training
  • They develop security fatigue and make poor security decisions { data-correct }
  • They automatically adapt to security requirements

Question 11: In the healthcare messaging app exercise, what was suggested as a solution for emergency access needs?

  • Disable all security during emergencies
  • Use shared emergency passwords
  • Emergency mode with admin override and audit trail { data-correct }
  • Remove authentication requirements for doctors

Question 12: What is the main business benefit of well-designed, user-centered security?

  • Lower security software costs
  • Reduced need for security policies
  • Users actively want to use security correctly, creating stronger protection { data-correct }
  • Elimination of all security vulnerabilities