CSSLP Question #382: Real Exam Question with Answer & Explanation

The correct answer is C: Economy of mechanism. The security design principle of 'economy of mechanism' favors simple implementations and minimal components, thus supporting systems like single sign-on and credential managers.

Secure Software Architecture and Design

Question

Which security design principle favors simple implementations and minimal components and therefore supports using single sign on systems and credential managers?

Options

AComponent reuse
BLeast common mechanism
CEconomy of mechanism
DOpen design

Explanation

The security design principle of 'economy of mechanism' favors simple implementations and minimal components, thus supporting systems like single sign-on and credential managers.

Common mistakes.

A. Component reuse is about utilizing existing, proven components, which can be part of secure design but is not the principle focused on simplicity and minimal components.
B. Least common mechanism states that security mechanisms should not be shared between different users or entities if not strictly necessary, which is distinct from preferring simple implementations.
D. Open design means that the security of a mechanism should not depend on the secrecy of its design or implementation, which is not about simplicity or minimal components.

Concept tested. Economy of mechanism security principle

Reference. https://www.microsoft.com/security/blog/2012/03/27/security-design-principles-part-1/

Topics

#Security Design Principles#Economy of Mechanism#SSO#Architectural Simplicity

Community Discussion

No community discussion yet for this question.

Full CSSLP Practice Browse All CSSLP Questions