Arguably, the most secure encryption $/$ decryption algorithm, called Rijndael, that is used for the advanced encryption system $($AES$)$ in USA is not a secret. It is available in public domain which makes it more secure because the adversary can try breaking it if they can. Having an algorithm in public domain like this is an example of the security design practice called

Question $7$ options:

minimization of implementation.

least astonishment.

authorization.

open design.

Question $8($Mandatory$)(10$ points$)$

Vulnerabilities in a software or hardware system are not always known. The ones that are not known are called zero$-$day vulnerabilities because once they are discovered by the adversary, you have zero days to do something. The vendors usually find a solution as soon as they discover a zero$-$day vulnerability and contact the buyers directly to either update their software or send them the solution. This design practice is called

Question $8$ options:

logging and auditing.

updates and patches.

backups and restorations.

usability.

Question $9($Mandatory$)(10$ points$)$

Saved

The router that we bought had the options to have secure communications with multiple brands, but we use only one brand. Therefore, we turned off the security features regarding all other brands. This is an example of a design practice called

Question $9$ options:

updates and patching.

separation of domain.

least privilege.

minimization of implementation.

Question $10($Mandatory$)(10$ points$)$

Earlier versions of our software had only one user account and password combination for the administrator. Now, we ship it with a hierarchy of passwords so that they should enter multiple passwords for more sensitive functions. This is a security design practice called

Question $10$ options:

separation of domains.

access control.

least astonishment.

modularity.