Based on model 1, consumer purchase volume from prime member consumers (i.e., prime_card =1) is (1)_______________ (a. higher, b. smaller; 2 points) by (2) _______________ (number; 1 points) than that of non-prime card member consumers (i.e., prime_card =0; the base group) at statistically (3) _______________ (a. insignificant, b. significant 10%, c. significant 5%, d. significant 1%; 1 point).

A patient has been prescribed bisacodyl (Dulcolax) for constipation. This medication ___________________.

Identify which of the following orbital diagrams are for phosphorus.   

These questions are related to design principles for secure systems. I. Consider a security screening setting like the one that is done at airports before travelers are allowed to board flights. Assume a certain airport uses the following screening protocols.1. Everyone, except those who are explicitly exempted, must undergo the security screening.2. All travelers go through the first screening stage. A subset of travelers are also flagged for a second screening.3. Once successfully screened, travelers only have access to the areas of the airport where their gates are located. What security design principle can be used to explain each of the above choices made for air travel security? Explain your answers. (2+2+2)II. The “Reflections on Trusting Trust” paper described a trojan in a compiler binary that could not be detected even if we had access to and examined the source of the compiler. We discussed how the defense-in-depth principle can help us detect if the trojan exists in a compiler by using two independently developed compilers when at least one of them is correct. We could determine if one of the compilers has the trojan but could not ascertain which one is malicious. To answer this question, the following idea is suggested. Instead of two, we will get three independently developed compilers such that no more than one could be malicious.1. If at least two of the compilers are good, can we use these three compilers to detect the bad one when one exists? (1 pts.)2. Explain your answer to question 2.1. More specifically, if your answer is no, explain why this is not possible. If the answer is yes, show how the bad compiler can be identified. (3 pts.)

These questions are from the discretionary and mandatory access control modules. All students in a class belong to a group G and are able to access class resources because G is granted the necessary permissions. Assume Alice has tested out of a topic and does not need to take the quiz on this topic. The professor does not want Alice to have access to this quiz but wants Alice to remain in group G so she can access other resources. Also, the professor wants to grant access to the quiz to all other students by granting the desired access to G. The mechanisms provided by various operating systems can be used to meet this access control requirement. Explain how this can be achieved most efficiently and correctly in Linux with extended access control lists (EACLs) and in Windows. First, provide the access control entries (ACEs) with their types and permissions for the quiz in each system. After this, discuss which of these ACEs will be checked when Alice tries to access the quiz. (2+2+2+2  pts.) The Bell and La Padula (BLP) and Biba models address confidentiality and integrity of data in a system that supports mandatory access control.. A system follows the read-down rule of BLP, but writes by a user are only allowed at the user’s level (no writes to higher levels are allowed). Does this system satisfy the requirements of the BLP and Biba models? First, describe the BLP and Biba requirements and then explain if the requirements of each model are satisfied. (2+2+2+2 pts.) If both models are used simultaneously by a system and object O has the highest sensitivity level (e.g., top secret), what level of integrity should be assigned to O based on Biba? Is there a drawback to using both of these models at the same time? Provide a brief explanation. (1+2 pts.) A certain company has many customers and some of them have conflict-of-interest (CoI) relationships. Also, employees can only access company data by executing applications approved by the company based on their roles or functions in the company. The people responsible for access provisioning in this company came up with the following scheme.  All files of a given customer must be stored in a single directory. Initially, users are allowed to execute applications based on their needs and each application can access files needed by it. Access could be removed when applications execute. In particular,  when user U executes application A which accesses files from customer C’s directory, access to all files in directories of customers who have a CoI relationship with C is turned off for application A when it is executed by U.   Give two examples of policies discussed in the mandatory access control module of the course that could be used to control access to documents by this company. Explain your answer by discussing the specific access requirements identified by the company that are satisfied by each policy. (4+4 pts.)  Does the suggested implementation correctly implement each policy that you recommend for the company? Provide a brief justification for your answer. (2+2 pts.)

Regina is a 13-year old girl in 8th grade with spina bifida who is recently went through puberty, and is having difficulty managing her occupations around menstruation in the school and community settings (e.g., at the mall, at dance class). Which of the following standardized assessment tools would be the best option to understand Regina’s occupational performance in this area? Select all that apply. Note that any assessments used MUST follow the protocols set by the manual, not be used in a non-standardized way.

Please read the case of EMMA. Which of the following statements would be found in the BEHAVIOR portion of Emma’s evaluation report?  

Standardized tests can be given in a non-standardized way. Which of the following represents an APPROPRIATE reason for giving a standardized test in a non-standardized way?

David is a 7-year old boy who has been receiving occupational therapy services for 3 years in a school setting for a developmental delay. He is going to be re-evaluated for his eligibility for occupational therapy services in the educational setting during his triennial review (i.e., a re-evaluation that occurs every 3 years in schools for children with IEPs to determine eligibility for services). Which assessments are MOST appropriate to administer?

Which of the following is a characteristic of the Philips business evolution (history) and supply chain philosophy?