Let A be аn n x n invertible mаtrix. Which оf the fоllоwing is/аre true? A. The last column in the rref([ A e1 ]) is the first column of A-1. B. If x is any vector in then x is in the column space of A. C. dim(Nul A) = n.
PulseFit is а mоdern fitness center thаt uses а smart membership management system. Members check in by scanning a persоnalized RFID wristband at the entrance. The wristband is linked tо their profile, which contains personal data, fitness preferences, and attendance history, stored in a cloud-based backend managed by a third-party vendor. Members can also use the gym's mobile app to: Schedule classes View their workout stats Receive personalized health tips and promotions Instructors use a separate tablet interface to log class attendance and provide performance feedback. Each action (check-in, class sign-up, workout completed) is logged and sent to the cloud. A new feature has recently been added, allowing members to receive discount coupons via email when they complete a certain number of workouts per month. An attacker manages to intercept unencrypted API calls between the mobile app and the backend server, gaining access to user workout logs, emails, and coupon codes. Furthermore, the attacker reverse-engineers the API to forge requests, allowing them to: Log fake workouts Receive reward coupons fraudulently Access another user’s profile without authentication by modifying the user ID in API requests Task: Using the STRIDE threat modeling methodology, answer the following: A. Threat Enumeration (20 points): Enumerate one specific threat present in this scenario. Your answer should adhere to the structured format for threat statements introduced during class discussions and exercises. B. STRIDE Classification (10 points): Identify the STRIDE threat class that best corresponds to the threat you described in (A). Briefly justify your answer (maximum length 1 paragraph). Rubric Task A: Threat Enumeration (20 points) Criteria Excellent (20 points) Good (15-19 points) Developing (10-14 points) Needs Improvement (0-9 points) Structured Format (10 points) The threat statement perfectly adheres to the required structured format. The threat statement largely adheres to the structured format, with minor omissions or slight deviations that do not impede clarity. The threat statement attempts a structured format but has significant deviations or missing components, which impact clarity. The threat statement does not use the structured format, or the attempt is so poor that it renders the statement incomprehensible as a structured threat. Specificity and Accuracy of Threat (10 points) The enumerated threat is particular, directly derived from the scenario, and accurately describes a distinct security concern. The enumerated threat is specific and generally accurate, but may lack a minor detail or have a slight misinterpretation of the scenario. The enumerated threat is too broad, partially inaccurate, or only vaguely related to the scenario. The enumerated threat is incorrect, irrelevant, or absent. Task B: STRIDE Classification & Justification (10 points) Criteria Excellent (10 points) Good (7-9 points) Developing (4-6 points) Needs Improvement (0-3 points) Correct STRIDE Classification (5 points) Accurately identifies the primary STRIDE threat class that best fits the enumerated threat from Task A. Identifies a plausible STRIDE threat class, but it might not be the absolute best fit, or there's a minor nuance missed. Identifies an incorrect STRIDE threat class, but it shows some understanding of STRIDE concepts. Identifies a completely incorrect STRIDE threat class, or no classification is provided. Clear and Concise Justification (5 points) Provides a clear, logical, and concise justification (within one paragraph) that directly explains why the chosen STRIDE class applies to the specific threat identified in Task A, referencing elements from the scenario. Justification is within length limits. Provides a generally clear justification (within one paragraph) that explains the classification, though it might be slightly less precise or comprehensive. Justification is within length limits, or slightly over (no penalty if over by max 1-2 sentences). The justification is weak, contains irrelevant information, or does not connect the STRIDE class to the specific threat. It may significantly exceed the length limit. (If length is the only issue, max -2 points deduction applied here.) The justification is absent, incoherent, contradicts the classification, or shows a fundamental misunderstanding of the STRIDE model about the scenario. If the justification exceeds the limit significantly and the content is also poor, it has a substantial impact on the score.