Most students with ADHD have IQ scores in what range?
Questions
Mоst students with ADHD hаve IQ scоres in whаt rаnge?
A smаll independent cоffee shоp, The Dаily Grind, hаs recently deplоyed a cloud-based customer loyalty program. Customers register via a tablet at the counter, providing their name, email address, and preferred drink. Each purchase earns loyalty points, which are recorded in a cloud-hosted database managed by a third-party vendor. When a customer reaches a certain number of points, the system automatically sends an email containing a unique QR code that can be redeemed at the counter for a free drink. Employees scan the QR code to validate the reward. The system aims to be efficient, improve customer retention, and simplify reward tracking. However, in a recent incident, a malicious actor gained unauthorized read-only access to the cloud database. The attacker could: View all customer names, email addresses, and purchase histories. Exploit a vulnerability in the QR code generation logic, allowing them to generate valid QR codes for free drinks without earning points. They could not alter or inject new data into the database. Task: Using the STRIDE threat modeling methodology, answer the following: A. Threat Enumeration (20 points): Enumerate one specific threat present in this scenario. Your answer should adhere to the structured format for threat statements introduced during class discussions and exercises. B. STRIDE Classification (10 points): Identify the STRIDE threat class that best corresponds to the threat you described in (A). Briefly justify your answer (maximum length 1 paragraph). Rubric Task A: Threat Enumeration (20 points) Criteria Excellent (20 points) Good (15-19 points) Developing (10-14 points) Needs Improvement (0-9 points) Structured Format (10 points) The threat statement perfectly adheres to the required structured format. The threat statement largely adheres to the structured format, with minor omissions or slight deviations that do not impede clarity. The threat statement attempts a structured format but has significant deviations or missing components, which impact clarity. The threat statement does not use the structured format, or the attempt is so poor that it renders the statement incomprehensible as a structured threat. Specificity and Accuracy of Threat (10 points) The enumerated threat is particular, directly derived from the scenario, and accurately describes a distinct security concern. The enumerated threat is specific and generally accurate, but may lack a minor detail or have a slight misinterpretation of the scenario. The enumerated threat is too broad, partially inaccurate, or only vaguely related to the scenario. The enumerated threat is incorrect, irrelevant, or absent. Task B: STRIDE Classification & Justification (10 points) Criteria Excellent (10 points) Good (7-9 points) Developing (4-6 points) Needs Improvement (0-3 points) Correct STRIDE Classification (5 points) Accurately identifies the primary STRIDE threat class that best fits the enumerated threat from Task A. Identifies a plausible STRIDE threat class, but it might not be the absolute best fit, or there's a minor nuance missed. Identifies an incorrect STRIDE threat class, but it shows some understanding of STRIDE concepts. Identifies a completely incorrect STRIDE threat class, or no classification is provided. Clear and Concise Justification (5 points) Provides a clear, logical, and concise justification (within one paragraph) that directly explains why the chosen STRIDE class applies to the specific threat identified in Task A, referencing elements from the scenario. Justification is within length limits. Provides a generally clear justification (within one paragraph) that explains the classification, though it might be slightly less precise or comprehensive. Justification is within length limits, or slightly over (no penalty if over by max 1-2 sentences). The justification is weak, contains irrelevant information, or does not connect the STRIDE class to the specific threat. It may significantly exceed the length limit. (If length is the only issue, max -2 points deduction applied here.) The justification is absent, incoherent, contradicts the classification, or shows a fundamental misunderstanding of the STRIDE model about the scenario. If the justification exceeds the limit significantly and the content is also poor, it has a substantial impact on the score.