Which design principle says that complex protection mechanisms should be avoided in favor of simpler ones that are easier to verify?
A CISSP practice question covering Domain 3: Security Architecture and Engineering. Try answering before reading the explanation below.
Show options & answer
Why "Economy of mechanism" is the right answer
Economy of mechanism (Saltzer & Schroeder) — simpler designs are easier to assure. Defense in depth layers controls. Fail-safe defaults say deny by default. Open design says don't rely on secret algorithms (Kerckhoffs's principle).
Study videos for this topic
Want to go deeper on Domain 3? Watch the full breakdown — every video is free, no account, no upsell.
CISSP Domain 3: Bell-LaPadula vs Biba (No More Mix-Ups)
Domain 3 — Security Architecture and Engineering
CISSP Domain 3: TPM, Reference Monitor, and TCB
Domain 3 — Security Architecture and Engineering
CISSP Domain 3: Cloud, ICS, IoT & Container Vulnerabilities
Domain 3 — Security Architecture and Engineering
CISSP Crypto: Which Key for Privacy vs Signing?
Domain 3 — Security Architecture and Engineering
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.