# 2385: Final Exam

 Final Exam Title text: For those of you also taking Game Theory, your grade in that class will be based on how close your grade on this exam is to 80% of the average.

## Explanation

In this comic, Ponytail appears to be administering a group sitting for cybersecurity exam. However, at the beginning of the exam, she informs her students that they have all failed, despite not having taken a test yet. She then informs them that their grades are stored on the department server and will be submitted the next day. The implication here is that the true test, rather than being a traditional exam, is actually whether the students can hack into the server and change their grades. This may be a jab at education security which is known to be vulnerable to assault (not the first time XKCD has made such a joke). In real life, students have attempted to change their grades in this manner, with occasional success.

The title text adds a twist to this. In order for a student to get a good grade in the game theory class, they need to get a below-average grade on this final exam. This incentivizes the students to also change the grades of other students when they change their grade. However, this is more complicated than it seems, and depends on various factors, such as the fraction of students who take game theory in addition to cybersecurity. If, for example, half of the students also take game theory, then for all of them to get 80% of the average score, even assuming that all their non-game-theory classmates get maximum possible score, they would have to target for 2/3 (or about 67%) of the maximum possible score, to get 80% of the final average. While that would make their game theory grade perfect, it might noticeably worsen their cybersecurity grade. This gets progressively worse with the increasing fraction of students who take game theory along with cybersecurity.

In the extreme case of all cybersecurity students also taking game theory class, this degenerates into another common game theory problem: Guess 2/3 of the average of everybody's guesses. The only winning strategy is, of course, for everyone to guess 0, which means that 2/3 of the average will be 0. This assumes perfect rationality of all players with respect to the game theory problem. The catch is that here we have the same number as a grade for the cybersecurity exam and for the game theory guess. We'd like one to be as high as possible, and the other to be zero or close to zero, which are obviously conflicting goals.

To improve their overall results, students could resort to various compromises and strategies, such as increasing other students' scores against their will, or making alliances with students who might not mind taking a hit to their game theory grade (perhaps in exchange for other incentives) - these are all topics that the game theory class would have been dealing with. Specifically, this test seems to refer to the prisoner's dilemma and tragedy of the commons; if one student changes their grade to 80% of the average, they will receive high marks, but if more and more students attempt this, the gain for each one drops and tends towards zero.

The combination with cybersecurity adds another layer of complexity, in that students could, for example, also attempt to lock each other out of the server to achieve maximum control over the results to their benefit.

In the strip, there is no actual test to take. But if there was one, there would still be strategies to optimize performance without hacking the grades. One option would be to take the test normally, and then change every fifth answer to the bubble below it; using this strategy your overall grade will drop to 80% if you were at 100%, and may even raise your score if a student performed particularly poorly. The trick, though, is that other students (assuming rationality) would try this strategy as well; thus, a student may need to overcorrect more, weigh the possibilities of whether any of their classmates had followed this as well, and perform this recursively until it is most likely that the score is 80 percent of the average.

Note: All of the above is based on the assumption that the game theory mark will be directly (and not inversely) proportional to how close the cybersecurity grade is to 80% of the average. This is left ambiguous in the formulation.

Note: The above also assumes the system accepts a maximum of 100%. If (as is likely) the system allows for extra credit you could reach a Nash equilibrium by setting the non-game theory students to an arbitrary, but very high, number (say 2000%) C and then the game theory students to (C*g)/(.25+g) where g is the percentage of students not in game theory.

Note: The solution becomes trivial if the game-theory grade is stored on the same server but submitted after the cybersecurity grade. Students would simply give themselves full marks on cybersecurity, then edit the game-theory grade after cybersecurity has been submitted.

## Transcript

[Ponytail is standing in front of a whiteboard addressing someone off-panel to the left.]
Ponytail: Welcome to your final exam.
Ponytail: The exam is now over.
Ponytail: I'm afraid all of you failed.
Ponytail: Your grades have been stored on our department server and will be submitted tomorrow.
Ponytail: Class dismissed.
[Caption below the panel:]
Cybersecurity final exams

# Discussion

Perhaps add a note about how multiple people trying to achieve the same goal would be impossible, so therefore it would be a test of game theory to see how the final grades end up. You'd want to be the last one to make all the changes. 162.158.107.197 23:51, 13 November 2020 (UTC)

It's a contest to hack the grades and to lock out all of the other students from making further changes. BunsenH (talk) 00:49, 14 November 2020 (UTC)

Title text seems to be a reference to https://en.wikipedia.org/wiki/Guess_2/3_of_the_average. Anonymous3 (talk) 01:10, 14 November 2020 (UTC)

The current "change every fifth answer to the bubble below it" explanation appears to make the implausible assumption that the exam is multiple-choice. BunsenH (talk) 03:19, 14 November 2020 (UTC)

Clearly the optimal solution for both courses is to change the grade to be out of 0, thus a score of 0 being a perfect score and also meet the requirements for Game Theory. 162.158.165.54 03:28, 14 November 2020 (UTC)

great idea! i was considering adding fake students to be statistical extremes but your solution allows all students to ace both courses. ocæon (talk) 14:46, 14 November 2020 (UTC)

OMG I want so much to take this class, what an excellent final exam!172.68.65.208 05:09, 14 November 2020 (UTC)

I think the explanation above is largely correct, but I assumed this was a Zoom reference. Since during lockdown the many students she is addressing should be experiencing this through a remote meeting, for which Zoom is often chosen (I'd love an explanation as to why THAT is). Zoom has notorious security flaws which any cybersecurity student should be failed for accepting. --162.158.159.96 05:11, 14 November 2020 (UTC)

What if they run it in sandboxed virtual machine? -- Hkmaly (talk) 20:45, 14 November 2020 (UTC)

No mention of Bobby Tables? Gvanrossum (talk) 06:29, 14 November 2020 (UTC)

That was a mom intentionally hacking multiple systems. Not just school, but also population census systems. This is limited to a single test. 141.101.98.38 21:08, 14 November 2020 (UTC)

the zero length exam reminds me of 'zero day' exploits, the students have zero time to respond to the exam requirements before the conclusion of the exam. ocæon (talk) 14:39, 14 November 2020 (UTC)

I feel like Randall missed a golden opportunity for Danish (instead of generic Ponytail) to prof these classes — this seems right up her alley. TPS (talk) 16:17, 14 November 2020 (UTC)

1) Hack my Cybersecurity grade, 2) Hack the professor's computer to remove the requiring link to the grade in the other course. -Diana

There is exactly one Nash Equilibria if you set the utility function to be the sum of the cyber security grade and the game theory grade. And it would be to give yourself a 100% in cyber security - Philip Geißler

This cartoon reminded me of a programming class I took as a Freshman at MIT (Spring 1974) where the first lecture described the way the programming projects were submitted and automatically graded. "Some of you may be considering finding a way to hack the grading program to just give you a good grade. This is an acceptable way to pass this course, since it is our analysis that subverting the grading program in this way demonstrates mastery of the subject matter." OK, I know this isn't a comment about the comic, but I lust felt like tossing it in. And more relevant (possibly) was the fact that being the last semester the course was taught, the final exam questions were all inside computer programming jokes. MAP (talk) 21:55, 14 November 2020 (UTC)

Given that the grade to be manipulated is only the grade of the final exam of Cybersecurity (and therefore not the grade for the entire class), but the grade that it affects is the grade for the entire Game Theory class, that there is no reason not to collaborate, and that how "closeness" is calculated is unclear, the ideal solution is to set the grade of every Cybersecurity student who is not also a Game Theory student to 100, and set the grade of every Cybersecurity student who is also a Game Theory student to 100(100-a)/(125-a), where a is the percentage of Cybersecurity students who are also Game Theory students. This ensures all Cybersecurity students who are also Game Theory students get a perfect 4.0 GPA in Game Theory while reducing their Cybersecurity score by the smallest possible amount. DL Draco Rex (talk) 17:12, 15 November 2020 (UTC)

There is a factor you haven't accounted for - hacking carries an implicit penalty in the form of effort expended; although I would like to think students will go to any amount of effort to get a good grade, I wonder whether that is realistic. 141.101.98.124 15:38, 20 November 2020 (UTC)

I just have to say this for fans of the Dutch comedy show Rundfunk: "ALLEMAAL EEN ONVOLDOENDE!" (Any more Dutch people around?) --IByte (talk) 13:34, 16 November 2020 (UTC)

I've been thinking that hack all grade at Cibersecurity to 100% or to the minimal approval grade, should get all students approved. Unlike the Guess 2/3 of the average problem, student don't need to hit the mark to be approved, they need only to get close enough. If everyone receives maximum grade in Cybersecurity, the average will be 100% and they will be off the 80% by 20%. Assuming some linearity between the transformations of distance and grade, and that grade cannot be negative. The longest distance from 80% of average would be everybody gets maximum grade, but one who get zero, it would get closer to 80% off, as long we have a lot of students in the class. Assuming 80% off zero grade, and 0% off as maximum, 20% off would get them 75% of maximum grade, that seems enough to get approval in both classes. --Hugoxrosa (talk) 19:33, 1 December 2020 (UTC)

I have heard that some cybersecurity tests either involve defending a network or attacking one, and your final grade was how successful you were.