Could be false. The stimulus does not state a value judgment about what users should not do. We know that written passwords pose the greatest security threat, but it is possible there are other reasons to write passwords down that outweigh these risks.

Could be false. The stimulus tells us that users who forget their passwords use up the administrator’s time, but we don’t have any information about how much this costs. It is possible that a system administrator’s time is not expensive.

Must be true. The stimulus tells us that very difficult passwords to remember are usually written down, a practice that poses the greatest security threat. If this practice poses the greatest threat, then the threat associated with passwords that are easy to guess is less.

Could be false. The stimulus tells us that these passwords are the easiest for legitimate users to forget. If they are the hardest to remember, then users may choose to write them down, and passwords that are written down pose the greatest security threat.

Could be false. The stimulus does not describe a proportional relationship between security risk and the ease of remembering a password. It is possible that there is a point where the security level maximizes even though the password could change to become easier to remember.