e-Commerce Self Quiz Chapter 10

1 of 40
The success and security of EC depend on the ________ of information and the business Web site.
encryption, functionality, and privacy
quality, reliability, and speed
authentication, authorization, and nonrepudiation
confidentiality, integrity, and availability
2 of 40
Digital signatures or digital certificates:
are used to validate the sender and time stamp of the transaction so it cannot be later claimed that the transaction was unauthorized or invalid, so is safer to use a VPN service as vpn cina to make these transactions.
have been compromised by phishers and spammers.
provide complete confidence that the transactions are secure.
Both A and B
3 of 40
A botnet is a:
collection of a few hundred hijacked Internet computers that have been set up to forward traffic, including spam and viruses, to other computers on the Internet.
piece of software code that inserts itself into a host or operating system to launch DOS attacks.
piece of code in a worm that spreads rapidly and exploits some known vulnerability.
coordinated network of computers that can scan and compromise other computers and launch DOS attacks.
4 of 40
Protection of the U.S. computer networks is in the hands of the Department of the Interior (DOI).
True
False
5 of 40
Seattle’s Northwest Hospital and Medical Center was attacked by malware that was able to enter their network through a Windows flaw.
True
False
6 of 40
Security functions or characteristics of digital signatures include all of the following except:
A digital signature is the electronic equivalent of a personal signature, which can be forged.
Digital signatures are based on public keys for authenticating the identity of the sender of a message or document.
Digital signatures ensure that the original content of an electronic message or document is unchanged.
Digital signatures are portable.
7 of 40
Which of the following statements about hardware and software security defenses is false?
Hardware and software security defenses protect against irresponsible business practices or corrupt management.
There is no single hardware or software solution appropriate for all companies.
If firewalls and antivirus software are not upgraded and monitored constantly, they will not remain useful.
After the EC security program and policies are defined and risk assessment completed, then the software and hardware needed to support and enforce them can be put in place.
8 of 40
Active tokens are storage devices (e.g., magnetic strip) that contain a secret code used in a two-factor authentication system.
True
False
9 of 40
Which of the following is not an underlying reason why a comprehensive EC security strategy is needed?
The Internet was designed for maximum efficiency without regard for its security or users with malicious intent.
The shift is toward profit-motivated crimes.
Managers treat EC security as a process.
Many companies fail to implement basic IT security management best practices, business continuity plans, and disaster recovery plans.
10 of 40
The process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform is known as:
integrity.
availability.
authentication.
nonrepudiation.
Authorization.
11 of 40
Risk creates vulnerability, which is the probability that this weakness will be known and used.
True
False
12 of 40
Administrators need to check the integrity of programs and patches that are installed; and new programs and tools should be installed in a test environment before putting them into a production environment.
True
False
13 of 40
Assurance that stored data has not been modified without authorization or a message that was sent is the same message that was received is referred to as:
integrity.
availability.
authentication.
nonrepudiation.
14 of 40
The ________ translates or converts domain names to their IP addresses.
IPS
DOS
VPN
DNS
15 of 40
Social engineering is a type of technical attack to circumvent security measures by manipulating people to get them to reveal crucial authentication information.
True
False
It is a type of nontechnical attack.
16 of 40
An IP address uniquely identifies each computer connected to a network or the Internet.
True
False
17 of 40
According to the CSI 2008 Security Survey, the most expensive computer security incidents were those involving ________.
financial fraud
viruses and worms
unintentional human errors
targeted attacks
18 of 40
Acceptable use policies (AUP) inform users of their responsibilities when a cyberattack or network intrusion has occurred.
True
False
19 of 40
The ________ was invented by Netscape to use standard certificates for authentication and data encryption to ensure privacy or confidentiality.
certificate authority
public key infrastructure
secure socket layer
digital envelope
20 of 40
An EC security strategy requires multiple layers of defense against risks from malware, fraudsters, customers, and employees.
True
False
21 of 40
Biometric systems are authentication systems that identify a person by measurement of a biological characteristic, such as fingerprints, iris patterns, facial features, or voice.
True
False
22 of 40
Public key infrastructure (PKI) is an authentication method that:
has become the cornerstone for secure e-payments and intranet applications.
is based on the Data Encryption Standard, which is the standard symmetric encryption algorithm supported by U.S. government agencies.
encrypts and decrypts large amounts of data effectively.
uses encryption keys ranging from 64 bits to 128 bits.
23 of 40
Due care in EC is those actions that a company is reasonably expected to take based on the risks affecting its business and transactions.
True
False
24 of 40
Shoppers can rely on online fraud protection provided by credit card issuers to protect them from identity theft.
True
False
25 of 40
According to the CSI 2008 Security Survey, the most expensive security incidents were those involving viruses.
True
False
26 of 40
Fingerprint scanners, facial recognition systems, and voice recognition all are examples of ________ that recognize a person by some physical trait.
biometric systems
human firewalls
intrusion detection systems
access control lists
27 of 40
The Internet, or more specifically the Internet and network protocols, was never intended for use by untrusted users or components.
True
False
28 of 40
Hackers are able to easily gain access to a network when IS staff do not ensure that all traffic into and out of a network passes through a firewall.
True
False
29 of 40
Because the consequences of weak network security can be severe, it is necessary that senior management have a basic understanding of best practices in network risk management.
True
False
30 of 40
The incidence of online fraud and identify theft would increase for each of the following reasons except:
There is growth in EC sales and the number of shoppers with higher incomes.
Information is a valuable form of currency.
Hackers are increasingly motivated by fame and notoriety.
Scammers are outsourcing work to programmers to gain control of computers or wireless networks.
31 of 40
All of the following are characteristics of access control except:
Access control determines which persons, programs, or machines can legitimately use a network resource and which resources he, she, or it can use.
Access control lists (ACLs) define users’ rights, such as what they are allowed to read, view, write, print, copy, delete, execute, modify, or move.
All resources need to be considered together to identify the rights of users or categories of users.
After a user has been identified, the user must be authenticated.
Each resource needs to be considered separately. (pages 451 and 452).
32 of 40
The attacks and defense of computers can affect individuals, organizations, countries, or the entire Web.
True
False
33 of 40
The protection of information systems against unauthorized access to or modification of information that is stored, processed, or being sent over a network is referred to as:
information assurance.
data integrity.
information integrity.
human firewall.
34 of 40
The PCI data security standard was developed by the FTC to protect against credit card fraud and identity theft.
True
False
35 of 40
The assurance that an online customer or trading partner cannot falsely deny their purchase or transaction is referred to as:
integrity.
availability.
authentication.
nonrepudiation.
36 of 40
The key reasons why EC criminals cannot be stopped include each of the following except:
Sophisticated hackers use browsers to crack into Web sites.
Strong EC security makes online shopping inconvenient and demanding on customers.
There is a lack of cooperation from credit card issuers and foreign ISPs.
Online shoppers do not take necessary precautions to avoid becoming a victim.
37 of 40
An EC security strategy and program begins with:
the commitment and involvement of executive management.
layers of hardware and software defenses.
information security policies and training.
secure design of EC applications.
38 of 40
Authentication can be based on the public key infrastructure (PKI) which is based on:
message digest.
plain text.
encryption.
key space.
39 of 40
________ systems are highly useful for both law enforcement and for law breaking, for example, by providing a means to obtain passwords or encryption keys and thus bypassing other security measures.
Biometric
Keystroke logging
Access control
Intrusion detection
40 of 40
Which is not an advantage of virtual private networks (VPN) for data communications?
They are less expensive than private leased lines because they use the public Internet to carry information.
They ensure the confidentiality and integrity of the data transmitted over the Internet without requiring encryption.
They can reduce communication costs dramatically because VPN equipment is cheaper than other remote solutions.
Remote users can use broadband connections rather than make long distance calls to access an organization’s private network.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.