CIS 250 Chapter 5 Revision
A ______ is hardware or software that acts as a filter to prevent unwanted packets from entering a network A) firewall B) virtual private network C) proxy server D) PPTP
A
A digital certificate contains all of the following except the: A) subject's private key B) subject's public key C) digital signature of the certification authority D) digital certificate serial number
A
Accessing data without authorization on Dropbox is an example of a: A) social network security issue B) cloud security issue C) mobile platform security issue D) sniffing issue
B
All of the following are features of WPA3 except: A) it implements a more robust key exchange protocol B) it enables the creation of a VPN C) it provides a more secure way to connect IoT devices D) it features expanded encryption for public networks
B
All of the following are limitations of the existing online credit card payment system except: A) poor security B) cost to consumers C) cost to merchant D) social equity
B
To allow lower-level employees access to the corporate network while preventing them from accessing private human resources documents, you would use: A) a firewall B) an authorization management system C) security tokens D) an authorization policy
B
Which of the following dimensions of e-commerce security is not provided for by encryption? A) confidentiality B) availability C) message integrity D) nonrepudiation
B
Which of the following is a set of short-range wireless technologies used to share information among devices within about two inches of each other? A) DES B) NFC C) IM D) text messaging
B
All of the following statements about PKI are true except: A) the term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties B) PKI is not effective against insiders who have a legitimate access to corporate systems including customer information C) PKI guarantees that the verifying computer of the merchant is secure D) the acronym PKI stands for public key infrastructure
C
All the following statements about symmetric key cryptography are true except: A) in symmetric key cryptography, both the sender and the receiver use the same key to encrypt and decrypt a message B) the Data Encryption Standard is a symmetric key encryption system C) symmetric key cryptography is computationally slower D) symmetric key cryptography is a key element in digital envelopes
C
Automatically redirecting a web link to a different address is an example of which of the following? A) sniffing B) social engineering C) pharming D) DDoS attack
C
Malware that comes with a downloaded file requested by a user is called a: A) trojan horse B) backdoor C) drive-by download D) PUP
C
What is the first step in developing an e-commerce security plan? A) create a security organization B) develop a security policy C) perform a risk assessment D) perform a security audit
C
Which of the following is not an example of a potentially unwanted program (PUP)? A) adware B) browser parasite C) drive-by download D) spyware
C
Which of the following is not an example of an access control? A) firewalls B) proxy servers C) digital signatures D) login passwords
C
Which of the following is the leading cause of data breaches? A) theft of a computer B) accidental disclosures C) hackers D) DDoS attacks
C
Which of the following statements it not true? A) a VPN provides both confidentiality and integrity B) a VPN uses both authentication and encryption C) a VPN uses a dedicated secure line D) the primary use of VPNs is to establish secure communications among business partners
C
_____ is the ability to ensure that an e-commerce site continues to function as intended. A) Nonrepudiation B) Authenticity C) Availability D) Integrity
C
All of the following are methods of securing channels of communication except: A) TLS B) digital certificates C) VPN D) FTP
D
All of the following are used for authentication except: A) digital signatures B) certificates of authority C) biometric devices D) packet filters
D
Which of the following is an example of an integrity violation of e-commerce security? A) A website is not actually operated by the entity the customer believes it to be B) A merchant uses customer information in a manner not intended by the customer C) A customer denies that he is the person who placed the order D) An unauthorized person intercepts an online communication and changes its contents
D
_____ typically attack governments, organizations, and sometimes individuals for political purposes. A) Crackers B) Tiger teams C) Bounty hunters D) Hacktivists
D
Which of the following is the most common protocol for securing a digital channel of communication? A) DES B) TLS C) VPN D) HTTP
B
_____ is the ability to identify the person or entity with whom you are dealing on the Internet. A) Nonrepudiation B) Authenticity C) Availability D) Integrity
B
Asymmetric key cryptography is also known as: A) public key cryptography B) private key cryptography C) PGP D) PKI
A
Confidentiality is sometimes confused with: A) privacy B) authenticity C) integrity D) nonrepudiation
A
Face ID is an example of which of the following? A) biometrics B) encryption C) IDS D) firewall
A
PayPal is an example of which of the following types of payment system? A) online stored value payment system B) digital checking system C) accumulating balance system D) digital credit card system
A
Software that is used to obtain private user information such as a user's keystrokes or copies of e-mail is referred to as: A) spyware B) a backdoor C) a browser parasite D) adware
A
Which of the following is not a key factor for establishing e-commerce security? A) data integrity B) technology C) organizational policies D) laws and industry standards
A
Which of the following is not an example of malicious code? A) scareware B) trojan horse C) bot D) sniffer
A
_____ is the ability to ensure that e-commerce participants do not deny their online actions. A) Nonrepudiation B) Authenticity C) Availability D) Integrity
A
_____ is the ability to ensure that messages and data are only available to those authorized to view them. A) Confidentiality B) Integrity C) Privacy D) Availability
A
All of the following statements about public key cryptography are true except: A) public key cryptography uses two mathematically related digital keys B) public key cryptography ensures authentication of the sender C) public key cryptography does not ensure message integrity D) public key cryptography is based on the idea of irreversible mathematical functions
B
Which of the following is an example of an online privacy violation? A) your e-mail being read by a hacker B) your online purchase history being sold to other merchants without your consent C) your computer being used as part of a botnet D) your e-mail being altered by a hacker
B
A drive-by download is malware that comes with a downloaded file that a user intentionally or unintentionally requests
True
A trojan horse appears to be benign, but then does something other than expected
True
Spoofing is the attempt to hide a hacker's true identity by using someone else's e-mail or IP address
True
The easiest and least expensive way to prevent threats to system integrity is to install anti-virus software.
True
Typically, the more security measures added to an e-commerce site, the slower and more difficult it becomes to use.
True
Zelle is an example of a P2P mobile payment app.
True
