E-Commerce 2014, 10e (Laudon/Traver) Chapter 5 E-commerce Security and Payment Systems
To allow lower-level employees access to the corporate network while preventing them from accessing private human resources documents, you would use: A) access controls. B) an authorization management system. C) security tokens. D) an authorization policy.
B) an authorization management system.
Rustock is an example of which of the following? A) worm B) botnet C) phishing D) hacktivism
B) botnet
To allow employees to connect securely over the Internet to their corporate network, you would use a(n) ________.
VPN, virtual private network
A(n) ________ is a feature of viruses, worms, and Trojans that allows an attacker to remotely access a compromised computer.
backdoor
The study of measurable biological or physical characteristics is called ________.
biometrics
Automatically redirecting a Web link to a different address is called ________.
pharming
A ________ is hardware or software that acts as a filter to prevent unwanted packets from entering a network. A) firewall B) virtual private network C) proxy server D) PPTP
A) firewall
The overall rate of online credit card fraud is ________ % of all online card transactions. A) less than 1 B) around 1 C) around 5 D) around 10
A) less than 1
The Data Encryption Standard uses a(n) ________-bit key. A) 8 B) 56 C) 256 D) 512
B) 56
________ refers to the ability to identify the person or entity with whom you are dealing on the Internet. A) Nonrepudiation B) Authenticity C) Availability D) Integrity
B) Authenticity
Which of the following countries has been found to have engaged in cyberespionage against Google? A) Russia B) China C) Iran D) Iraq
B) China
Which of the following is a set of short-range wireless technologies used to share information among devices within about 2 inches of each other? A) DES B) NFC C) IM D) text messaging
B) NFC
Online bill payments are believed to cost ________ to process compared to ________ for paper bills. A) 20 to 30 cents, $3 to $7 B) $1 to $2, $10 to $20 C) 3 to $7, 20 to 30 cents D) $10 to $20, $ 1 to $2
A) 20 to 30 cents, $3 to $7
Which of the following is a prominent hacktivist group? A) Anonymous B) Anti-Phishing Working Group C) IC3 D) Symantec
A) Anonymous
________ refers to the ability to ensure that messages and data are only available to those authorized to view them. A) Confidentiality B) Integrity C) Privacy D) Availability
A) Confidentiality
________ refers to the ability to ensure that e-commerce participants do not deny their online actions. A) Nonrepudiation B) Authenticity C) Availability D) Integrity
A) Nonrepudiation
The six key dimensions to e-commerce security are nonrepudiation, authenticity, availability, integrity, privacy, and: A) confidentiality. B) usability. C) functionality. D) viability.
A) confidentiality.
Bitcoins are an example of: A) digital cash. B) virtual currency. C) a stored value payment system. D) an EBPP system.
A) digital cash.
Botnets are typically used for all of the following except: A) DDoS attacks. B) phishing attacks. C) storing network traffic for analysis. D) stealing information from computers.
B) phishing attacks.
All of the following statements about public key encryption are true except: A) public key encryption uses two mathematically related digital keys. B) public key encryption ensures authentication of the sender. C) public key encryption does not ensure message integrity. D) public key encryption is based on the idea of irreversible mathematical functions.
B) public key encryption ensures authentication of the sender.
Reventon is an example of: A) a macro virus. B) ransomware. C) a backdoor. D) a bot program.
B) ransomware.
Symmetric key encryption is also known as: A) public key encryption. B) secret key encryption. C) PGP. D) PKI.
B) secret key encryption.
All of the following are factors in contributing to the increase in cybercrime except: A) the ability to remotely access the Internet. B) the Internet's similarity to telephone networks. C) the ability to anonymously access the Internet. D) the Internet is an open, vulnerable design.
B) the Internet's similarity to telephone networks.
What is the most frequent cause of stolen credit cards and card information today? A) lost cards B) the hacking and looting of corporate servers storing credit card information C) sniffing programs D) phishing attacks
B) the hacking and looting of corporate servers storing credit card information
Which of the following did Dropbox implement after a series of security snafus in 2011 and 2012? A) anti-virus software B) two-factor authentication C) SSL/TLS D) firewall
B) two-factor authentication
Linden Dollars, created for use in Second Life, are an example of: A) digital cash. B) virtual currency. C) EBPP. D) peer-to-peer payment systems.
B) virtual currency
An example of a privacy violation of e-commerce security is: A) your e-mail being read by a hacker. B) your online purchasing history being sold to other merchants without your consent. C) your computer being used as part of a botnet. D) your e-mail being altered by a hacker.
B) your online purchasing history being sold to other merchants without your consent.
Which dimension(s) of security is spoofing a threat to? A) integrity B) availability C) integrity and authenticity D) availability and integrity
C) integrity and authenticity
None of the following payment systems offers immediate monetary value except: A) personal checks. B) credit cards. C) stored value/debit card. D) accumulating balance.
C) stored value/debit card.
All the following statements about symmetric key encryption are true except: A) in symmetric key encryption, both the sender and the receiver use the same key to encrypt and decrypt a message. B) the Data Encryption Standard is a symmetric key encryption system. C) symmetric key encryption is computationally slower. D) symmetric key encryption is a key element in digital envelopes.
C) symmetric key encryption is computationally slower.
Which of the following dimensions of e-commerce security is not provided for by encryption? A) confidentiality B) availability C) message integrity D) nonrepudiation
B) availability
All of the following are limitations of the existing online credit card payment system except: A) poor security. B) cost to consumers. C) cost to merchant. D) social equity.
B) cost to consumers.
In the United States, the primary form of online payment is: A) PayPal. B) credit cards. C) debit cards. D) Google Wallet.
B) credit cards.
An intrusion detection system can perform all of the following functions except: A) examining network traffic. B) setting off an alarm when suspicious activity is detected. C) checking network traffic to see if it matches certain patterns or preconfigured rules. D) blocking suspicious activity.
D) blocking suspicious activity.
Most of the world's spam is delivered via which of the following? A) viruses B) worms C) Trojan horses D) botnets
D) botnets
All of the following are used for authentication except: A) digital signatures. B) certificates of authority. C) biometric devices. D) packet filters.
D) packet filters.
All of the following are examples of malicious code except: A) viruses. B) bots. C) worms. D) sniffers.
D) sniffers.
Which of the following is not a key point of vulnerability when dealing with e-commerce? A) the client computer B) the server C) the communications pipeline D) the credit card companies
D) the credit card companies
________ is a form of online payment system for monthly bills.
EBPP, Electronic billing presentment and payment
________ involves cybervandalism and data theft for political purposes.
Hacktivism
________ typically handle verification of accounts and balances in the credit card system.
Processing centers, Clearinghouses
The most common form of securing a digital channel of communication is ________.
SSL/TLS, Secure Sockets Layer/Transport Layer Security
The ________ worm was designed to disarm computers that control the centrifuges in Iran's uranium enrichment process.
Stuxnet
A Trojan horse appears to be benign, but then does something other than expected.
TRUE
A worm does not need to be activated by a user in order for it to replicate itself.
TRUE
Typically, the more security measures added to an e-commerce site, the slower and more difficult it becomes to use.
TRUE
The exploitation of human fallibility and gullibility to distribute malware is known as ________.
social engineering
A(n) ________ vulnerability involves a vulnerability unknown to security experts that is actively exploited before there is a patch available.
zero-day
Which of the following is not an example of an access control? A) firewalls B) proxy servers C) digital signatures D) login passwords
C) digital signatures
Which of the following is not an example of a PUP? A) adware B) browser parasite C) drive-by download D) spyware
C) drive-by download
Malware that comes with a downloaded file that a user requests is called a: A) Trojan horse. B) backdoor. C) drive-by download. D) PUP.
C) drive-by download.
Proxy servers are also known as: A) firewalls. B) application gateways. C) dual home systems. D) packet filters.
C) dual home systems.
Software that is used to obtain private user information such as a user's keystrokes or copies of e-mail is referred to as: A) spyware. B) a backdoor. C) pupware. D) adware.
A) spyware.
P2P payment systems are a variation on what type of payment system? A) stored value payment system B) digital checking system C) accumulating balance system D) digital credit card system
A) stored value payment system
A digital certificate contains all of the following except the: A) subject's private key. B) subject's public key. C) digital signature of the certification authority. D) digital certificate serial number.
A) subject's private key.
The research firm Cybersource estimated that online credit card fraud in the United States amounted to about ________ in 2012. A) $35 million B) $350 million C) $3.5 billion D) $35 billion
C) $3.5 billion
Online bill payment now accounts for ________ of all bill payments. A) 10% B) 25% C) 50% D) 100%
C) 50%
________ refers to the ability to ensure that an e-commerce site continues to function as intended. A) Nonrepudiation B) Authenticity C) Availability D) Integrity
C) Availability
Which of the following left the WikiLeaks Web site effectively inoperable in August 2012? A) SQL injection attack B) browser parasite C) DDoS attack D) botnet
C) DDoS attack
All of the following statements about PKI are true except: A) The term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties. B) PKI is not effective against insiders who have a legitimate access to corporate systems including customer information. C) PKI guarantees that the verifying computer of the merchant is secure. D) The acronym PKI stands for public key infrastructure.
C) PKI guarantees that the verifying computer of the merchant is secure.
What is the first step in developing an e-commerce security plan? A) Create a security organization. B) Develop a security policy. C) Perform a risk assessment. D) Perform a security audit.
C) Perform a risk assessment.
Which of the following is the current standard used to protect Wi-Fi networks? A) WEP B) TLS C) WPA2 D) WPA3
C) WPA2
Which of the following is an example of an integrity violation of e-commerce security? A) A Web site is not actually operated by the entity the customer believes it to be. B) A merchant uses customer information in a manner not intended by the customer. C) A customer denies that he or she is the person who placed the order. D) An unauthorized person intercepts an online communication and changes its contents.
D) An unauthorized person intercepts an online communication and changes its contents.
All of the following are methods of securing channels of communication except: A) SSL/TLS. B) certificates. C) VPN. D) FTP.
D) FTP.
Malicious code that is designed to take advantage of a security hole in computer software or operating system is called a(n) ________.
exploit
77) To internal computers, a proxy server is known as the ________.
gateway
A(n) ________ is a hacker that believes he or she is pursing some greater good by breaking in and revealing system flaws.
grey hat
In encryption, the method used to transform plain text to encrypted text is called a(n) ________.
key, cipher
Credit cards are the dominant form of online payment throughout the world.
FALSE
Digital cash is legal tender that is instantly convertible into other forms of value without the intermediation of any third parties.
FALSE
Phishing attacks rely on browser parasites.
FALSE
Spoofing involves attempting to hide a true identity by using someone else's e-mail or IP address.
FALSE
TLS does not guarantee server-side authentication.
FALSE
Drive-by downloads are now the most common method of infecting computers.
TRUE
In order to accept payments by credit card, online merchants typically must have a merchant account established with a bank or financial institution.
TRUE
Insiders present a greater security threat to e-commerce sites than outsiders.
TRUE
PayPal requires the recipient of a payment to have a PayPal account to receive funds.
TRUE
Smishing attacks exploit SMS messages.
TRUE
The U.S. federal government has historically not been in favor of the development and export of strong encryption systems.
TRUE
The easiest and least expensive way to prevent threats to system integrity is to install anti-virus software.
TRUE