ECOM chap 5
Which of the following did Dropbox implement after a series of security snafus in 2011 and 2012? A) anti-virus software B) two-factor authentication C) SSL/TLS D) firewall 5.2
B
Which of the following statements about Bitcoin is not true? A) The computational power required to mine Bitcoins has increased over time. B) Bitcoins are completely secure. C) Bitcoins are illegal in some countries. D) In 2018, Bitcoin reprsented just under 40% of the full market for cryptocurrencies. 5.5
B
All of the following statements about PKI are true except: A) the term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties. B) PKI is not effective against insiders who have a legitimate access to corporate systems including customer information. C) PKI guarantees that the verifying computer of the merchant is secure. D) the acronym PKI stands for public key infrastructure. 5.3
C
All the following statements about symmetric key cryptography are true except: A) in symmetric key cryptography, both the sender and the receiver use the same key to encrypt and decrypt a message. B) the Data Encryption Standard is a symmetric key encryption system. C) symmetric key cryptography is computationally slower. D) symmetric key cryptography is a key element in digital envelopes. 5.3
C
Most of the world's malware is delivered via which of the following? A) viruses B) worms C) Trojan horses D) botnets 5.2
C
Next generation firewalls provide all of the following except: A) an application-centric approach to firewall control. B) the ability to identify applications regardless of the port, protocol, or security evasion tools used. C) the ability to automatically update applications with security patches. D) the ability to identify users regardless of the device or IP address. 5.3
C
All of the following are used for authentication except: A) digital signatures. B) certificates of authority. C) biometric devices. D) packet filters. 5.3
D
Most of the world's spam is delivered via which of the following? A) viruses B) worms C) Trojan horses D) botnets 5.2
D
Confidentiality is sometimes confused with: A) privacy. B) authenticity. C) integrity. D) nonrepudiation 5.1
A
The Java Runtime Environment is a frequent target of exploit kits.
T
Face ID is an example of which of the following? A) biometrics B) encryption C) IDS D) firewall 5.3
A
Phishing attacks rely on browser parasites. 5.2
F
A Trojan horse appears to be benign, but then does something other than expected 5.2
T
A drive-by download is malware that comes with a downloaded file that a user intentionally or unintentionally requests. 5.2
T
Apple Pay uses near field communication (NFC) chips 5.5
T
CryptoLocker is an example of ransomware. 5.2
T
Drive-by downloads are now the most common method of infecting computers. 5.2
T
In order to accept payments by credit card, online merchants typically must have a merchant account established with a bank or financial institution. 5.5
T
SSL/TLS cannot provide irrefutability. 5.3
T
The Heartbleed bug is an example of a software vulnerability. 5.2
T
Angler is an example of: A) a worm. B) an exploit kit. C) phishing. D) hacktivism 5.2
B
Today, online bill payment accounts for ________ of all bill payments, while paper checks account for ________. A) less than 10%; less than 25% B) about 25%; about 10% C) more than 55%; less than 20% D) about 95%; about 5%
C
Which of the following is not an example of a potentially unwanted program (PUP)? A) adware B) browser parasite C) drive-by download D) spyware 5.2
C
Which of the following left the WikiLeaks Web site effectively inoperable in August 2012? A) SQL injection attack B) browser parasite C) DDoS attack D) botnet 5.2
C
PayPal is an example of what type of payment system? A) online stored value payment system B) digital checking system C) accumulating balance system D) digital credit card system 5.5
A
Which of the following is not a major trend in e-commerce payments in 2018-2019? A) Mobile retail payment volume decreases. B) PayPal remains the most popular alternative payment method. C) Large banks enter the mobile wallet and P2P payments market. D) Payment by credit and/or debit card remains the dominant form of online payment. 5.5
A
What is the most frequent cause of stolen credit cards and card information today? A) lost cards B) the hacking and looting of corporate servers storing credit card information C) sniffing programs D) phishing attacks 5.2
B
Online bill payment now accounts for ________ of all bill payments. A) 10% B) 25% C) 50% D) 100% 5.5
C
The attack on Dyn Inc. in 2016 is an example of which of the following? A) SQL injection attack B) browser parasite C) DDoS attack D) MitM attack 5.2
C
Which of the following is not an example of malicious code? A) scareware B) Trojan horse C) bot D) sniffer 5.2
D
Which of the following is a prominent hacktivist group? A) Anonymous B) Anti-Phishing Working Group C) IC3 D) Symantec 5.2
A
Beebone is an example of which of the following? A) worm B) botnet C) phishing D) hacktivism 5.2
B
In 2013, the Target retail chain experienced which of the following? A) a large-scale data breach B) a DDoS attack that shut down its Web site C) a hacktivist attack to protest its wage policies D) a browser parasite 5.2
A
In 2016, Yahoo revealed that it had experienced which of the following? A) a high-prole data breach B) a DDoS attack that shut down its website C) a hacktivist attack to protest its employment policies D) a browser parasite 5.2
A
Online bill payments are believed to cost ________ to process compared to ________ for paper bills. A) 20 to 30 cents, $3 to $7 B) $1 to $2, $10 to $20 C) 3 to $7, 20 to 30 cents D) $10 to $20, $ 1 to $2 5.5
A
Software that is used to obtain private user information such as a user's keystrokes or copies of e-mail is referred to as: A) spyware. B) a backdoor. C) browser parasite D) adware. 5.2
A
The overall rate of online credit card fraud is ________ of all online card transactions. A) less than 1% B) around 5% C) around 10% D) around 15% 5.2
A
The six key dimensions to e-commerce security are nonrepudiation, authenticity, availability, integrity, privacy, and: A) confidentiality. B) usability. C) functionality. D) viability. 5.1
A
Which of the following is NOT a key factor for establishing e-commerce security? A) data integrity B) technology C) organizational policies D) laws and industry standards 5.1
A
Which of the following is not a major trend in e-commerce payments in 2014-2015? A) Mobile retail payment volume decreases. B) PayPal remains the most popular alternative payment method. C) Apple introduces Apple Pay. D) Payment by credit and/or debit card remains the dominant form of online payment. 5.1
A
All of the following are features of WPA3 except: A) it implements a more robust key exchange protocol. B) it enables the creation of a VPN. C) it provides a more secure way to connect IoT devices. D) it features expanded encryption for public networks 5.3
B
Botnets are typically used for all of the following except: A) DDoS attacks. B) phishing attacks. C) storing network traffic for analysis. D) stealing information from computers. 5.2
B
Conficker is an example of a: A) virus. B) worm. C) Trojan horse. D) botnet 5.2
B
In May 2014, the U.S. Department of Justice indicted five army members from which of the following countries for conducting industrial espionage against U.S. Steel and Westinghouse? A) Russia B) China C) Iran D) Iraq 5.1
B
In the United States, the primary form of online payment is: A) PayPal. B) credit cards. C) debit cards. D) Google Wallet. 5.5
B
Linden Dollars, created for use in Second Life, are an example of: A) digital cash. B) virtual currency. C) EBPP. D) peer-to-peer payment systems. 5.5
B
PCI-DSS is a standard established by which of the following? A) the banking industry B) the credit card industry C) the federal government D) the retail industry 5.5
B
Reventon is an example of: A) a macro virus. B) ransomware. C) a backdoor. D) a bot program. 5.2
B
Shellshock is an example of which of the following? A) mobile malware B) software vulnerability C) botnet D) Trojan horse 5.2
B
Symmetric key encryption is also known as: A) public key encryption. B) secret key encryption. C) PGP. D) PKI. 5.3
B
The Data Encryption Standard uses a(n) ________-bit key. A) 8 B) 56 C) 256 D) 512 5.3
B
To allow lower-level employees access to the corporate network while preventing them from accessing private human resources documents, you would use: A) a firewall. B) an authorization management system. C) security tokens. D) an authorization policy 5.4
B
Which of the following dimensions of e-commerce security is not provided for by encryption? A) confidentiality B) availability C) message integrity D) nonrepudiation 5.3
B
Which of the following is an example of an online privacy violation? A) your e-mail being read by a hacker B) your online purchasing history being sold to other merchants without your consent C) your computer being used as part of a botnet D) your e-mail being altered by a hacker 5.1
B
Which of the following is the most common protocol for securing a digital channel of communication? A) DES B) SSL/TLS C) VPN D) HTTP 5.3
B
Which of the following statements about blockchain is NOT true? A) A blockchain system is composed of a distributed network of computers. B) A blockchain system is inherently centralized. C) A blockchain system is a transaction processing system. D) Cryptocurrencies are based on blockchain technology 5.5
B
A ________ is hardware or software that acts as a filter to prevent unwanted packets from entering a network. A) firewall B) virtual private network C) proxy server D) PPTP 5.3
A
A digital certificate contains all of the following except the: A) subject's private key. B) subject's public key. C) digital signature of the certification authority. D) digital certificate serial number 5.3
A
P2P payment systems are a variation on what type of payment system? A) stored value payment system B) digital checking system C) accumulating balance system D) digital credit card system 5.5
A
________ typically attack governments, organizations, and sometimes individuals for political purposes. A) Crackers B) White hats C) Grey hats D) Hacktivists 5.2
D
A worm needs to be activated by a user in order for it to replicate itself. 5.2
F
Bluetooth is the primary enabling technology for mobile wallets. 5.5
F
Credit cards are the dominant form of online payment throughout the world. 5.5
F
FREAK is an example of a software vulnerability. 5.2
T
Insiders present a greater security threat to e-commerce sites than outsiders. 5.2
T
IoT botnets became the preferred platform for launching DDoS attacks in 2017. 5.2
T
PayPal requires the recipient of a payment to have a PayPal account to receive funds. 5.5
T
Smishing attacks exploit SMS messages.
T
Spoofing involves attempting to hide a true identity by using someone else's e-mail or IP address. 5.2
T
Spoofing is the attempt to hide a hacker's true identity by using someone else's e-mail or IP address 5.2
T
The U.S. federal government has historically not been in favor of the development and export of strong encryption systems. 5.3
T
The creation of Bitcoins consumes a significant amount of energy.
T
Accessing data without authorization on Dropbox is an example of a: A) social network security issue. B) cloud security issue. C) mobile platform security issue. D) sniffing issue. 5.2
B
All of the following are examples of social/mobile peer-to-peer payment systems except: A) Venmo. B) Bill Me Later. C) Square Cash. D) Google Wallet. 5.5
B
All of the following are factors in contributing to the increase in cybercrime except: A) the ability to remotely access the Internet. B) the Internet's similarity to telephone networks. C) the ability to anonymously access the Internet. D) the Internet is an open, vulnerable design. 5.1
B
________ is the ability to identify the person or entity with whom you are dealing on the Internet. A) Nonrepudiation B) Authenticity C) Availability D) Integrity 5.1
B
Which of the following is a set of short-range wireless technologies used to share information among devices within about two inches of each other? A) DES B) NFC C) IM D) text messaging 5.5
B near field communication
Which of the following is the current standard used to protect Wi-Fi networks? A) WEP B) TLS C) WPA2 D) WPA3 5.3
C
Which of the following is the leading cause of data breaches? A) theft of a computer B) accidental disclosures C) hackers D) DDoS attacks 5.2
C
Proxy servers are also known as: A) firewalls. B) application gateways. C) dual home systems. D) packet filters. 5.3
C
Which of the following statements is not true? A) Apple's Touch ID stores a digital replica of a user's actual fingerprint in Apple's iCloud. B) Biometric devices reduce the opportunity for spoofing. C) A retina scan is an example of a biometric device. D) Biometric data stored on an iPhone is encrypted 5.3
A
Which of the following was designed to cripple Iranian nuclear centrifuges? A) Stuxnet B) Shamoon C) Snake D) Storm 5.2
A
________ is the ability to ensure that e-commerce participants do not deny their online actions. A) Nonrepudiation B) Authenticity C) Availability D) Integrity 5.1
A
________ is the ability to ensure that messages and data are only available to those authorized to view them. A) Confidentiality B) Integrity C) Privacy D) Availability 5.1
A
According to Symantec, almost half of the e-mail addresses involved in business e-mail compromise (BEC) phishing that it analyzed had an IP address originating in: A) China. B) Russia. C) Nigeria. D) North Korea. 5.2
C
According to the Identity Theft Resource Center, the number of data breaches in 2017 increased by ________ compared to 2016. A) 15% B) 45% C) 55% D) 75% 5.1
C
All of the following are examples of cryptocurrencies except: A) Ethereum. B) Ripple. C) Zelle. D) Monero. 5.5
C
All of the following experienced high-profile data breaches in 2015 except: A) CVS. B) Walgreens. C) Amazon. D) Experian. 5.2
C
Which of the following statements about data breaches in 2017 is not true? A) According to the Identity Theft Resource Center, the number of breaches in 2017 increased by almost 45% from 2016. B) According to the Identity Theft Resource Center, over 50% of data breaches involved social security numbers. C) According to the Identity Theft Resource Center, employee error was the leading cause of data breaches. D) According to the Identity Theft Resource Center, data breaches involving the business sector represented over 55% of all breaches 5.2
C
________ is the ability to ensure that an e-commerce site continues to function as intended. A) Nonrepudiation B) Authenticity C) Availability D) Integrity 5.1
C
Malware that comes with a downloaded file that a user requests is called a: A) Trojan horse. B) backdoor. C) drive-by download. D) PUP 5.2
C
Malware that comes with a downloaded file that a user requests is called a: A) Trojan horse. B) backdoor. C) drive-by download. D) PUP. 5.2
C
None of the following payment systems offers immediate monetary value except: A) personal checks. B) credit cards. C) stored value/debit card. D) accumulating balance 5.5
C
According to Ponemon Institute's 2017 survey, which of the following was not among the causes of the most costly cybercrimes? A) malicious insiders B) malicious code C) denial of service D) botnets 5.2
D
All of the following are examples of malicious code except: A) viruses. B) bots. C) worms. D) sniffers. 5.2
D
All of the following are methods of securing channels of communication except: A) SSL/TLS. B) digital certificates. C) VPN. D) FTP. 5.
D
All of the following are prominent hacktivist groups except: A) Anonymous. B) LulzSec. C) Impact Team. D) Avid Life 5.2
D
The easiest and least expensive way to prevent threats to system integrity is to install anti-virus software. 5.3
T
There is a finite number of Bitcoins that can be created 5.5
T
Typically, the more security measures added to an e-commerce site, the slower and more difficult it becomes to use. 5.1
T
Rustock is an example of which of the following? A) worm B) botnet C) phishing D) hacktivism 5.2
B
All of the following statements about Apple Pay are true except which of the following? A) Apple Pay is available for both iPhone 5s and iPhone 6s. B) Apple Pay is based on Touch ID biometric fingerprint scanning. C) Apple Pay can be used for mobile payments at the point of sale at a physical store. D) Apple Pay relies on the consumer having a credit card on file with Apple's iTunes. 5.5
A
All of the following statements about Apple Pay are true except which of the following? A) Apple Pay is subject to recent regulations issued by the Bureau of Consumer Financial Protection applicable to GPR transactions. B) Apple Pay is based on Touch ID biometric fingerprint scanning. C) Apple Pay can be used for mobile payments at the point of sale at a physical store. D) Apple Pay relies on NFC chip technology. 5.5
A
All of the following statements about Apple Pay are true except which of the following? A) Apple Pay is the most popular alternative payment method in the United States. B) Apple Pay is an example of a universal proximity mobile wallet. C) Apple Pay can be used for mobile payments at the point of sale at a physical store. D) Apple Pay has more users than either Google Pay or Samsung Pay. 5.5
A
All of the following are limitations of the existing online credit card payment system except: A) poor security. B) cost to consumers. C) cost to merchant. D) social equity 5.5
B
All of the following statements about public key cryptography are true except: A) public key cryptography uses two mathematically related digital keys B) public key cryptography ensures authentication of the sender. C) public key cryptography does not ensure message integrity. D) public key cryptography is based on the idea of irreversible mathematical functions 5.3
B
Which of the following statements is NOT true? A) A majority of states require companies that maintain personal data on their residents to publicly disclose when a security breach affecting those residents has occurred. B) The USA Patriot Act broadly expanded law enforcement's investigative and surveillance powers. C) The Cybersecurity Information Sharing Act was strongly supported by most large technology companies and privacy advocates. D) The Federal Trade Commission has asserted that it has authority over corporations' data security practices. 5.4
C
Which of the following statements is not true? A) A VPN provides both confidentiality and integrity. B) A VPN uses both authentication and encryption. C) A VPN uses a dedicated secure line. D) The primary use of VPNs is to establish secure communications among business partners 5.3
C
Digital cash is legal tender that is instantly convertible into other forms of value without the intermediation of any third parties. 5.5
F
Exploit kits can be purchased by users to protect their computers from malware 5.2
F
TLS does not guarantee server-side authentication. 5.3
F
WannaCry is an example of ransomware 5.2
T
Zelle is an example of a P2P mobile payment app. 5.5
T
Bitcoins are an example of: A) digital cash. B) virtual currency. C) a stored value payment system. D) an EBPP system 5.5
A
Asymmetric key cryptography is also known as: A) public key cryptography. B) secret key cryptography. C) PGP. D) PKI 5.3
A
Automatically redirecting a web link to a different address is an example of which of the following? A) sniffing B) social engineering C) pharming D) DDoS attack 5.2
C
In 2015, online bill payment accounted for ________ of all bill payments, while paper checks accounted for ________. A) less than 10%; less than 25% B) about 25%; about 10% C) more than 50%; less than 20% D) 100%; 0% 5.5
C
The attack on Dyn, Twitter, Amazon, and other major organizations in October 2016, is an example of which of the following? A) SQL injection attack B) browser parasite C) DDoS attack D) MitM attack 5.2
C
The research firm Cybersource estimated that online credit card fraud in the United States amounted to about ________ in 2012. A) $35 million B) $350 million C) $3.5 billion D) $35 billion 5.5
C
What is the first step in developing an e-commerce security plan? A) Create a security organization. B) Develop a security policy. C) Perform a risk assessment. D) Perform a security audit. 5.4
C
Which dimension(s) of security is spoofing a threat to? A) integrity B) availability C) integrity and authenticity D) availability and integrity 5.2
C
Which of the following countries has been found to have engaged in cyberespionage against Google? A) Russia B) China C) Iran D) Iraq 5.1
C
Which of the following did the Internet Advertising Bureau urge advertisers to abandon? A) HTML B) HTML5 C) Adobe Flash D) Adobe Acrobat 5.2
C
Which of the following is NOT an example of an access control? A) firewalls B) proxy servers C) digital signatures D) login passwords 5.3
C
An intrusion detection system can perform all of the following functions except: A) examining network traffic. B) setting off an alarm when suspicious activity is detected. C) checking network traffic to see if it matches certain patterns or preconfigured rules. D) blocking suspicious activity. 5.3
D
Which of the following is NOT a key point of vulnerability when dealing with e-commerce? A) the client computer B) the server C) the communications pipeline D) the credit card companies 5.2
D
Which of the following is an example of an integrity violation of e-commerce security? A) A website is not actually operated by the entity the customer believes it to be. B) A merchant uses customer information in a manner not intended by the customer. C) A customer denies that he is the person who placed the order. D) An unauthorized person intercepts an online communication and changes its contents. 5.1
D
Zeus is an example of which of the following? A) SQL injection attack B) browser parasite C) DDoS attack D) Trojan horse 5.2
D