CIS 450 Ch. 5

Angler is an example of: a. phishing b. hacktivism c. an exploit kit d. a worm

c. an exploit kit

Which of the following dimensions of e-commerce security does not involve encryption? a. confidentiality b. nonrepudiation c. avaiability d. message inegrity

c. availability

Automatically redirecting a web link to a different address is an example of: a. DDoS attack b. social engineering c. pharming d. sniffing

c. pharming

Accessing data without authorization on Dropbox is an example of which of the following?

cloud security issue

_________ typically attack governments, organizations, and sometimes individuals for political purposes:

Hacktivits

All of the following are examples of social/mobile peer-to-peer payment systems except: a. square cash b. venmo c. bill me later d. google wallet

c. bill me later

Malware that comes with a downloaded file requested by a user is called a: a. backdoor b. Trojan horse c. drive-by download d. PUP

c. drive-by download

The overall rate of online credit card fraud is ______ of all online card transactions: a. around 5% b. around 15% c. less than 1% d. around 10%

c. less than 1%

All of the following are limitations of the existing online credit card payment system except:

cost to consumers

Proxy servers are also known as: a. application gateways b. packet filters c. firewalls d. dual home systems

d. dual home systems

Which of the following is the leading cause of data breaches? a. theft of a computer b. accidental disclosures c. DDoS attacks d. hackers

d. hackers

All of the following statements about public key cryptography are true except: a. public key cryptography does not ensure message integrity. b. public key cryptography is based on the idea of irreversible mathematical functions. c. public key cryptography uses two mathematically related digital keys. d. public key cryptography ensures authentication of the sender.

d. public key cryptography ensures authentication of the sender.

A digital certificate contains all of the following except the: a. subject's public key b. digital signature of the certification authority c. digital certificate serial number d. subject's private key

d. subject's private key

All of the following statements about symmetric key cryptography are true except: a. in symmetric key cryptography, both the sender and the receiver use the same key to encrypt and decrypt a message. b. symmetric key cryptography is a key element in digital envelopes. c. the Data Encryption Standard is a symmetric key encryption system. d. symmetric key cryptography is computationally slower.

d. symmetric key cryptography is computationally slower.

The Data Encryption Standard uses a _____ -bit key

56

Which of the following is an example of an integrity violation of e-commerce security?

An unauthorized person intercepts an online communication and changes its contents.

All of the following statements about Apple Pay are true except which of the following?

Apple Pay is subject to recent regulations issued by the Bureau of Consumer Financial Protection applicable to GPR transactions.

Which of the following statements is not true?

Apple's Touch ID stores a user's actual fingerprint

All of the following are prominent hacktivist groups except:

Avid Life

A fingerprint scan is an example of which of the following?

Biometrics

Digital cash is a legal tender that is instantly convertible into other forms of value without the intermediation of any third parties.

False

Phishing attacks rely on browser parasites.

False

Vishing attacks exploit SMS messages.

False

Which dimensions of security is spoofing a threat to?

Integrity and authenticity

Which of the following is the most common protocol for securing a digital channel of communication?

SSL/TLS

Which of the following statements is not true?

The Cybersecurity Information Sharing Act was strongly supported by most large technology companies and privacy advocates.

Which of the following was designed to cripple Iranian nuclear centrifuges? a. Stuxnet b. Snake c. Flame d. Storm

a. Stuxnet

______________ is the current standard used to protect Wi-Fi networks: a. WPA2 b. WEP c. WPA3 d. TLS

a. WPA2

Which of the following statements is not true: a. a VPN uses a dedicated secure line b. the primary use of VPNs is to esablish secure communications among business partners c. a VPN provides both confidentiality and integrity d. a VPN uses both authentication and encryption

a. a VPN uses a dedicated secure line

In 2016, Yahoo revealed that it had experienced which of the following? a. a high-profile data breach b. a DDoS attack that shut down its website c. a browser parasite d. a hacktivist attack to protest its employment policies

a. a high-profile data breach

To allow lower-level employees access to the corporate network while preventing them from accessing private human resource documents, you would use: a. an authorization management system b. an authorization policy c. security tokens d. access controls

a. an authorization management system

An intrusion detection system can perform all the following functions except: a. blocking suspicious activity b. examining network traffic c. checking network traffic to see if it matches certain patterns or preconfigured rules d. setting off an alarm when suspicious activity is detected

a. blocking suspicious activity

According to Ponemon Institute's 2015 survey, which of the following was not among the causes of the costliest cybercrimes? a. botnets b. denial of service c. malicious code d. malicious insiders

a. botnets

Which of the following is not an example of an access control? a. digital signatures b. login passwords c. firewalls d. proxy servers

a. digital signatures

_______ refers to the ability to ensure that messages and data are only available to those authorized to view them: a. privacy b. confidentiality c. availability d. integrity

b. confidentiality

In 2015, online bill payment accounted for _____ of all bill payments, while paper checks accounted for _______: a. 100%; 0% b. more than 50%; less than 20% c. less than 10%; less than 25% d. about 25%; about 10%

b. more than 50%; less than 20%

__________ refers to the ability to ensure that e-commerce participants do not deny their online actions: a. authenticity b. nonrepudiation c. integrity d. availability

b. nonrepudiation

All of the following as used for authentication except: a. biometric devices b. packet filters c. certificates of authority d. digital signatures.

b. packet filters

PCI-DSS is a standard established by which of the following? a. the banking industry b. the credit card industry c. the federal government d. the retail industry

b. the credit card industry

Which of the following has the Internet Advertising Bureau urged advertisers to abandon? a. Adobe Acrobat b. HTML5 c. HTML d. Adobe Flash

d. Adobe Flash

The attack on Dyn, Twitter, Amazon, and other major organizations in October 2016 is an example of which of the following? a. SQL injection attack b. MitM attack c. browser parasite d. DDoS attack

d. DDoS attack

Which of the following is a set of short-range wireless technologies used to share information among devices within about two inches of eachother? a. text messaging b. IM c. DES d. NFC

d. NFC

Bitcoins are an example of:

digital cash

Which of the following is not an example of a PUP?

drive-by download

A ______ is a hardware or software component that acts as a filter to prevent unwanted packets from entering a network.

firewall

Confidentiality is sometimes confused with:

privacy

Symmetric key cryptography is also known as:

secret key cryptography

Shellshock is an example of which of the following?

software vulnerability

Software that is used to obtain private user information such as a user's keystrokes or copies of email is referred to as:

spyware

Next generation firewalls provide all of the following except:

the ability to automatically update applications with security patches

Conficker is an example of a:

worm

All of the following experienced a high-profile data breaches in 2015 except:

Amazon

Which of the following is not a major trend in e-commerce payment in 2016-2017?

Mobile retail payment volume decreases

A Trojan horse appears to be benign, but then does something other than expected.

True

A worm does not need to be activated by a user for it to replicate itself.

True

Apple Pay uses near field communication (NFC) chips.

True

CryptoLocker is an example of ransomware.

True

Exploit kits are often rented or sold as a commercial product.

True

Factoring Attack on RSA-Export keys (FREAK) is an example of a software vulnerability.

True

PayPal is the most popular alternative payment method in the United States

True

SLS/TLS cannot provide irrefutability.

True

Spoofing a website is a threat to the integrity of the website.

True

The easiest and least expensive way to prevent threats to system integrity is to install anti-virus software.

True

There is a finite number of Bitcoins that can be created.

True

Typically, the more security measures added to an e-commerce site, the slower and more difficult it becomes to use.

True