asdasdasdaw
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 47) The Data Encryption Standard uses a(n) ________-bit key. A) 8 B) 56 C) 256 D) 512
Answer: B Difficulty: Difficult AACSB: Information technology
28) Automatically redirecting a web link to a different address is an example of which of the following? A) sniffing B) social engineering C) pharming D) DDoS attack
Answer: C
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 19) According to Symantec, almost half of the e-mail addresses involved in business e-mail compromise (BEC) phishing that it analyzed had an IP address originating in: A) China. B) Russia. C) Nigeria. D) North Korea.
Answer: C Difficulty: Easy AACSB: Information technology
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the key dimensions of e-commerce security, and the tension between security and other values. 5) ________ is the ability to ensure that an e-commerce site continues to function as intended. A) Nonrepudiation B) Authenticity C) Availability D) Integrity
Answer: C Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 49) Which of the following is the current standard used to protect Wi-Fi networks? A) WEP B) TLS C) WPA2 D) WPA3
Answer: C Difficulty: Moderate AACSB: Information technology
30) According to Ponemon Institute's 2017 survey, which of the following was not among the causes of the most costly cybercrimes? A) malicious insiders B) malicious code C) denial of service D) botnets
Answer: D
53) All of the following are methods of securing channels of communication except: A) SSL/TLS. B) digital certificates. C) VPN. D) FTP.
Answer: D
57) An intrusion detection system can perform all of the following functions except: A) examining network traffic. B) setting off an alarm when suspicious activity is detected. C) checking network traffic to see if it matches certain patterns or preconfigured rules. D) blocking suspicious activity.
Answer: D
f the following is not an example of malicious code? A) scareware B) Trojan horse C) bot D) sniffer
Answer: D
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today. 23 Copyright © 2019 Pearson Education, Inc. 81) Digital cash is legal tender that is instantly convertible into other forms of value without the intermediation of any third parties.
Answer: FALSE Difficulty: Difficult AACSB: Information technology
f the following was designed to cripple Iranian nuclear centrifuges? A) Stuxnet B) Flame C) Snake D) Storm
Answer: A
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 62) Which of the following is the most common protocol for securing a digital channel of communication? A) DES B) SSL/TLS C) VPN D) HTTP
Answer: B Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.4: Appreciate the importance of policies, procedures, and laws in creating security. 71) All of the following are examples of social/mobile peer-to-peer payment systems except: A) Venmo. B) Bill Me Later. C) Square Cash. D) Google Wallet.
Answer: B Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today. 77) Linden Dollars, created for use in Second Life, are an example of: A) digital cash. B) virtual currency. C) EBPP. D) peer-to-peer payment systems.
Answer: B Difficulty: Moderate AACSB: Information technology
46) All the following statements about symmetric key cryptography are true except: A) in symmetric key cryptography, both the sender and the receiver use the same key to encrypt and decrypt a message. B) the Data Encryption Standard is a symmetric key encryption system. C) symmetric key cryptography is computationally slower. D) symmetric key cryptography is a key element in digital envelopes.
Answer: C
49) Which of the following is the current standard used to protect Wi-Fi networks? A) WEP B) TLS C) WPA2 D) WPA3
Answer: C
72) All of the following statements about Apple Pay are true except which of the following? A) Apple Pay is subject to regulations issued by the Bureau of Consumer Financial Protection applicable to GPR transactions. B) Apple Pay is based on Touch ID biometric fingerprint scanning. C) Apple Pay can be used for mobile payments at the point of sale at a physical store. D) Apple Pay relies on NFC chip technology.
Answer: A
e that is used to obtain private user information such as a user's keystrokes or copies of e-mail is referred to as: A) spyware. B) a backdoor. C) browser parasite. D) adware.
Answer: A
f the following is not a key factor for establishing e-commerce security? A) data integrity B) technology C) organizational policies D) laws and industry standards
Answer: A
f the following is not a major trend in e-commerce payments in 2017-2018? A) Mobile retail payment volume decreases. B) PayPal remains the most popular alternative payment method. C) Google refocuses Google Wallet solely on sending and receiving money. D) Payment by credit and/or debit card remains the dominant form of online payment.
Answer: A
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today. 73) PayPal is an example of what type of payment system? A) online stored value payment system B) digital checking system C) accumulating balance system D) digital credit card system
Answer: A Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today. 21 Copyright © 2019 Pearson Education, Inc. 72) All of the following statements about Apple Pay are true except which of the following? A) Apple Pay is subject to regulations issued by the Bureau of Consumer Financial Protection applicable to GPR transactions. B) Apple Pay is based on Touch ID biometric fingerprint scanning. C) Apple Pay can be used for mobile payments at the point of sale at a physical store. D) Apple Pay relies on NFC chip technology.
Answer: A Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 42) What is a sniffing attack and how does it differ from a MitM attack?
Answer: A sniffer is a type of eavesdropping program that monitors information traveling over a network. When used legitimately in a sniffing attack, hackers use sniffers to steal proprietary information from a network, including passwords, e-mail messages, company files, and confidential reports. A man-in-the-middle (MitM) attack also involves eavesdropping but is more active than a sniffing attack, which typically involves passive monitoring. In a MitM attack, the attacker can intercept communications between two parties who believe they are directly communicating with one another, when in fact the attacker is controlling the communications. Difficulty: Moderate AACSB: Analytical thinking; Information technology; Written and oral communication
20) What is the most frequent cause of stolen credit cards and card information today? A) lost cards B) the hacking and looting of corporate servers storing credit card information C) sniffing programs D) phishing attacks
Answer: B
24) Angler is an example of which of the following? A) worm B) exploit kit C) phishing D) hacktivism
Answer: B
3) ________ is the ability to identify the person or entity with whom you are dealing on the Internet. A) Nonrepudiation B) Authenticity C) Availability D) Integrity
Answer: B
47) The Data Encryption Standard uses a(n) ________-bit key. A) 8 B) 56 C) 256 D) 512
Answer: B
48) All of the following statements about public key cryptography are true except: A) public key cryptography uses two mathematically related digital keys. B) public key cryptography ensures authentication of the sender. C) public key cryptography does not ensure message integrity. D) public key cryptography is based on the idea of irreversible mathematical functions.
Answer: B
52) Which of the following dimensions of e-commerce security is not provided for by encryption? A) confidentiality B) availability C) message integrity D) nonrepudiation
Answer: B
6) Which of the following is an example of an online privacy violation? A) your e-mail being read by a hacker B) your online purchasing history being sold to other merchants without your consent C) your computer being used as part of a botnet D) your e-mail being altered by a hacker
Answer: B
62) Which of the following is the most common protocol for securing a digital channel of communication? A) DES B) SSL/TLS C) VPN D) HTTP
Answer: B
69) To allow lower-level employees access to the corporate network while preventing them from accessing private human resources documents, you would use: A) access controls. B) an authorization management system. C) security tokens. D) an authorization policy.
Answer: B
71) All of the following are examples of social/mobile peer-to-peer payment systems except: A) Venmo. B) Bill Me Later. C) Square Cash. D) Google Wallet.
Answer: B
76) All of the following are limitations of the existing online credit card payment system except: A) poor security. B) cost to consumers. C) cost to merchant. D) social equity.
Answer: B
Dollars, created for use in Second Life, are an example of: A) digital cash. B) virtual currency. C) EBPP. D) peer-to-peer payment systems.
Answer: B
f the following is a set of short-range wireless technologies used to share information among devices within about two inches of each other? A) DES B) NFC C) IM D) text messaging
Answer: B
is a standard established by which of the following? A) the banking industry B) the credit card industry C) the federal government D) the retail industry
Answer: B
ng data without authorization on Dropbox is an example of a: A) social network security issue. B) cloud security issue. C) mobile platform security issue. D) sniffing issue.
Answer: B
45) Asymmetric key cryptography is also known as: A) public key cryptography. B) secret key cryptography. C) PGP. D) PKI.
Answer: A
51) A digital certificate contains all of the following except the: A) subject's private key. B) subject's public key. C) digital signature of the certification authority. D) digital certificate serial number.
Answer: A
54) A ________ is hardware or software that acts as a filter to prevent unwanted packets from entering a network. A) firewall B) virtual private network C) proxy server D) PPTP
Answer: A
60) Which of the following statements is not true? A) Apple's Touch ID stores a digital replica of a user's actual fingerprint in Apple's iCloud. B) Biometric devices reduce the opportunity for spoofing. C) A retina scan is an example of a biometric device. D) Biometric data stored on an iPhone is encrypted.
Answer: A
7) ________ is the ability to ensure that messages and data are only available to those authorized to view them. A) Confidentiality B) Integrity C) Privacy D) Availability
Answer: A
50) All of the following statements about PKI are true except: A) the term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties. B) PKI is not effective against insiders who have a legitimate access to corporate systems including customer information. C) PKI guarantees that the verifying computer of the merchant is secure. D) the acronym PKI stands for public key infrastructure.
Answer: C
58) Which of the following is not an example of an access control? A) firewalls B) proxy servers C) digital signatures D) login passwords
Answer: C
59) Which of the following statements is not true? A) A VPN provides both confidentiality and integrity. B) A VPN uses both authentication and encryption. C) A VPN uses a dedicated secure line. D) The primary use of VPNs is to establish secure communications among business partners.
Answer: C
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 34) Phishing attacks rely on browser parasites.
Answer: FALSE Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 37) Exploit kits can be purchased by users to protect their computers from malware.
Answer: FALSE Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the key dimensions of e-commerce security, and the tension between security and other values. 9) Why is it difficult to accurately estimate the actual amount of cybercrime?
Answer: It is difficult to accurately estimate the actual amount of cybercrime, in part, because many companies are hesitant to report it due to the fear of losing the trust of their customers, and because even if crime is reported, it may be difficult to quantify the actual dollar amount of the loss. Difficulty: Easy AACSB: Analytical thinking; Written and oral communication
5) ________ is the ability to ensure that an e-commerce site continues to function as intended. A) Nonrepudiation B) Authenticity C) Availability D) Integrity
Answer: C
55) Proxy servers are also known as: A) firewalls. B) application gateways. C) dual home systems. D) packet filters.
Answer: C
_ typically attack governments, organizations, and sometimes individuals for political purposes. A) Crackers B) White hats C) Grey hats D) Hacktivists
Answer: D
RUE 9) Why is it difficult to accurately estimate the actual amount of cybercrime?
Answer: I
61) Face ID is an example of which of the following? A) biometrics B) encryption C) IDS D) firewall
Answer: A
2) ________ is the ability to ensure that e-commerce participants do not deny their online actions. A) Nonrepudiation B) Authenticity C) Availability D) Integrity
Answer: A
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 19 Copyright © 2019 Pearson Education, Inc. 67) Discuss the security of communications channels. Include definitions and explanations for the terms Secure Sockets Layer/Transport Layer Security (SSL/TLS), secure negotiated session, session key, and VPN.
Answer: The Secure Sockets Layer of the Transmission Control Protocol/Internet Protocol (TCP/IP) communications protocol is the main method for securing communications channels on the Web. When you receive a message from a web server then you will be communicating through a secure channel; this means that SSL/TLS will be used to establish a secure negotiated session. A secure negotiated session is a client-server session in which the URL of the requested document, its contents, and the contents of the forms filled out by the user on the page, as well as the cookies that are exchanged, are all encrypted. The browser and the server exchange digital certificates with one another, determine the strongest shared form of encryption, and begin communicating using a unique symmetric encryption key, agreed upon for just this encounter. This is called a session key. SSL/TLS provides data encryption, server authentication, optional client authentication (as yet still rare for individual users), and message integrity for the TCP/IP connections between two computers. SSL/TLS addresses the threat of authenticity by allowing users to verify another user's identity or the identity of a server. It also protects the integrity of the messages exchanged. However, once the merchant receives the encrypted credit and order information, that information is typically stored in unencrypted format on the merchant's servers. While SSL/TLS provides secure transactions between merchant and consumer, it only guarantees server-side authentication. Client authentication is optional. In addition, SSL/TLS cannot provide irrefutability — consumers can order goods or download information products and then claim the transaction never occurred. Virtual private networks (VPNs) enable remote users to access an internal network from the Internet. They use protocols to create a private connection between a user on a local ISP and a private network. This process is called tunneling because it creates a private connection by adding an encrypted wrapper around the message to hide its content. It is called virtual because it appears to be a dedicated secure line when in fact it is a temporary secure line. VPNs are used primarily for transactions between business partners because dedicated connections can be very expensive. The Internet and VPNs can be used to significantly reduce the costs of secure communications. Difficulty: Moderate AACSB: Analytical thinking; Information technology; Written and oral communication
RUE 81) Digital cash is legal tender that is instantly convertible into other forms of value without the intermediation of any third parties.
Answer: F
RUE kits can be purchased by users to protect their computers from malware.
Answer: F
1) Confidentiality is sometimes confused with: A) privacy. B) authenticity. C) integrity. D) nonrepudiation.
Answer: A
12) The overall rate of online credit card fraud is ________ of all online card transactions. A) less than 1% B) around 5% C) around 10% D) around 15%
Answer: A
16) Conficker is an example of a: A) virus. B) worm. C) Trojan horse. D) botnet.
Answer: B
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 26) Which of the following is not an example of a PUP? A) adware B) browser parasite C) drive-by download D) spyware
Answer: C Difficulty: Difficult AACSB: Information technology
RUE 65) Explain the difference between symmetric key cryptography and public key cryptography. Which dimensions of e-commerce security does encryption address?
Answer: S
32) The Internet Advertising Bureau has urged advertisers to abandon Adobe Flash in favor of HTML5.
Answer: T
is the most popular alternative payment method in the United States.
Answer: T
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 36) Spoofing is the attempt to hide a hacker's true identity by using someone else's e-mail or IP address.
Answer: TRUE Difficulty: Difficult AACSB: Information technology
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today. 80) Apple Pay uses near field communication (NFC) chips.
Answer: TRUE Difficulty: Moderate AACSB: Application of knowledge
56) All of the following are used for authentication except: A) digital signatures. B) certificates of authority. C) biometric devices. D) packet filters.
Answer: D
he Great Cannon is the nickname given by researchers to a tool believed to be developed by China that was used to launch a major DDoS attack in 2015 against the software development platform GitHub, aimed specifically at two Chinese anti-censorship projects hosted on the platform. Although originally thought to be part of the Great Firewall, which is a system developed by China that allows it to censor Internet traffic, further investigation revealed that the Great Cannon appears to be a separate distinct offensive system that is co-located with the Great Firewall. The Great Cannon enables hackers to hijack traffic to individual IP addresses and uses a man-in-the-middle attack to replace unencrypted content between a web server and the user with malicious JavaScript that would load the two GitHub project pages every two seconds. a sniffing attack and how does it differ from a MitM attack?
Answer: A
is an example of what type of payment system? A) online stored value payment system B) digital checking system C) accumulating balance system D) digital credit card system
Answer: A
s are an example of: A) digital cash. B) virtual currency. C) a stored value payment system. D) an EBPP system.
Answer: A
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 4 Copyright © 2019 Pearson Education, Inc. 12) The overall rate of online credit card fraud is ________ of all online card transactions. A) less than 1% B) around 5% C) around 10% D) around 15%
Answer: A Difficulty: Difficult AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 51) A digital certificate contains all of the following except the: A) subject's private key. B) subject's public key. C) digital signature of the certification authority. D) digital certificate serial number.
Answer: A Difficulty: Difficult AACSB: Information technology
1) Confidentiality is sometimes confused with: A) privacy. B) authenticity. C) integrity. D) nonrepudiation.
Answer: A Difficulty: Easy AACSB: Application of knowledge
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 54) A ________ is hardware or software that acts as a filter to prevent unwanted packets from entering a network. A) firewall B) virtual private network C) proxy server D) PPTP
Answer: A Difficulty: Easy AACSB: Information technology
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today. 75) Which of the following is not a major trend in e-commerce payments in 2017-2018? A) Mobile retail payment volume decreases. B) PayPal remains the most popular alternative payment method. C) Google refocuses Google Wallet solely on sending and receiving money. D) Payment by credit and/or debit card remains the dominant form of online payment.
Answer: A Difficulty: Moderate AACSB: Application of knowledge
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the key dimensions of e-commerce security, and the tension between security and other values. 2) ________ is the ability to ensure that e-commerce participants do not deny their online actions. A) Nonrepudiation B) Authenticity C) Availability D) Integrity
Answer: A Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the key dimensions of e-commerce security, and the tension between security and other values. 7) ________ is the ability to ensure that messages and data are only available to those authorized to view them. A) Confidentiality B) Integrity C) Privacy D) Availability
Answer: A Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 18) Software that is used to obtain private user information such as a user's keystrokes or copies of e-mail is referred to as: A) spyware. B) a backdoor. C) browser parasite. D) adware.
Answer: A Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 11) Bitcoins are an example of: A) digital cash. B) virtual currency. C) a stored value payment system. D) an EBPP system.
Answer: A Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 15) Which of the following is not a key factor for establishing e-commerce security? A) data integrity B) technology C) organizational policies D) laws and industry standards
Answer: A Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 27) Which of the following was designed to cripple Iranian nuclear centrifuges? A) Stuxnet B) Flame C) Snake D) Storm
Answer: A Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 45) Asymmetric key cryptography is also known as: A) public key cryptography. B) secret key cryptography. C) PGP. D) PKI.
Answer: A Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 61) Face ID is an example of which of the following? A) biometrics B) encryption C) IDS D) firewall
Answer: A Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 16 Copyright © 2019 Pearson Education, Inc. 60) Which of the following statements is not true? A) Apple's Touch ID stores a digital replica of a user's actual fingerprint in Apple's iCloud. B) Biometric devices reduce the opportunity for spoofing. C) A retina scan is an example of a biometric device. D) Biometric data stored on an iPhone is encrypted.
Answer: A Difficulty: Moderate AACSB: Information technology
ng to Symantec, the number of data breaches in 2016 increased by ________ compared to 2015. A) 100% B) 15% C) 150% D) 20%
Answer: D
t is difficult to accurately estimate the actual amount of cybercrime, in part, because many companies are hesitant to report it due to the fear of losing the trust of their customers, and because even if crime is reported, it may be difficult to quantify the actual dollar amount of the loss. 10) Which of the following statements about data breaches in 2016 is not true? A) According to Symantec, the number of major breaches in 2016 increased from the number in 2015. B) According to Symantec, the total number of data breaches in 2016 increased significantly from the number in 2015. C) According to Symantec, the total number of identities exposed by data breaches in 2016 increased to 1.1 billion. D) According to the Identity Theft Resource Center, data breaches involving the business sector represented over 45% of all breaches.
Answer: B
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the key dimensions of e-commerce security, and the tension between security and other values. 10) Which of the following statements about data breaches in 2016 is not true? A) According to Symantec, the number of major breaches in 2016 increased from the number in 2015. B) According to Symantec, the total number of data breaches in 2016 increased significantly from the number in 2015. C) According to Symantec, the total number of identities exposed by data breaches in 2016 increased to 1.1 billion. D) According to the Identity Theft Resource Center, data breaches involving the business sector represented over 45% of all breaches.
Answer: B Difficulty: Difficult AACSB: Application of knowledge
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 13 Copyright © 2019 Pearson Education, Inc. 48) All of the following statements about public key cryptography are true except: A) public key cryptography uses two mathematically related digital keys. B) public key cryptography ensures authentication of the sender. C) public key cryptography does not ensure message integrity. D) public key cryptography is based on the idea of irreversible mathematical functions.
Answer: B Difficulty: Difficult AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 14 Copyright © 2019 Pearson Education, Inc. 52) Which of the following dimensions of e-commerce security is not provided for by encryption? A) confidentiality B) availability C) message integrity D) nonrepudiation
Answer: B Difficulty: Difficult AACSB: Information technology
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today. 78) Which of the following is a set of short-range wireless technologies used to share information among devices within about two inches of each other? A) DES B) NFC C) IM D) text messaging
Answer: B Difficulty: Difficult AACSB: Information technology
Learning Objective: 5.4: Appreciate the importance of policies, procedures, and laws in creating security. 69) To allow lower-level employees access to the corporate network while preventing them from accessing private human resources documents, you would use: A) access controls. B) an authorization management system. C) security tokens. D) an authorization policy.
Answer: B Difficulty: Easy AACSB: Information technology
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the key dimensions of e-commerce security, and the tension between security and other values. 6) Which of the following is an example of an online privacy violation? A) your e-mail being read by a hacker B) your online purchasing history being sold to other merchants without your consent C) your computer being used as part of a botnet D) your e-mail being altered by a hacker
Answer: B Difficulty: Moderate AACSB: Analytical thinking
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today. 22 Copyright © 2019 Pearson Education, Inc. 76) All of the following are limitations of the existing online credit card payment system except: A) poor security. B) cost to consumers. C) cost to merchant. D) social equity.
Answer: B Difficulty: Moderate AACSB: Application of knowledge
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today. 74) PCI-DSS is a standard established by which of the following? A) the banking industry B) the credit card industry C) the federal government D) the retail industry
Answer: B Difficulty: Moderate AACSB: Application of knowledge
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the key dimensions of e-commerce security, and the tension between security and other values. 5 Copyright © 2019 Pearson Education, Inc. 16) Conficker is an example of a: A) virus. B) worm. C) Trojan horse. D) botnet.
Answer: B Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the key dimensions of e-commerce security, and the tension between security and other values. 3) ________ is the ability to identify the person or entity with whom you are dealing on the Internet. A) Nonrepudiation B) Authenticity C) Availability D) Integrity
Answer: B Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 6 Copyright © 2019 Pearson Education, Inc. 20) What is the most frequent cause of stolen credit cards and card information today? A) lost cards B) the hacking and looting of corporate servers storing credit card information C) sniffing programs D) phishing attacks
Answer: B Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 7 Copyright © 2019 Pearson Education, Inc. 24) Angler is an example of which of the following? A) worm B) exploit kit C) phishing D) hacktivism
Answer: B Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 14) Accessing data without authorization on Dropbox is an example of a: A) social network security issue. B) cloud security issue. C) mobile platform security issue. D) sniffing issue.
Answer: B Difficulty: Moderate AACSB: Information technology
RUE g attacks rely on browser parasites.
Answer: F
70) Which of the following statements is not true? A) A majority of states require companies that maintain personal data on their residents to publicly disclose when a security breach affecting those residents has occurred. B) The USA Patriot Act broadly expanded law enforcement's investigative and surveillance powers. C) The Cybersecurity Information Sharing Act was strongly supported by most large technology companies and privacy advocates. D) The Federal Trade Commission has asserted that it has authority over corporations' data security practices.
Answer: C
ack on Dyn Inc., in October 2016 is an example of which of the following? A) SQL injection attack B) browser parasite C) DDoS attack D) MitM attack
Answer: C
alicious code includes a variety of threats such as viruses, worms, Trojan horses, ransomware, and bot programs. A virus is a computer program that can replicate or make copies of itself and spread to other files. Viruses can range in severity from simple programs that display a message or graphic as a "joke" to more malevolent code that will destroy files or reformat the hard drive of a computer, causing programs to run incorrectly. Worms are designed to spread not only from file to file but from computer to computer and do not necessarily need to be activated in order to replicate. A Trojan horse is not itself a virus because it does not replicate but it is a method by which viruses or other malicious code can be introduced into a computer system. It appears benign and then suddenly does something harmful. For example, it may appear to be only a game and then it will steal passwords and mail them to another person. A backdoor is a feature of worms, viruses, and Trojans that allow attackers to remotely access compromised computers. Ransomware is a type of malware (often a worm) that locks your computer or files to stop you from accessing them. Bot programs are a type of malicious code that can be covertly installed on a computer when it is attached to the Internet. Once installed, the bot responds to external commands sent by the attacker, and many bots can be coordinated by a hacker into a botnet. 44) Next generation firewalls provide all of the following except: A) an application-centric approach to firewall control. B) the ability to identify applications regardless of the port, protocol, or security evasion tools used. C) the ability to automatically update applications with security patches. D) the ability to identify users regardless of the device or IP address.
Answer: C
f the following has the Internet Advertising Bureau urged advertisers to abandon? A) HTML B) HTML5 C) Adobe Flash D) Adobe Acrobat
Answer: C
f the following is not an example of a PUP? A) adware B) browser parasite C) drive-by download D) spyware
Answer: C
f the following is the leading cause of data breaches? A) theft of a computer B) accidental disclosures C) hackers D) DDoS attacks
Answer: C
he Secure Sockets Layer of the Transmission Control Protocol/Internet Protocol (TCP/IP) communications protocol is the main method for securing communications channels on the Web. When you receive a message from a web server then you will be communicating through a secure channel; this means that SSL/TLS will be used to establish a secure negotiated session. A secure negotiated session is a client-server session in which the URL of the requested document, its contents, and the contents of the forms filled out by the user on the page, as well as the cookies that are exchanged, are all encrypted. The browser and the server exchange digital certificates with one another, determine the strongest shared form of encryption, and begin communicating using a unique symmetric encryption key, agreed upon for just this encounter. This is called a session key. SSL/TLS provides data encryption, server authentication, optional client authentication (as yet still rare for individual users), and message integrity for the TCP/IP connections between two computers. SSL/TLS addresses the threat of authenticity by allowing users to verify another user's identity or the identity of a server. It also protects the integrity of the messages exchanged. However, once the merchant receives the encrypted credit and order information, that information is typically stored in unencrypted format on the merchant's servers. While SSL/TLS provides secure transactions between merchant and consumer, it only guarantees server-side authentication. Client authentication is optional. In addition, SSL/TLS cannot provide irrefutability — consumers can order goods or download information products and then claim the transaction never occurred. Virtual private networks (VPNs) enable remote users to access an internal network from the Internet. They use protocols to create a private connection between a user on a local ISP and a private network. This process is called tunneling because it creates a private connection by adding an encrypted wrapper around the message to hide its content. It is called virtual because it appears to be a dedicated secure line when in fact it is a temporary secure line. VPNs are used primarily for transactions between business partners because dedicated connections can be very expensive. The Internet and VPNs can be used to significantly reduce the costs of secure communications. 68) What is the first step in developing an e-commerce security plan? A) Create a security organization. B) Develop a security policy. C) Perform a risk assessment. D) Perform a security audit.
Answer: C
he five parties involved in a credit card transaction are the consumer, the merchant, the clearinghouse, the merchant bank (acquiring bank), and the consumer's card issuing bank. The basic payment transaction process works like this: The consumer first makes an online payment by sending his or her credit card information via an online form at the merchant's website. Once this information is received by the merchant, the merchant software contacts a clearinghouse (a financial intermediary that authenticates credit cards and verifies account balances). The clearinghouse contacts the card issuing bank to verify the account information. Once verified, the issuing bank credits the account of the merchant at the merchant's bank. The debit to the consumer account is transmitted to the consumer in a monthly statement. SSL is involved in sending the consumer's credit card information safely to the merchant's website. When the consumer checks out using the merchant's shopping cart software, a secure tunnel through the Internet is created using SSL/TLS. Using encryption, SSL/TSL secures the session during which credit card information will be sent to the merchant and protects the information from interlopers on the Internet. There are a number of limitations to the existing credit card payment system, most importantly involving security, merchant risk, cost, and social equity. The security of the transaction is very poor because neither the merchant nor the consumer can be fully authenticated. The risks merchants face is high. Banks think of Internet credit card orders as the same type of transactions as mail orders or telephone orders. In these transactions, the credit card is not present. There is no way for the merchant to verify the legitimacy of the customer's card or identity before confirming the order. In these transactions, the merchant carries all the risk for fraudulent credit card use. Consumers can disclaim charges even though the items have already been shipped. Merchants also must pay significant charges. These high costs make it unprofitable to sell small items such as individual articles or music tracks over the Internet. Furthermore, credit cards are not very democratic. Millions of young adults and other adult Americans who cannot afford credit cards or who have low incomes and are, therefore, considered poor credit risks cannot participate in e-commerce as it is presently structured in the United States. 84) Today, online bill payment accounts for ________ of all bill payments, while paper checks account for ________. A) less than 10%; less than 25% B) about 25%; about 10% C) more than 55%; less than 20% D) 100%; 0%
Answer: C
imension(s) of security is spoofing a threat to? A) integrity B) availability C) integrity and authenticity D) availability and integrity
Answer: C
ng to Symantec, almost half of the e-mail addresses involved in business e-mail compromise (BEC) phishing that it analyzed had an IP address originating in: A) China. B) Russia. C) Nigeria. D) North Korea.
Answer: C
that comes with a downloaded file that a user requests is called a: A) Trojan horse. B) backdoor. C) drive-by download. D) PUP.
Answer: C
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 21) Which dimension(s) of security is spoofing a threat to? A) integrity B) availability C) integrity and authenticity D) availability and integrity
Answer: C Difficulty: Difficult AACSB: Analytical thinking
Learning Objective: 5.4: Appreciate the importance of policies, procedures, and laws in creating security. 70) Which of the following statements is not true? A) A majority of states require companies that maintain personal data on their residents to publicly disclose when a security breach affecting those residents has occurred. B) The USA Patriot Act broadly expanded law enforcement's investigative and surveillance powers. C) The Cybersecurity Information Sharing Act was strongly supported by most large technology companies and privacy advocates. D) The Federal Trade Commission has asserted that it has authority over corporations' data security practices.
Answer: C Difficulty: Difficult AACSB: Application of knowledge
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 12 Copyright © 2019 Pearson Education, Inc. 44) Next generation firewalls provide all of the following except: A) an application-centric approach to firewall control. B) the ability to identify applications regardless of the port, protocol, or security evasion tools used. C) the ability to automatically update applications with security patches. D) the ability to identify users regardless of the device or IP address.
Answer: C Difficulty: Difficult AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 46) All the following statements about symmetric key cryptography are true except: A) in symmetric key cryptography, both the sender and the receiver use the same key to encrypt and decrypt a message. B) the Data Encryption Standard is a symmetric key encryption system. C) symmetric key cryptography is computationally slower. D) symmetric key cryptography is a key element in digital envelopes.
Answer: C Difficulty: Difficult AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 50) All of the following statements about PKI are true except: A) the term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties. B) PKI is not effective against insiders who have a legitimate access to corporate systems including customer information. C) PKI guarantees that the verifying computer of the merchant is secure. D) the acronym PKI stands for public key infrastructure.
Answer: C Difficulty: Difficult AACSB: Information technology
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today. 24 Copyright © 2019 Pearson Education, Inc. 84) Today, online bill payment accounts for ________ of all bill payments, while paper checks account for ________. A) less than 10%; less than 25% B) about 25%; about 10% C) more than 55%; less than 20% D) 100%; 0%
Answer: C Difficulty: Difficult AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 8 Copyright © 2019 Pearson Education, Inc. 28) Automatically redirecting a web link to a different address is an example of which of the following? A) sniffing B) social engineering C) pharming D) DDoS attack
Answer: C Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 13) Which of the following has the Internet Advertising Bureau urged advertisers to abandon? A) HTML B) HTML5 C) Adobe Flash D) Adobe Acrobat
Answer: C Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 23) The attack on Dyn Inc., in October 2016 is an example of which of the following? A) SQL injection attack B) browser parasite C) DDoS attack D) MitM attack
Answer: C Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 17) Which of the following is the leading cause of data breaches? A) theft of a computer B) accidental disclosures C) hackers D) DDoS attacks
Answer: C Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 25) Malware that comes with a downloaded file that a user requests is called a: A) Trojan horse. B) backdoor. C) drive-by download. D) PUP.
Answer: C Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 20 Copyright © 2019 Pearson Education, Inc. 68) What is the first step in developing an e-commerce security plan? A) Create a security organization. B) Develop a security policy. C) Perform a risk assessment. D) Perform a security audit.
Answer: C Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 55) Proxy servers are also known as: A) firewalls. B) application gateways. C) dual home systems. D) packet filters.
Answer: C Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 58) Which of the following is not an example of an access control? A) firewalls B) proxy servers C) digital signatures D) login passwords
Answer: C Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 59) Which of the following statements is not true? A) A VPN provides both confidentiality and integrity. B) A VPN uses both authentication and encryption. C) A VPN uses a dedicated secure line. D) The primary use of VPNs is to establish secure communications among business partners.
Answer: C Difficulty: Moderate AACSB: Information technology
4) Which of the following is an example of an integrity violation of e-commerce security? A) A website is not actually operated by the entity the customer believes it to be. B) A merchant uses customer information in a manner not intended by the customer. C) A customer denies that he is the person who placed the order. D) An unauthorized person intercepts an online communication and changes its contents.
Answer: D
ymmetric key cryptography involves the use of a secret cipher that transforms plain text into cipher text. Both the sender and the receiver use the same key to encrypt and decrypt the message. The possibilities for simple substitution and transposition ciphers are endless, but there are several flaws in these types of systems that make them inadequate for use today. First, for the sender and the receiver to have the same key, it must be sent over a communication medium that is insecure or they must meet in person to exchange the key. If the secret key is lost or stolen, the encryption system fails. This method can be used effectively for data storage protection, but is less convenient for e-mail since the correspondents must pass the secret key to one another over another secure medium prior to commencing the communication. Second, in the digital age, computers are so fast and powerful that these ancient encryption techniques can be quickly and easily broken. Modern digital encryption systems must use keys with between 56 and 512 binary digits to ensure that decryption would be unlikely. Third, for commercial use on an e-commerce site each of the parties in a transaction would need a secret key. In a population of millions of Internet users, thousands of millions of keys would be needed to accommodate all e-commerce customers. Public key cryptography solves the problem of exchanging keys. In this method every user has a pair of numeric keys: private and public. The public key is not secret; on the contrary, it is supposed to be disseminated widely. Public keys may be published in company catalogs or on online. The public key is used by outside parties to encrypt the messages addressed to you. The private or secret key is used by the recipient to decipher incoming messages. The main advantage of a public key cryptographic system is its ability to begin secure correspondence over the Internet without prior exchanging of the keys and, therefore, without the need for a meeting in person or using conventional carriers for key exchange. Encryption can provide four of the six key dimensions of e-commerce security. It can provide assurance that the message has not been altered (integrity), prevent the user from denying that he/she has sent the message (nonrepudiation), provide verification of the identity of the message (authentication), and give assurance that the message has not been read by others (confidentiality). 66) What dimensions do digital signatures and hash digests add to public key cryptography and how do they work?
Answer: D
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the key dimensions of e-commerce security, and the tension between security and other values. 4) Which of the following is an example of an integrity violation of e-commerce security? A) A website is not actually operated by the entity the customer believes it to be. B) A merchant uses customer information in a manner not intended by the customer. C) A customer denies that he is the person who placed the order. D) An unauthorized person intercepts an online communication and changes its contents.
Answer: D Difficulty: Moderate AACSB: Analytical thinking
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the key dimensions of e-commerce security, and the tension between security and other values. 30) According to Ponemon Institute's 2017 survey, which of the following was not among the causes of the most costly cybercrimes? A) malicious insiders B) malicious code C) denial of service D) botnets
Answer: D Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 22) Which of the following is not an example of malicious code? A) scareware B) Trojan horse C) bot D) sniffer
Answer: D Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 29) According to Symantec, the number of data breaches in 2016 increased by ________ compared to 2015. A) 100% B) 15% C) 150% D) 20%
Answer: D Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 31) ________ typically attack governments, organizations, and sometimes individuals for political purposes. A) Crackers B) White hats C) Grey hats D) Hacktivists
Answer: D Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 53) All of the following are methods of securing channels of communication except: A) SSL/TLS. B) digital certificates. C) VPN. D) FTP.
Answer: D Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 57) An intrusion detection system can perform all of the following functions except: A) examining network traffic. B) setting off an alarm when suspicious activity is detected. C) checking network traffic to see if it matches certain patterns or preconfigured rules. D) blocking suspicious activity.
Answer: D Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 15 Copyright © 2019 Pearson Education, Inc. 56) All of the following are used for authentication except: A) digital signatures. B) certificates of authority. C) biometric devices. D) packet filters.
Answer: D Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 18 Copyright © 2019 Pearson Education, Inc. 66) What dimensions do digital signatures and hash digests add to public key cryptography and how do they work?
Answer: Digital signatures and hash digests can add authentication, nonrepudiation, and integrity when used with public key encryption. Encryption technology also allows for digital signatures and authentication. The sender encrypts the message yet again using their private key to produce a digital signature. To check the confidentiality of a message and ensure it has not been altered in transit, a hash function is used first to create a digest of the message. A hash function is an algorithm that produces a fixed-length number called a hash or message digest. To ensure the authenticity of the message and to ensure nonrepudiation, the sender encrypts the entire block of cipher text one more time using the sender's private key. This produces a digital signature or "signed" cipher text. The result of this double encryption is sent over the Internet to the recipient. Then, the recipient first uses the sender's public key to authenticate the message. Once authenticated, the recipient uses his or her private key to obtain the hash result and original message. As a final step, the recipient applies the same hash function to the original text and compares the result with the result sent by the sender. If the results are the same, the recipient now knows the message has not been changed during transmission. The message has integrity. Difficulty: Difficult AACSB: Analytical thinking; Information technology; Written and oral communication
85) Define and explain how EBPP systems work. Describe each of the main EBPP business models.
Answer: E
Learning Objective: 5.6: Describe the features and functionality of electronic billing presentment and payment systems. 25 Copyright © 2019 Pearson Education, Inc. 85) Define and explain how EBPP systems work. Describe each of the main EBPP business models.
Answer: EBPP refers to electronic billing presentment and payment systems, which are systems that enable the online delivery and payment of monthly bills. EBPP services allow consumers to view bills electronically using either their desktop PC or mobile device and pay them through electronic funds transfers from bank or credit card accounts. More and more companies are choosing to issue statements and bills electronically, rather than mailing out paper versions, especially for recurring bills such as utilities, insurance, and subscriptions. There are four main types of EBPP business models: online banking, biller-direct, mobile, and consolidator. The online banking model is the most widely used today. Consumers establish an online payment service with their banks and use it to pay bills as they come due or automatically make payments for, say, rent. The payments are made directly to the seller's bank account. This model has the advantage of convenience for the consumer because the payments are deducted automatically, usually with a notice from the bank or the merchant that their account has been debited. In the biller-direct model, consumers are sent bills by e-mail notification, and go to the merchant's website to make payments using their banking credentials. This model has the advantage of allowing the merchant to engage with the consumer by sending coupons or rewards. The biller-direct model is a two-step process, and less convenient for consumers. The mobile model allows consumers to make payments using mobile apps, once again relying on their bank credentials as the source of funds. Consumers are notified of a bill by text message and authorize the payment. An extension of this is the social-mobile model, where social networks like Facebook integrate payment into their messaging services. The mobile model has several advantages, not least of which is the convenience for consumers of paying bills while using their phones, but also the speed with which bills can be paid in a single step. This is the fastest growing form of EBPP. In 2016, Facebook and PayPal announced a deal in which Facebook users can pay for purchases on Facebook using PayPal. In 2017, Facebook Messenger can be used for P2P payments and payments to groups to pay for meals and other activities. Facebook is not charging for these transfers, and receives 97% of its Messenger revenue from advertising. In the consolidator model, a third party, such as a financial institution or a focused portal such as Intuit's Paytrust, Fiserv's MyCheckFree, Mint Bills, and others, aggregates all bills for consumers and permits one-stop bill payment. This model has the advantage of allowing consumers to see all their bills at one website or app. However, because bills come due at different times, consumers need to check their portals often. The consolidator model faces several challenges. For billers, using the consolidator model means an increased time lag between billing and payment, and inserts an intermediary between the company and its customer. Supporting these primary business models are infrastructure providers such as Fiserv, Yodlee, FIS Global, ACI Worldwide, MasterCard RPPS (Remote Payment and Presentment Service), and others that provide the software to create the EBPP system or handle billing and payment collection for the biller. Difficulty: Moderate AACSB: Analytical thinking; Information technology; Written and oral communication
sniffer is a type of eavesdropping program that monitors information traveling over a network. When used legitimately in a sniffing attack, hackers use sniffers to steal proprietary information from a network, including passwords, e-mail messages, company files, and confidential reports. A man-in-the-middle (MitM) attack also involves eavesdropping but is more active than a sniffing attack, which typically involves passive monitoring. In a MitM attack, the attacker can intercept communications between two parties who believe they are directly communicating with one another, when in fact the attacker is controlling the communications. and explain the various types of malicious code and how they work. Include the different types of viruses.
Answer: M
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 43) Discuss and explain the various types of malicious code and how they work. Include the different types of viruses.
Answer: Malicious code includes a variety of threats such as viruses, worms, Trojan horses, ransomware, and bot programs. A virus is a computer program that can replicate or make copies of itself and spread to other files. Viruses can range in severity from simple programs that display a message or graphic as a "joke" to more malevolent code that will destroy files or reformat the hard drive of a computer, causing programs to run incorrectly. Worms are designed to spread not only from file to file but from computer to computer and do not necessarily need to be activated in order to replicate. A Trojan horse is not itself a virus because it does not replicate but it is a method by which viruses or other malicious code can be introduced into a computer system. It appears benign and then suddenly does something harmful. For example, it may appear to be only a game and then it will steal passwords and mail them to another person. A backdoor is a feature of worms, viruses, and Trojans that allow attackers to remotely access compromised computers. Ransomware is a type of malware (often a worm) that locks your computer or files to stop you from accessing them. Bot programs are a type of malicious code that can be covertly installed on a computer when it is attached to the Internet. Once installed, the bot responds to external commands sent by the attacker, and many bots can be coordinated by a hacker into a botnet. Difficulty: Moderate AACSB: Analytical thinking; Information technology; Written and oral communication
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 17 Copyright © 2019 Pearson Education, Inc. 65) Explain the difference between symmetric key cryptography and public key cryptography. Which dimensions of e-commerce security does encryption address?
Answer: Symmetric key cryptography involves the use of a secret cipher that transforms plain text into cipher text. Both the sender and the receiver use the same key to encrypt and decrypt the message. The possibilities for simple substitution and transposition ciphers are endless, but there are several flaws in these types of systems that make them inadequate for use today. First, for the sender and the receiver to have the same key, it must be sent over a communication medium that is insecure or they must meet in person to exchange the key. If the secret key is lost or stolen, the encryption system fails. This method can be used effectively for data storage protection, but is less convenient for e-mail since the correspondents must pass the secret key to one another over another secure medium prior to commencing the communication. Second, in the digital age, computers are so fast and powerful that these ancient encryption techniques can be quickly and easily broken. Modern digital encryption systems must use keys with between 56 and 512 binary digits to ensure that decryption would be unlikely. Third, for commercial use on an e-commerce site each of the parties in a transaction would need a secret key. In a population of millions of Internet users, thousands of millions of keys would be needed to accommodate all e-commerce customers. Public key cryptography solves the problem of exchanging keys. In this method every user has a pair of numeric keys: private and public. The public key is not secret; on the contrary, it is supposed to be disseminated widely. Public keys may be published in company catalogs or on online. The public key is used by outside parties to encrypt the messages addressed to you. The private or secret key is used by the recipient to decipher incoming messages. The main advantage of a public key cryptographic system is its ability to begin secure correspondence over the Internet without prior exchanging of the keys and, therefore, without the need for a meeting in person or using conventional carriers for key exchange. Encryption can provide four of the six key dimensions of e-commerce security. It can provide assurance that the message has not been altered (integrity), prevent the user from denying that he/she has sent the message (nonrepudiation), provide verification of the identity of the message (authentication), and give assurance that the message has not been read by others (confidentiality). Difficulty: Moderate AACSB: Analytical thinking; Information technology; Written and oral communication
63) SSL/TLS cannot provide irrefutability.
Answer: T
8) Typically, the more security measures added to an e-commerce site, the slower and more difficult it becomes to use.
Answer: T
ALSE -by download is malware that comes with a downloaded file that a user intentionally or unintentionally requests.
Answer: T
ALSE s a finite number of Bitcoins that can be created.
Answer: T
ALSE y is an example of ransomware.
Answer: T
RUE 39) Changeup is an example of a software vulnerability.
Answer: T
RUE 64) The easiest and least expensive way to prevent threats to system integrity is to install anti- virus software.
Answer: T
RUE how an online credit card transaction works, identifying the parties involved and describing how SSL/TLS is involved. What are the limitations of online credit card payment systems?
Answer: T
RUE the Internet of Things (IoT) and what security issues and challenges does it raise?
Answer: T
RUE ay uses near field communication (NFC) chips.
Answer: T
RUE g is the attempt to hide a hacker's true identity by using someone else's e-mail or IP address.
Answer: T
RUE n horse appears to be benign, but then does something other than expected.
Answer: T
he Internet of Things (IoT) involves the use of the Internet to connect a wide variety of sensors, devices, and machines, and is powering the development of a multitude of smart connected things, such as home electronics (smart TVs, thermostats, home security systems, and more). IoT also includes connected cars, medical devices and industrial equipment that supports manufacturing, energy, transportation, and other industrial sectors. Unfortunately, IoT raises a host of security issues similar to existing security challenges, but even more challenging, given the need to deal with a wider range of devices, operating in a less controlled, and global environment. In a world of connected things, the devices, the data produced and used by the devices, and the systems and applications supported by those devices, can all potentially be attacked. For instance, many IoT devices, such as sensors, are intended to be deployed on a much greater scale than traditional Internet-connected devices, creating a vast quantity of interconnected links that can be exploited. Existing tools, methods, and strategies need to be developed to deal with this unprecedented scale. Many instances of IoT consist of collections of identical devices that all have the same characteristics, which magnifies the potential impact of security vulnerabilities. Many IoT devices are anticipated to have a much longer service life than typical equipment, which raises the possibility that devices may "outlive" manufacturer, leaving them without long- term support that creates persistent vulnerabilities. Many IoT devices are intentionally designed without the ability to be upgraded, or the upgrade process is difficult, which raises the possibility that vulnerable devices cannot or will not be fixed, leaving them perpetually vulnerable. Many IoT devices do not provide the user with visibility into the workings of the device or the data being produced, nor alert the user when a security problem arises, so users may believe an IoT device is functioning as intended when in fact, it may be performing in a malicious manner. Finally, some IoT devices, such as sensors, are unobtrusively embedded in the environment such that a user may not even be aware of the device, so a security breach might persist for a long time before being noticed. 41) Discuss the Great Cannon. Who developed it, how has it been used, and how does it differ from the Great Firewall?
Answer: T
igital signatures and hash digests can add authentication, nonrepudiation, and integrity when used with public key encryption. Encryption technology also allows for digital signatures and authentication. The sender encrypts the message yet again using their private key to produce a digital signature. To check the confidentiality of a message and ensure it has not been altered in transit, a hash function is used first to create a digest of the message. A hash function is an algorithm that produces a fixed-length number called a hash or message digest. To ensure the authenticity of the message and to ensure nonrepudiation, the sender encrypts the entire block of cipher text one more time using the sender's private key. This produces a digital signature or "signed" cipher text. The result of this double encryption is sent over the Internet to the recipient. Then, the recipient first uses the sender's public key to authenticate the message. Once authenticated, the recipient uses his or her private key to obtain the hash result and original message. As a final step, the recipient applies the same hash function to the original text and compares the result with the result sent by the sender. If the results are the same, the recipient now knows the message has not been changed during transmission. The message has integrity. 67) Discuss the security of communications channels. Include definitions and explanations for the terms Secure Sockets Layer/Transport Layer Security (SSL/TLS), secure negotiated session, session key, and VPN.
Answer: T
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 38) A drive-by download is malware that comes with a downloaded file that a user intentionally or unintentionally requests.
Answer: TRUE Difficulty: Difficult AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 63) SSL/TLS cannot provide irrefutability.
Answer: TRUE Difficulty: Difficult AACSB: Information technology
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today. 79) PayPal is the most popular alternative payment method in the United States.
Answer: TRUE Difficulty: Easy AACSB: Application of knowledge
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the key dimensions of e-commerce security, and the tension between security and other values. 3 Copyright © 2019 Pearson Education, Inc. 8) Typically, the more security measures added to an e-commerce site, the slower and more difficult it becomes to use.
Answer: TRUE Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 33) A Trojan horse appears to be benign, but then does something other than expected.
Answer: TRUE Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 10 Copyright © 2019 Pearson Education, Inc. 39) Changeup is an example of a software vulnerability.
Answer: TRUE Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 9 Copyright © 2019 Pearson Education, Inc. 32) The Internet Advertising Bureau has urged advertisers to abandon Adobe Flash in favor of HTML5.
Answer: TRUE Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 35) WannaCry is an example of ransomware.
Answer: TRUE Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications channels and protect networks, servers, and clients. 64) The easiest and least expensive way to prevent threats to system integrity is to install anti- virus software.
Answer: TRUE Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today. 82) There is a finite number of Bitcoins that can be created.
Answer: TRUE Difficulty: Moderate AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 11 Copyright © 2019 Pearson Education, Inc. 41) Discuss the Great Cannon. Who developed it, how has it been used, and how does it differ from the Great Firewall?
Answer: The Great Cannon is the nickname given by researchers to a tool believed to be developed by China that was used to launch a major DDoS attack in 2015 against the software development platform GitHub, aimed specifically at two Chinese anti-censorship projects hosted on the platform. Although originally thought to be part of the Great Firewall, which is a system developed by China that allows it to censor Internet traffic, further investigation revealed that the Great Cannon appears to be a separate distinct offensive system that is co-located with the Great Firewall. The Great Cannon enables hackers to hijack traffic to individual IP addresses and uses a man-in-the-middle attack to replace unencrypted content between a web server and the user with malicious JavaScript that would load the two GitHub project pages every two seconds. Difficulty: Moderate AACSB: Analytical thinking; Information technology; Written and oral communication
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment. 40) What is the Internet of Things (IoT) and what security issues and challenges does it raise?
Answer: The Internet of Things (IoT) involves the use of the Internet to connect a wide variety of sensors, devices, and machines, and is powering the development of a multitude of smart connected things, such as home electronics (smart TVs, thermostats, home security systems, and more). IoT also includes connected cars, medical devices and industrial equipment that supports manufacturing, energy, transportation, and other industrial sectors. Unfortunately, IoT raises a host of security issues similar to existing security challenges, but even more challenging, given the need to deal with a wider range of devices, operating in a less controlled, and global environment. In a world of connected things, the devices, the data produced and used by the devices, and the systems and applications supported by those devices, can all potentially be attacked. For instance, many IoT devices, such as sensors, are intended to be deployed on a much greater scale than traditional Internet-connected devices, creating a vast quantity of interconnected links that can be exploited. Existing tools, methods, and strategies need to be developed to deal with this unprecedented scale. Many instances of IoT consist of collections of identical devices that all have the same characteristics, which magnifies the potential impact of security vulnerabilities. Many IoT devices are anticipated to have a much longer service life than typical equipment, which raises the possibility that devices may "outlive" manufacturer, leaving them without long- term support that creates persistent vulnerabilities. Many IoT devices are intentionally designed without the ability to be upgraded, or the upgrade process is difficult, which raises the possibility that vulnerable devices cannot or will not be fixed, leaving them perpetually vulnerable. Many IoT devices do not provide the user with visibility into the workings of the device or the data being produced, nor alert the user when a security problem arises, so users may believe an IoT device is functioning as intended when in fact, it may be performing in a malicious manner. Finally, some IoT devices, such as sensors, are unobtrusively embedded in the environment such that a user may not even be aware of the device, so a security breach might persist for a long time before being noticed. Difficulty: Moderate AACSB: Analytical thinking; Information technology; Written and oral communication
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today. 83) Explain how an online credit card transaction works, identifying the parties involved and describing how SSL/TLS is involved. What are the limitations of online credit card payment systems?
Answer: The five parties involved in a credit card transaction are the consumer, the merchant, the clearinghouse, the merchant bank (acquiring bank), and the consumer's card issuing bank. The basic payment transaction process works like this: The consumer first makes an online payment by sending his or her credit card information via an online form at the merchant's website. Once this information is received by the merchant, the merchant software contacts a clearinghouse (a financial intermediary that authenticates credit cards and verifies account balances). The clearinghouse contacts the card issuing bank to verify the account information. Once verified, the issuing bank credits the account of the merchant at the merchant's bank. The debit to the consumer account is transmitted to the consumer in a monthly statement. SSL is involved in sending the consumer's credit card information safely to the merchant's website. When the consumer checks out using the merchant's shopping cart software, a secure tunnel through the Internet is created using SSL/TLS. Using encryption, SSL/TSL secures the session during which credit card information will be sent to the merchant and protects the information from interlopers on the Internet. There are a number of limitations to the existing credit card payment system, most importantly involving security, merchant risk, cost, and social equity. The security of the transaction is very poor because neither the merchant nor the consumer can be fully authenticated. The risks merchants face is high. Banks think of Internet credit card orders as the same type of transactions as mail orders or telephone orders. In these transactions, the credit card is not present. There is no way for the merchant to verify the legitimacy of the customer's card or identity before confirming the order. In these transactions, the merchant carries all the risk for fraudulent credit card use. Consumers can disclaim charges even though the items have already been shipped. Merchants also must pay significant charges. These high costs make it unprofitable to sell small items such as individual articles or music tracks over the Internet. Furthermore, credit cards are not very democratic. Millions of young adults and other adult Americans who cannot afford credit cards or who have low incomes and are, therefore, considered poor credit risks cannot participate in e-commerce as it is presently structured in the United States. Difficulty: Moderate AACSB: Analytical thinking; Information technology; Written and oral communication