Management Science 590 - Chapter 05
Phishing attack rely on browser parasites.
False
Which dimension(s) of security is spoofing a threat to?
Integrity and Authenticity
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
Protocols that secure communications between the client and the server
Which of the following is not an example of malicious code? Spyware Trojan Horse Bot Sniffer
Sniffer
FREAK is an example of which of the following? Mobile malware Software vulernability Botnet Trojan horse
Software vulnerability
What happens when a sniffing attack is used legitimately?
Used to steal proprietary information from a network, including passwords, e-mail messages, company files, and confidential reports.
Linden Dollars, created for use in Second Life, are an example of:
Virtual Currency
What is the current standard used to protect Wi-Fi networks?
WPA2
An unauthorized person intercepts an online communication and changes its contents is a violation of what?
E-Commerce security
Which of the following is the leading cause of data breaches? Theft of a computer Accidental disclosures Hackers DDoS attacks
Hackers
Typically attacks governments, organizations, and sometimes individuals for political purposes.
Hacktivists
What is a sniffing attack?
It is a type of eavesdropping program that monitors information traveling over a network.
Why is it difficult to accurately estimate the actual amount of cybercrime?
It is difficult to accurately estimate the actual amount of cybercrime in part because many companies are hesitant to report it due to a fear of losing the trust of their customers, and because even if crime is reported, it may be difficult to quantify the actual dollar amount of the loss.
Trojan Horse
It is not itself a virus because it does not replicate but it is a method by which viruses or other malicious code can be introduced into a computer system. It appears benign and then suddenly does something harmful.
A worm does not need to be activated by a user in order for it to replace itself.
True
Public Key Encryption
Two mathematically related digital keys are used: a public key and a private key. The private key is kept secret by the owner, and the public key is widely disseminated. Both keys can be used to encrypt and decrypt a message. However, once the keys are used to encrypt a message, that same key cannot be used to unencrypt the message
Bot programs
Type of malicious code that can be covertly installed on a computer when it is attached to the Internet. Once installed, the bot responds to external commands sent by the attacker, and many bots can be coordinated by a hacker into a botnet.
Confidentiality is sometimes confused with what?
Privacy
Software that is used to obtain private user information such as a user's keystrokes or copies of e-mail is:
Spyware
How does the Great Cannon allow hackers to do?
To hijack traffic to individual IP addresses and uses a man-in-the-middle attack to replace unencrypted content between a Web server and the user with malicious Javascript that would load the two GitHub project pages every two seconds.
What is not a limitation of the existing online credit card payment system?
Cost to Consumers
According to Ponemon Institute's 2015 survey, which of the following was not among the causes of the most costly cybercrimes? Malicious insiders Malicious code Denial of Service Botnets
Denial of Service
Worms
Designed to spread not only from file to file but from computer to computer and do not necessarily need to be activated in order to replicate.
Internet of Things (IoT)
Involves the use of the Internet to connect a wide variety of sensors, devices, and machines, and is powering the development of a multitude of smart connected things, such as home electronics (smartTVs, thermostats, home security systems, and more), connected cars, medical devices and industrial equipment that supports manufacturing, energy, transportation, and other industrial sectors.
What can SSL/TLS not provide?
Irrefutability
VPN (Virtual Private Network)
Is a network that is constructed using public wires — usually the Internet — to connect to a private network, such as a company's internal network. There are a number of systems that enable you to create networks using the Internet as the medium for transporting data.
Transmission Control Protocol/Internet Protocol (TCP/IP)
Is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet).
How does a sniffing attack differ from a MitM attack?
It also involves eavesdropping but is more active, and also involves passive monitoring. the attacker is able to intercept communications between two parties who believe they are directly communicating with one another, when in fact the attacker is controlling the communications.
Malicious Code
It includes a variety of threats such as viruses, worms, Trojan horses, ransomware, and bot programs
All of the following statements about public key cryptography are true except: Public key cryptography uses two mathematically related digital keys. Public key cryptography ensures authentication of the sender. Public key cryptography does not ensure message integrity. Public key cryptography is based on the idea of irreversible mathematical functions.
Public key cryptography ensures authentication of the sender.
Which of the following is the most common protocol for security a digital channel of communication? DES SSL/TLS VPN HHTP
SSL/TLS
Symmetric key cryptography is also know as:
Secret Key Cryptography
CryptoLocker is an example of ransomware.
True
Exploit kits are often rented or sold as a commercial product.
True
PayPal is the most popular alternative payment method in the United States.
True
SLS/TLS cannot provide irrefutability.
True
SSL/TLS addresses the threat of authenticity by allowing users to verify another user's identify or the identity of a server.
True
ShellShock is an example of a software vulnerability.
True
Spoofing a Web site is a thread to the integrity of the Web site.
True
The easiest and least expensive way to prevent threats to system integrity is to install antivirus software.
True
There is a finite number of Bitcoins that can be created.
True
Bitcoins are an example of:
digital cash
The overall rate of online credit card fraud is ________ of all online card transactions.
less than 1%
Secure Negotiated Session
A client-server session in which the URL of the requested document, along with the contents, contents of forms, and the cookies exchanged, are encrypted
Which of the following has the Internet Advertising Bureau urged advertisers to abandon? HTML HTML5 Adobe Flash Adobe Acrobat
Adobe Flash
Ransomware
Also known as scareware, is a type of malware (often a worm) that locks your computer or files to stop you from accessing them.
All of the following experienced high-profile data breaches in 2014 except: eBay Home Depot Amazon Sony
Amazon
Refers to the ability to identify the person or entity with whom you are dealing on the Internet.
Authenticity
Refers to the ability to ensure that an e-commerce site continues to function as intended.
Availability
All of the following are prominent hacktivist groups except: Anonymous LulzSec Impact Team Avid Life
Avid Life
Symmetric Key Encryption
Both the sender and the receiver use the same key to encrypt and decrypt the message
To allow lower-level employees access to the corporate network while preventing them from accessing private human resources documents, you would use:
An authorization management system.
Virus
A computer program that can replicate or make copies of itself and spread to other files. They can range in severity from simple programs that display a message or graphic as a "joke" to more malevolent code that will destroy files or reformat the hard drive of a computer, causing programs to run incorrectly.
SSL/TLS will be used to establish what type of session?
A secure negotiated session.
What is the main Pro and Con of Symmetric Key Encryption?
Can be used effectively for data storage protection, but is less convenient for e-mail since the correspondents have to pass the secret key to one another over another secure medium prior to commencing the communications.
How many dimensions of e-commerce security does encryption address?
Can provide four of the six dimensions. Integrity, Nonrepudiation, Authentication, and Confidentiality.
Bill Me Later is an example of social/mobile peer-to-peer payment systems.
False
Vishing attacks exploit SMS messages.
False
Which of the following was designed to cripple Iranian nuclear centrifuges? Stuxnet Flame Snake Storm
Stuxnet
All the following statements about symmetric key cryptography are true except: In symmetric key cryptography, both the sender and the receiver use the same key to encrypt and decrypt a message. The Data Encryption Standard is symmetric key encryption system. Symmetric key cryptography is computationally slower. Symmetric key cryptography is a key element in digital envelopes.
Symmetric key cryptography is computationally slower.
Slammer is an example of which of the following? Virus Worm Trojan Horse Botnet
Worm
Session Key
A unique symmetric encryp-tion key chosen for a single secure session
Rustock is an example of which of the following? Worm Botnet Phishing Hacktivism
Botnet
Accessing data without authorization on Dropbox is an example of what?
Cloud Security Issue
Refers to the ability to ensure that messages and data are only available to those authorized to view them.
Confidentiality
Apple Pay uses near field communication (NFC) chips.
True
Security issues for the Internet of Things.
- Many IoT devices, such as sensors, are intended to be deployed on a much greater scale than traditional Internet-connected devices, creating a vast quantity of interconnected links that can be exploited. - Existing tools, methods, and strategies need to be developed to deal with this unprecedented scale. - Many instances of IoT consist of collections of identical devices, which magnifies the potential impact of security vulnerabilities. - Many IoT devices are anticipated to have a much longer service life than typical equipment. - Many IoT devices are intentionally designed without the ability to be upgraded. - Many IoT devices do not provide the user with visibility into the workings of the device or the data being produced, nor alert the user when a security problem arises. - Some IoT devices, such as sensors, are unobtrusively embedded in the environment such that a user may not even be aware of the device
The Data Encryption Standard uses a(n) __________-bit key.
56
Malware that comes with a download file that a user requests is called a:
Drive-by Download
What is not a major trend in e-commerce payments in 2015-2016?
Mobile retail payment volume decreases.
In 2014, online bill payment accounted for ________ of all bill payments, while paper checks accounted for ________.
More than 50%; Less than 25%
Which of the following is a set of short-range wireless technologies used to share information among devices within about two inches of each other? DES NFC IM Text Messaging
NFC -> Near Field Communication
Refers to the ability to ensure that e-commerce participants do not deny their online actions.
Nonrepudiation
PayPal is what type of payment system?
Online stored value payment system.
The Internet and VPNs can be used to significantly reduce what?
The cost of secure communications.
What is the most frequent cause of stole credit cards and card information today?
The hacking and looting of corporate servers storing credit card information.
What dimensions do digital signatures and hash digests add to public key cryptography?
Digital signatures and has digests can add authentication, nonrepudiation, and integrity when used with public key encryption. Encryption technology also allows for digital signatures and authentication. The sender encrypts the message yet again using their private key to produce a digital signature.
Which of the following is not an example of a Potentially Unwanted Programs (PUP)? Adware Browser parasite Drive-by download Spyware
Drive-by Download
Apple Pay is available for both iPhone 5s and iPhone 6s.
False
The Cybersecurity Information Sharing Act is strongly supported by most large technology companies and privacy advocates.
False
Typically, the more security measures added to an e-commerce site, the faster and easier it becomes to use.
False
Backdoor
Feature of worms, viruses, and Trojans that allow attackers to remotely access compromised computers.
Online purchasing history being sold to other merchants without your content is an example of what?
Online privacy violation
The credit card industry establishes what type of standard?
PCI-DSS -> Payment Card Industry Data Security Standard
What is the first step in developing an e-commerce security plan?
Perform a risk assessment.
Automatically redirecting a Web link to a different address is an example of which of the following? Sniffing Social engineering Pharming DDoS attack
Pharming
While SSL/TLS provides secure transactions between merchant and consumer, what can it only guarantee?
Server-side authentication.
Next generation firewalls provide all the following except: An application-centric approach to firewall control. The ability to identify applications regardless of the port, protocol, or security evasion tools used. The ability to automatically update applications with security patches. The ability to identify users regardless of the device or IP address.
The ability to automatically update applications with security patches.
All of the following statements about PKI are true except: The term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties. PKI is not effective against insiders who have a legitimate access to corporate systems including customer information. PKI guarantees that the verifying computer of the merchant is secure. The acronym PKI stands for public key infrastructure.
The acronym PKI stands for public key infrastructure.
What are VPNs primarily used for?
Transactions between partners because dedicated connections can be very expensive.
Zeus is an example of which of the following? SQL injection attack Browser parasite DDoS attack Trojan horse/botnet
Trojan horse/botnet
A Trojan horse appears to be benign, but then does something other than expected.
True
A fingerprint scan is considered biometircs.
True
Digital cash is legal tender that is instantly convertible into other forms of value without the intermediation of any third parties.
False
What is the Great Cannon, who developed it, and how has it been used?
The nickname given by researchers to a tool believed to be developed by China that was used to launch a major DDoS attack in March 2015 against the software development platform GitHub, aimed specifically at two Chinese anti-censorship projects hosted on the platform.
In 2014, Sony experienced which of the following? High-profile data breach DDoS attack that shut down its web site Hacktivist attack to protest employment policies Browser parasite
High-profile data breach
What is the main advantage of public key encryption?
It has the ability to begin secure correspondence over the Internet without prior exchanging of the keys and, therefore, without the need for a meeting in person or using conventional carriers for key exchange.