Chapter 5
62) Which of the following is the most common protocol for securing a digital channel of communication? A) DES B) SSL/TLS C) VPN D) HTTP
SSL/TLS
17) Which of the following is the leading cause of data breaches? A) theft of a computer B) accidental disclosures C) hackers D) DDoS attacks
hackers
29) FREAK is an example of which of the following? A) mobile malware B) software vulnerability C) botnet D) Trojan horse
software vulnerability
20) What is the most frequent cause of stolen credit cards and card information today? A) lost cards B) the hacking and looting of corporate servers storing credit card information C) sniffing programs D) phishing attacks
the hacking and looting of corporate servers storing credit card information
16) Conficker is an example of a: A) virus. B) worm. C) Trojan horse. D) botnet.
worm
16) Slammer is an example of which of the following? A) virus B) worm C) Trojan horse D) botnet
worm
6) Which of the following is an example of an online privacy violation? A) your e-mail being read by a hacker B) your online purchasing history being sold to other merchants without your consent C) your computer being used as part of a botnet D) your e-mail being altered by a hacker
your online purchasing history being sold to other merchants without your consent
47) The Data Encryption Standard uses a(n) ________-bit key. A) 8 B) 56 C) 256 D) 512
56
70) Which of the following statements about blockchain is not true? A) A blockchain system is composed of a distributed network of computers. B) A blockchain system is inherently centralized. C) A blockchain system is a transaction processing system. D) Cryptocurrencies are based on blockchain technology.
A blockchain system is inherently centralized.
13) Which of the following has the Internet Advertising Bureau urged advertisers to abandon? A) HTML B) HTML5 C) Adobe Flash D) Adobe Acrobat
Adobe Flash
10) All of the following experienced high-profile data breaches in 2014 except: A) eBay. B) Home Depot. C) Amazon. D) Sony.
Amazon
4) Which of the following is an example of an integrity violation of e-commerce security? A) A Web site is not actually operated by the entity the customer believes it to be. B) A merchant uses customer information in a manner not intended by the customer. C) A customer denies that he or she is the person who placed the order. D) An unauthorized person intercepts an online communication and changes its contents.
An unauthorized person intercepts an online communication and changes its contents.
60) Which of the following statements is not true? A) Apple's Touch ID stores a user's actual fingerprint. B) Biometric devices reduce the opportunity for spoofing. C) A retina scan is an example of a biometric device. D) Biometric data stored on an iPhone is encrypted.
Apple's Touch ID stores a user's actual fingerprint.
3) ________ refers to the ability to identify the person or entity with whom you are dealing on the Internet. A) Nonrepudiation B) Authenticity C) Availability D) Integrity
Authenticity
5) ________ refers to the ability to ensure that an e-commerce site continues to function as intended. A) Nonrepudiation B) Authenticity C) Availability D) Integrity
Availability
23) The attack against Dyn servers is an example of a(n): A) SQL injection attack. B) Browser parasite. C) DDoS attack. D) MitM attack.
DDoS attack.
75) Which of the following is not a major trend in e-commerce payments in 2015-2016? A) Mobile retail payment volume decreases. B) PayPal remains the most popular alternative payment method. C) Apple introduces Apple Pay. D) Payment by credit and/or debit card remains the dominant form of online payment.
Mobile retail payment volume decreases.
2) ________ refers to the ability to ensure that e-commerce participants do not deny their online actions. A) Nonrepudiation B) Authenticity C) Availability D) Integrity
Nonrepudiation
74) Which of the following is not a major trend in e-commerce payments in 2020-2021? A) Online payment volume decreases due to the Covid-19 pandemic. B) PayPal remains the most popular alternative payment method. C) Large banks enter the mobile wallet and P2P payments market. D) Payment by credit and/or debit card remains the dominant form of online payment.
Online payment volume decreases due to the Covid-19 pandemic.
50) All of the following statements about PKI are true except: A) The term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties. B) PKI is not effective against insiders who have a legitimate access to corporate systems including customer information. C) PKI guarantees that the verifying computer of the merchant is secure. D) The acronym PKI stands for public key infrastructure.
PKI guarantees that the verifying computer of the merchant is secure.
68) What is the first step in developing an e-commerce security plan? A) Create a security organization. B) Develop a security policy. C) Perform a risk assessment. D) Perform a security audit.
Perform a risk assessment.
23) Zeus is an example of which of the following? A) SQL injection attack B) browser parasite C) DDoS attack D) Trojan horse/botnet
Trojan horse/botnet
49) Which of the following is the current standard used to protect Wi-Fi networks? A) WEP B) TLS C) WPA2 D) WPA3
WPA2
78) All of the following are examples of cryptocurrencies except: A) Ethereum. B) Ripple. C) Zelle. D) Monero.
Zelle
19) In 2014, Sony experienced which of the following? A) a high-profile data breach B) a DDoS attack that shut down its Web site C) a hacktivist attack to protest its employment policies D) a browser parasite
a high-profile data breach
52) Which of the following dimensions of e-commerce security is not provided for by encryption? A) confidentiality B) availability C) message integrity D) nonrepudiation
availability
61) A fingerprint scan is an example of which of the following? A) biometrics B) encryption C) IDS D) firewall
biometrics
57) An intrusion detection system can perform all of the following functions except: A) examining network traffic. B) setting off an alarm when suspicious activity is detected. C) checking network traffic to see if it matches certain patterns or preconfigured rules. D) blocking suspicious activity.
blocking suspicious activity.
24) Beebone is an example of which of the following? A) worm B) botnet C) phishing D) hacktivism
botnet
24) Rustock is an example of which of the following? A) worm B) botnet C) phishing D) hacktivism
botnet
14) Accessing data without authorization on Dropbox is an example of which of the following? A) social network security issue B) cloud security issue C) mobile platform security issue D) sniffing
cloud security issue
83) Mint Bills is an example of which of the following EBPP business models? A) biller-direct B) online banking C) consolidator D) mobile
consolidator
76) All of the following are limitations of the existing online credit card payment system except: A) poor security. B) cost to consumers. C) cost to merchant. D) social equity.
cost to consumers.
13) Which of the following is a brute force attack which hackers launch via botnets and automated tools using known user name and password combinations? A) credential stuffing B) phishing C) pharming D) MitM attack
credential stuffing
8) Which of the following is not a key factor for establishing e-commerce security? A) data integrity B) technology C) organizational policies D) laws and industry standards
data integrity
30) According to Ponemon Institute's 2015 survey, which of the following was not among the causes of the most costly cybercrimes? A) malicious insiders B) malicious code C) denial of service D) botnets
denial of service
25) Malware that comes with a downloaded file that a user requests is called a: A) Trojan horse. B) backdoor. C) drive-by download. D) PUP.
drive-by download.
21) Which dimension(s) of security is spoofing a threat to? A) integrity B) availability C) integrity and authenticity D) availability and integrity
integrity and authenticity
46) All of the following are features of WPA3 except: A) it implements a more robust key exchange protocol. B) it enables the creation of a VPN. C) it provides a more secure way to connect IoT devices. D) it features expanded encryption for public networks.
it enables the creation of a VPN.
12) The overall rate of online credit card fraud is ________ of all online card transactions. A) less than 1% B) around 5% C) around 10% D) around 15%
less than 1%
73) PayPal is an example of what type of payment system? A) online stored value payment system B) digital checking system C) accumulating balance system D) digital credit card system
online stored value payment system
56) All of the following are used for authentication except: A) digital signatures. B) certificates of authority. C) biometric devices. D) packet filters.
packet filters.
1) Confidentiality is sometimes confused with: A) privacy. B) authenticity. C) integrity. D) nonrepudiation.
privacy
42) Asymmetric key cryptography is also known as: A) public key cryptography. B) secret key cryptography. C) PGP. D) PKI.
public key cryptography.
18) Software that is used to obtain private user information such as a user's keystrokes or copies of e-mail is referred to as: A) spyware. B) a backdoor. C) browser parasite. D) adware.
spyware
51) A digital certificate contains all of the following except the: A) subject's private key. B) subject's public key. C) digital signature of the certification authority. D) digital certificate serial number.
subject's private key.
74) PCI-DSS is a standard established by which of the following? A) the banking industry B) the credit card industry C) the federal government D) the retail industry
the credit card industry
77) Linden Dollars, created for use in Second Life, are an example of: A) digital cash. B) virtual currency. C) EBPP. D) peer-to-peer payment systems.
virtual currency.
71) All of the following are examples of social/mobile peer-to-peer payment systems except: A) Venmo. B) Bill Me Later. C) Square Cash. D) Google Wallet.
Bill Me Later.
59) Which of the following statements is not true? A) A VPN provides both confidentiality and integrity. B) A VPN uses both authentication and encryption. C) A VPN uses a dedicated secure line. D) The primary use of VPNs is to establish secure communications among business partners.
A VPN uses a dedicated secure line.
12) Which of the following statements about data breaches in 2019 is not true? A) According to the Identity Theft Resource Center, the number of breaches in 2019 increased by 17% from 2018. B) According to the Identity Theft Resource Center, the breaches exposed almost 165 million sensitive records, such as social security numbers and financial account data. C) According to the Identity Theft Resource Center, employee error was the leading cause of data breaches. D) According to the Identity Theft Resource Center, data breaches involving the business sector represented about 44% of all breaches.
According to the Identity Theft Resource Center, employee error was the leading cause of data breaches.
72) All of the following statements about Apple Pay are true except which of the following? A) Apple Pay is available for both iPhone 5s and iPhone 6s. B) Apple Pay is based on Touch ID biometric fingerprint scanning. C) Apple Pay can be used for mobile payments at the point of sale at a physical store. D) Apple Pay relies on NFC chip technology.
Apple Pay is available for both iPhone 5s and iPhone 6s.
76) Which of the following statements about Bitcoin is not true? A) The computational power required to mine Bitcoins has increased over time. B) Bitcoins are completely secure. C) Bitcoins are illegal in some countries. D) Bitcoin mining uses more energy than the entire amount consumed by Switzerland.
Bitcoins are completely secure.
7) ________ refers to the ability to ensure that messages and data are only available to those authorized to view them. A) Confidentiality B) Integrity C) Privacy D) Availability
Confidentiality
19) Which of the following technologies is aimed at reducing e-mail address spoofing and phishing? A) TLS B) WPA C) DMARC D) MFA
DMARC
34) Phishing attacks rely on browser parasites.
FALSE
35) Exploit kits can be purchased by users to protect their computers from malware.
FALSE
38) Vishing attacks exploit SMS messages.
FALSE
8) Typically, the more security measures added to an e-commerce site, the faster and easier it becomes to use.
FALSE
80) Bluetooth is the primary enabling technology for mobile wallets.
FALSE
81) Digital cash is legal tender that is instantly convertible into other forms of value without the intermediation of any third parties.
FALSE
31) ________ typically attack governments, organizations, and sometimes individuals for political purposes. A) Crackers B) White hats C) Grey hats D) Hacktivists
Hacktivists
15) All of the following are prominent hacktivist groups except: A) Anonymous. B) LulzSec. C) Impact Team. D) Avid Life.
Avid Life
53) All of the following are methods of securing channels of communication except: A) SSL/TLS. B) certificates. C) VPN. D) FTP.
FTP
46) All the following statements about symmetric key cryptography are true except: A) in symmetric key cryptography, both the sender and the receiver use the same key to encrypt and decrypt a message. B) the Data Encryption Standard is a symmetric key encryption system. C) symmetric key cryptography is computationally slower. D) symmetric key cryptography is a key element in digital envelopes.
symmetric key cryptography is computationally slower.
44) Next generation firewalls provide all of the following except: A) an application-centric approach to firewall control. B) the ability to identify applications regardless of the port, protocol, or security evasion tools used. C) the ability to automatically update applications with security patches. D) the ability to identify users regardless of the device or IP address.
the ability to automatically update applications with security patches.
78) Which of the following is a set of short-range wireless technologies used to share information among devices within about two inches of each other? A) DES B) NFC C) IM D) text messaging
NFC
27) Which of the following was designed to cripple Iranian nuclear centrifuges? A) Stuxnet B) Flame C) Snake D) Storm
Stuxnet
10) Typically, the more security measures added to an e-commerce site, the slower and more difficult it becomes to use.
TRUE
32) A worm does not need to be activated by a user in order for it to replicate itself.
TRUE
33) A Trojan horse appears to be benign, but then does something other than expected.
TRUE
33) WannaCry is an example of ransomware.
TRUE
35) CryptoLocker is an example of ransomware.
TRUE
36) Spoofing a Web site is a threat to the integrity of the Web site.
TRUE
37) Exploit kits are often rented or sold as a commercial product.
TRUE
39) ShellShock is an example of a software vulnerability.
TRUE
60) Most computers and mobile devices today have built-in encryption software that users can enable.
TRUE
63) SLS/TLS cannot provide irrefutability.
TRUE
64) The easiest and least expensive way to prevent threats to system integrity is to install anti-virus software.
TRUE
68) Zero trust is a cybersecurity framework based on the principle of maintaining strict access controls and not trusting anyone or anything by default, even those behind a corporate firewall.
TRUE
79) Zelle is an example of a P2P mobile payment app.
TRUE
80) Apple Pay uses near field communication (NFC) chips.
TRUE
82) There is a finite number of Bitcoins that can be created.
TRUE
84) According to the most recent Fiserv survey, 65% of consumers in the United States have used online bill payment.
TRUE
70) Which of the following statements is not true? A) A majority of states require companies that maintain personal data on their residents to publicly disclose when a security breach affecting those residents has occurred. B) The USA Patriot Act broadly expanded law enforcement's investigative and surveillance powers. C) The Cybersecurity Information Sharing Act is strongly supported by most large technology companies and privacy advocates. D) The Federal Trade Commission has asserted that it has authority over corporations' data security practices.
The Cybersecurity Information Sharing Act is strongly supported by most large technology companies and privacy advocates.
69) To allow lower-level employees access to the corporate network while preventing them from accessing private human resources documents, you would use: A) access controls. B) an authorization management system. C) security tokens. D) an authorization policy.
an authorization management system.
58) Face ID is an example of which of the following? A) biometrics B) encryption C) IDS D) firewall
biometrics
11) Bitcoins are an example of: A) digital cash. B) virtual currency. C) a stored value payment system. D) an EBPP system.
digital cash.
58) Which of the following is not an example of an access control? A) firewalls B) proxy servers C) digital signatures D) login passwords
digital signatures
26) Which of the following is not an example of a PUP? A) adware B) browser parasite C) drive-by download D) spyware
drive-by download
55) Proxy servers are also known as: A) firewalls. B) application gateways. C) dual home systems. D) packet filters.
dual home systems.
54) A ________ is hardware or software that acts as a filter to prevent unwanted packets from entering a network. A) firewall B) virtual private network C) proxy server D) PPTP
firewall
28) Automatically redirecting a Web link to a different address is an example of which of the following? A) sniffing B) social engineering C) pharming D) DDoS attack
pharming
48) All of the following statements about public key cryptography are true except: A) public key cryptography uses two mathematically related digital keys. B) public key cryptography ensures authentication of the sender. C) public key cryptography does not ensure message integrity. D) public key cryptography is based on the idea of irreversible mathematical functions.
public key cryptography ensures authentication of the sender.
45) Symmetric key cryptography is also known as: A) public key cryptography. B) secret (private) key cryptography. C) PGP. D) PKI.
secret (private) key cryptography.
22) Which of the following is not an example of malicious code? A) scareware B) Trojan horse C) bot D) sniffer
sniffer
