IS 194 Test 2

Ace your homework & exams now with Quizwiz!

An intrusion detection system can perform all of the following functions except:

Blocking suspicious activity

Symmetric Key Encryption

Both sender and receiver use same key to encrypt and decrypt the message

Rustock is an example of which of the following?

Botnet

. Most of the world's spam is delivered via which of the following?

Botnets

PKI (public key infrastructure)

CAs and digital certificate procedures that are accepted by all parties

Which of the following technologies could you use to place the content of your Web site in a database so that you can then dynamically generate requests for pages? -Apache web server -proxy server -shopping cart -CMS

CMS

Replicated Database

Central database duplicated in entirety at different locations

Which of the following countries has been found to have engaged in cyberespionage against Google?

China

Secure negotiated session

Client-server session in which URL of the requested doc, along with contents, contents of forms and cookies exchanged are encrypted

Advantages of dynamic page generation include all of the following except: a) lowered menu costs b)market segmentation c) nearly cost-free price discrimination d) client-side execution of programming

Client-side execution of programming

Virus

Computer program that has the ability to replicate itself and spread to other files

________ refers to the ability to ensure that messages and data are only available to those authorized to view them

Confidentiality

Dynamic Page generation

Contents of page are stored as objects in a database, rather than being hard coded in HTML. When user requests a web page, contents for that peg are fetched from database

The primary way a Web site is able to personalize the content presented to a visitor is through the use of:

Cookies nom

All of the following are limitations of the existing online credit card payment system except: . poor security. . cost to consumers. . cost to merchant. . social equity.

Cost to consumers

All of the following are basic information requirements for a product database except: .product descriptions .stock numbers .customer ID numbers .inventory levels

Customer ID number

Information

Data processed to increase knowledge in the person using the data

Problems with traditional file environment (maintained separately by different departments)

Data redundancy Data inconsistency Program-data dependence (change program requires change in data) Lack of flexibility Poor security Lack of data sharing and availability

The cost of hardware, software, and telecommunications services needed to build a Web site have ________ over the last decade.

Decreased drastically

Database Administration

Defining, organizing, implementing, maintaining database; performed by database design and management group

System Design Specification

Description of the main components in a system and relationship to one another

Worm

Designed to spread from computer to computer

Open Source Software

Developed by community of programmers and designers and free to use and modify

Which of the following is not an example of an access control? . firewalls . proxy servers . digital signatures . login passwords

Digital signatures

The structure of a market is described in terms of:

Direct competition, suppliers and substitute products

Which of the following is not an example of a PUP? . adware . browser parasite . drive-by download . spyware

Drive-by download

Proxy servers are also known as

Dual-home Systems

Two-tier Architecture

E-commerce system in which a web server responds to requests for web pages and a database server provides backend data storage

Attribute

Each characteristic, or quality, describing the entity (name, address, DL number)

Advantages of using web for database access

Ease of use of browser software Web interface requires few or no changes to database Inexpensive to add web interface to system

Form

Efficient way to capture data, imply entities, attributes and relationships

Horizontal Scaling

Employing multiple computers to share the workload

Components of Databases

Entity Attribute Relationship

Relationships

Exist between entities One-to-one One-to-many Many-to-many

Text Mining

Extracts key elements from large, unstructured data sets (stored e-mails)

All of the following are methods of securing channels of communication except: A) SSL. B) S-HTTP. C) VPN. D) FTP.

FTP

Apache Web server software is based on Microsoft's Windows operating system.

False

Digital cash is legal tender that is instantly convertible into other forms of value without the intermediation of any third parties

False

One of the most important challenges in developing an e-commerce presence is understanding that the technology must drive the business. T/F

False

Phishing attacks rely on browser parasites

False

TLS does not guarantee server-side authentication

False

Backdoor

Feature of malware that allows attacker to remotely access a comprised computer

Hierarchy in Database

Field, Record, File, Database

Data Mining

Finds hidden patterns, relationships in large databases and infers rules to predict future behavior (discovery driven)

Data Administration

Firm function responsible for specific policies and procedures to manage data

Information Policy

Firm's rules, procedures, roles for sharing, managing, standardizing data

White Hats

Good hackers who help orbs locate and fix security flaws

Field

Group of characters as word(s) or umber

File

Group of records of same type

Record

Group of related fields

Grey hats

Hackers who believe they are pursuing good by breaking in and revealing system flaws

Firewall

Hardware or software that filters communication packets and prevents some packets from entering the network based on a security policy

Context

Helps us understand the data

Before new database is in place, need to:

Identify and correct faulty data Est. better routines for editing data once database in operation

Unstructured Data

Images, video, documents

Vertical Scaling

Increasing processing power of individual components

Information Requirements

Info elements that they system must produce in order to achier the business objectives

PUP (potentially unwanted program)

Installs itself on computer without user's informed consent

Which dimension(s) of security is spoofing a threat to?

Integrity and Authenticity

Database Management System (DBMS)

Interfaces between applications and physical data files Separates logical and physical views of data Solves problems of traditional file environment

JET (joint engine technology)

Joint Engine Technology Database that is used as underlying database engine for Access

All of the following might be part of a Web site's middle-tier layer except: .a database server .an ad server .legacy corporate applications .a mail server.

Legacy corporate applications

The overall rate of online credit card fraud is ________ % of all online card transactions.

Less than 1%

Spam (junk) web sites

Link fams, promise to offer products or services, but really just collections of ads

Which of the following typically includes a data flow diagram to describe the flow of information for an e-commerce site? . physical design . logical design . testing plan . co-location plan

Logical design

Drive-by download

Malware that comes with a downloaded file that a user requests

Which of the following is a set of short-range wireless technologies used to share information among devices within about 2 inches of each other?

NFC

Structured Data

Numbers, text, dates

Entity Instance

Occurrence of an entity (Human is entity, Spencer is instance)

Merchant Server Softwarer Package

Offers integrated environment that provides most or all of functionality and capabilities needed to develop a sophisticated customer-centric site

What is the Dominant Database System?

Oracle

Database

Organized collection of logically related data; self-describing collection of integrated tables

CMS

Organizes, stores and processes web site content

Adware

PUP that serves pop-up ads to your computer

Entity

Person, place, thing that we identify (people, cars) Can be tangible or abstract

Which of the following details the actual hardware components to be used in a system?

Physical Design

Data governance

Policies and processes for managing availability, usability, integrity and security of enterprise data, especially as it relates to gov regulations

ransomware (scareware)

Prevents you from accessing your computer or files and demands you pay a fine

Java

Programming language that allows programmers to create interactivity and active content on client computer, saving considerable load on the server

Reventon is an example of:

Ransomware

I/O Intensive

Requires input/output operations rather than heavy-duty processing power

Which of the following is the least expensive path to creating a mobile Internet presence?

Resizing a website for mobile use

Which of the following is used to process certificates and private/public key information? A) HTTP B) SSL C) FTP D) data capture tools

SSL

Symmetric key encryption is also known as:

Secret Key Encryption

Partitioned Database

Separate locations store different parts of database

SQL

Sequential Query Language

Accessibility Rules

Set of design objectives that ensure disabled users can effectively access your sight (handicapped)

Which of the following helps you understand the marketing effectiveness of your e-commerce site? shopping cart product database site tracking and reporting system inventory management system

Site tracking and reporting system

Widget

Small, prebuilt chunk of code that executes automatically in your html web page

Active Server Pages

Software development tool that enables programmers using Microsoft's IIS package to build dynamic pages

Principle tools of business intelligence include:

Software for database query and reporting Online analytical processing (OLAP) Data mining

Web application Server

Software program that provide specific business functionality required of a web site

Proxy Server

Software server that handles all communications originating from or vein sent to the Internet, acting as a spokesperson or bodyguard for the org

E-commerce merchant server software

Software that provides the basic functionality needed for online sales, including catalog, order taking, shopping cart and credit card processing

Data Cleansing

Software to detect and correct data that are incorrect, incomplete, improperly formatted or redundant (enforces consistency)

Data Definition Capability

Specifies structure of database content, used to create tables and define characteristics of fields

Software that is used to obtain private user information such as a user's keystrokes or copies of e-mail is referred to as:

Spyware

Which of the following is not a main factor in determining overall demand for an e-commerce site? -static file sizes -number of items in inventory -user profiles -type of content

Static File Size

Data

Stored representations of meaningful objects and events

Distributing databases

Storing database in more than one place

Data Quality Audit

Structured survey of the accuracy and level of completeness of the data in an info system

A digital certificate contains all of the following except the: . subject's private key. . subject's public key. . digital signature of the certification authority. . digital certificate serial number.

Subject's private key

Online Analytical Processing (OLAP)

Supports multidimensional data analysis (each aspect of info is different dimension) and enables rapid, online answers to ad hoc queries

Digital Envelop

Technique that uses symmetric encryption for large documents but public key encryption to encrypt and send the symmetric key

System Testing

Testing site as a whole, in way typical user will use it

All of the following are factors in contributing to the increase in cybercrime except: . the ability to remotely access the Internet. . the Internet's similarity to telephone networks. . the ability to anonymously access the Internet. . the Internet is an open, vulnerable design.

The Internet's similarity to telephone networks

Responsive Web design

Tools and design principles that automatically adjust the layout of a web site depending on user screen resolution

Business Intelligence

Tools for consolidating, analyzing and providing access to vast amounts of data to help users make better business decisions

. Insiders present a greater security threat to e-commerce sites than outsiders

True

A worm does not need to be activated by a user in order for it to replicate itself

True

In order to accept payments by credit card, online merchants typically must have a merchant account established with a bank or financial institution

True

Mobile Web apps are typically built using HTML5 and Java.

True

Prior to the development of e-commerce, Web sites primarily delivered static content. T/F

True

Smishing attacks exploit SMS messages

True

Spoofing involves attempting to hide a true identity by using someone else's e-mail or IP address

True

Storing HTML pages in RAM rather than on a server's hard drive is an inexpensive way to fine-tune the processing architecture of a Web site. T/F

True

The U.S. federal government has historically not been in favor of the development and export of strong encryption systems.

True

The Web server software used does not significantly impact how a Web site's Web pages look on users':

True

The annual maintenance cost for a Web site is likely to be as high as its development cost.

True

The easiest and least expensive way to prevent threats to system integrity is to install anti-virus software (T/F)

True

The systems development life cycle methodology is useful when creating an e-commerce Web site.

True

Upgrading a server from a single processor to multiple processors is an example of scaling a site horizontally. T/F

True

Using prebuilt templates is typically one of the most cost-effective choices when building a Web

True

Which of the following did Dropbox implement after a series of security snafus in 2011 and 2012? a. firewall b. SSL/TLS c. two-factor authentication d. anti-virus software

Two-Factor Authentication

An e-commerce Web site that processes orders requires, at minimum, a ________ system architecture.

Two-tier

Social Engineering

Type of phishing that relies on human curiosity, greed, gullibility in order to trick into taking action that will result in downloading malware

System Functionalities

Types of info systems capabilities you will need to achieve your business objectives

________ involves testing a site program's modules one at a time.

Unit testing

Entity Relationship Diaram

Used by database designers to document the data model and illustrate relationships between entities

Data Manipulation Language

Used to add, change, delete, retrieve data from database (SQL)

Components of DBMS

Users > Database application > SQL > DBMS > Database UASMD

Predictive Analysis

Uses data mining techniques, historical data and assumptions about future conditions to predict outcomes of events (prob customer will respond to offer)

DDoS (distributed denial of serve)

Using numerous computers to attack the target network from numerous launch points

Site management tools

Verify that links on pages are still valid and also identify orphan files

Mobile Web Site

Version of a regular desktop web site that is scaled down in content and navigation (most basic)

Linden Dollars, created for use in Second Life, are an example of:

Virtual Currency

Malware

Viruses, worms, ransomware, Trojan horses and bots

Which of the following is the current standard used to protect Wi-Fi networks?

WPA2

Java Server Pages

Web page coding standard that allows developers to dynamically generate web pages in response to user requests

Multi-tier architecture

Web server is linked to a middle-tier layer that includes series of application servers that perform specific tasks as well as a backend layer of existing corporate systems

4 kinds of e-commerce presence

Web sites e-mail social media offline media

Co-location

When a firm purchases or leases a web server (and has total control over its operation) but locates it in a vendor's physical facility. Vendor maintains the facility, communications lines and machinery

Which of the following is an example of a CMS?

Wordpress

A system design has two main components:

a logical design and a physical design

Key (cipher)

any method for transforming plain text to cipher text

Black hats

bad hackers

Offline media is typically used for all of the following marketing activities except: education.exposure.conversation.branding

conversation

Which system functionality must your Web site have in order to be able to personalize or customize a product for a client? an ad server a site tracking and reporting system an inventory management system customer on-site tracking

customer on-site tracking

Metadata

descriptions of the properties or characteristics of the data, including data types, field sizes, allowable values and data context (limit of what data can be..gpa can be 0-4 and 3 number places)

DoS (denial of service)

flooding web site with useless traffic to inundate and overwhelm the network

Most of the time required to maintain an e-commerce site is spent on:

general administration and making changes and enhancements to the system.

CERT coordination center

monitors and tracks online criminal activity reported to it by private corporations and gov agencies that seek out it is help

Float

period of time between purchase and actual payment

Security Token

physical device or software that generates an identifier that can be used in addition to or in place of a password

Encryption

process of transforming plain text or data into cipher text that can't be read by anyone other than the sender and receiver

Browser Parasite

program that can monitor and change the settings of a user's browser

JavaScript

programming language invented by Netscape that is used to control the objects on an HTML page and handle interactions with the browser

All of the following statements about public key encryption are true except: . public key encryption uses two mathematically related digital keys. . public key encryption ensures authentication of the sender. . public key encryption does not ensure message integrity. . public key encryption is based on the idea of irreversible mathematical functions.

public key encryption does not ensure message integrity.

CGI (common gateway interface)

set of standards for communication between a browser and program running on a server that allows for interaction between user and server

Zero-day vulnerability

software vulnerability that has been previously unreported and for which no patch yet exists

P2P payment systems are a variation on what type of payment system?

stored value payment system

None of the following payment systems offers immediate monetary value except: A) personal checks. B) credit cards. C) stored value/debit card. D) accumulating balance.

stored value/debit card.

All the following statements about symmetric key encryption are true except: . in symmetric key encryption, both the sender and the receiver use the same key to encrypt and decrypt a message. . the Data Encryption Standard is a symmetric key encryption system. . symmetric key encryption is computationally slower. . symmetric key encryption is a key element in digital envelopes.

symmetric key encryption is computationally slower.

In order from beginning to end, the major steps in the SDLC, are:

systems analysis/planning; systems design; building the system; testing; implementation.

SQL InjectionAttack

takes advantage of poorly coded web app software that fails to properly validate or filter data entered by a user on a web page

The term stateless refers to the fact that:

the server does not have to maintain an ongoing dedicated interaction with the client computer.

Sniffer

type of eavesdropping program that monitors info traveling over anetwork

Bot

type of malicious code that can be covertly installed on a computer when connected to the internet, then responds to external commands sent by attacker

PGP (pretty good privacy)

widely used email public key encryption software program

An example of a privacy violation of e-commerce security is:

your online purchasing history being sold to other merchants without your consent.

The research firm Cybersource estimated that online credit card fraud in the United States amounted to about ________ in 2012.

$3.5 Billion

All of the following are simple steps for optimizing Web page content that can reduce response times except: reducing unnecessary HTML comments. Using more efficient graphics. Avoiding unnecessary links to other pages on the site. Segmenting computer servers to perform dedicated functions.

- segmenting computer servers to perform dedicated functions

What are the two most important management challenges in building a successful e-commerce presence?

-developing a clear understanding of business objectives -knowing how to choose the right technology to achieve those objectives

Which of the following is an example of an integrity violation of e-commerce security? A) A Web site is not actually operated by the entity the customer believes it to be. B) A merchant uses customer information in a manner not intended by the customer. C) A customer denies that he or she is the person who placed the order. D) An unauthorized person intercepts an online communication and changes its contents.

. An unauthorized person intercepts an online communication and changes its contents.

All of the following statements about PKI are true except . The term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties. . PKI is not effective against insiders who have a legitimate access to corporate systems including customer information. . PKI guarantees that the verifying computer of the merchant is secure. . The acronym PKI stands for public key infrastructure.

. PKI guarantees that the verifying computer of the merchant is secure.

3 Key techniques Database Approach

1. Data warehousing 2. Data mining (looking for relationships) 3. Tools for accessing internal databases throughout the web

Public Key Cryptography

2 mathematically related digital keys are used; a public key and a private key. Private is kept secret by owner and public is widely disseminated. Both can be used to encrypt and decrypt, however once key is used to encrypt message, same key can't be used to unencrypted message

Online bill payments are believed to cost ________ to process compared to ________ for paper bills.

20 to 30 cents, $3 to $7

The Data Encryption Standard uses a(n) _____ bit key.

56

All of the following are methods of improving the processing architecture of a Web site except: a) separating static content from dynamic content b) optimizing ASP code c) optimizing database schema d) adding web servers

Adding web servers

All of the following are important factors in Web site optimization except: .selecting keywords and page titles .identifying market niches for your services or products .buying search engine ads .adhering to accessibility guidelines.

Adhering to accessibility guidelines

Hash Function

Algorithm that produces a fixed-length number called a has or message digest

Hardware Platform

All underlying computing equipment that the system uses to achieve its functionality

Stored Value Payment System

Account created by depositing funds into an account and from which funds are paid out or withdrawn as needed (Starbucks)

privacy Policy

A set of public statements declaring to your customers how you treat their personal info

All of the following are basic functionality provided by Web servers except: A) a product catalog. B) marketing software C) a shopping cart. D) credit card processing.

A shopping cart

Privacy

Ability to control the use of info about oneself

Availability

Ability to ensure that an e-commerce site continues to function as intended

Nonrepudiation

Ability to ensure that e-commerce participants do not deny their online actions

Integrity

Ability to ensure that info being displayed on a website or transmitted or received over the Internet has not been altered in any way by an unauthorized party

Confidentiality

Ability to ensure that messages and data are available only to those who are authorized to view them

Authenticity

Ability to identify the identify of a person or entity with whom you are dealing on the internet

________ verifies that the business objectives of the system as originally conceived are in fact working.

Acceptance testing

The leading Web server software is

Apache

Mobile Web App

App built to run on the mobile web browser built into a smartphone or tablet computer

Native App

App designed specifically to operate using the mobile devices hardware and operating system

Trojan horse

Appears to be benign, but then does something other than expected

System Architecture

Arrangement of software, machinery and tasks in an info system needed to achieve a specific functionality

Data Dictionary

Automated or manual file storing definitions of data elements and their characteristics

Pharming

Automatically redirecting a web link to an address different than the intended one, with a site masquerading as the intended desination

Which of the following dimensions of e-commerce security is not provided for by encryption? . confidentiality . availability . message integrity . nonrepudiation

Availability


Related study sets

Chapter 10 Carrier Wide Area Networks (WANs)

View Set

Chapter 2 Atomic Orbitals, energy, shape, and electron density

View Set

Laws and Rules Pertinent to Insurance (ch 8)

View Set

Literary Terms That Begin With "H"

View Set

Quiz 12 : Essentials of Networking

View Set

Primerica Session A Chapter 2 Contract Law (Chapter Quiz, Snap Shots, and review questions)

View Set

Sensation and Perception Module 18

View Set

Computer Technology I Glossary 4: Software

View Set

OMIS 360 EXAM 1 Disc Ques Dr. Huynh

View Set