IS 194 Test 2
An intrusion detection system can perform all of the following functions except:
Blocking suspicious activity
Symmetric Key Encryption
Both sender and receiver use same key to encrypt and decrypt the message
Rustock is an example of which of the following?
Botnet
. Most of the world's spam is delivered via which of the following?
Botnets
PKI (public key infrastructure)
CAs and digital certificate procedures that are accepted by all parties
Which of the following technologies could you use to place the content of your Web site in a database so that you can then dynamically generate requests for pages? -Apache web server -proxy server -shopping cart -CMS
CMS
Replicated Database
Central database duplicated in entirety at different locations
Which of the following countries has been found to have engaged in cyberespionage against Google?
China
Secure negotiated session
Client-server session in which URL of the requested doc, along with contents, contents of forms and cookies exchanged are encrypted
Advantages of dynamic page generation include all of the following except: a) lowered menu costs b)market segmentation c) nearly cost-free price discrimination d) client-side execution of programming
Client-side execution of programming
Virus
Computer program that has the ability to replicate itself and spread to other files
________ refers to the ability to ensure that messages and data are only available to those authorized to view them
Confidentiality
Dynamic Page generation
Contents of page are stored as objects in a database, rather than being hard coded in HTML. When user requests a web page, contents for that peg are fetched from database
The primary way a Web site is able to personalize the content presented to a visitor is through the use of:
Cookies nom
All of the following are limitations of the existing online credit card payment system except: . poor security. . cost to consumers. . cost to merchant. . social equity.
Cost to consumers
All of the following are basic information requirements for a product database except: .product descriptions .stock numbers .customer ID numbers .inventory levels
Customer ID number
Information
Data processed to increase knowledge in the person using the data
Problems with traditional file environment (maintained separately by different departments)
Data redundancy Data inconsistency Program-data dependence (change program requires change in data) Lack of flexibility Poor security Lack of data sharing and availability
The cost of hardware, software, and telecommunications services needed to build a Web site have ________ over the last decade.
Decreased drastically
Database Administration
Defining, organizing, implementing, maintaining database; performed by database design and management group
System Design Specification
Description of the main components in a system and relationship to one another
Worm
Designed to spread from computer to computer
Open Source Software
Developed by community of programmers and designers and free to use and modify
Which of the following is not an example of an access control? . firewalls . proxy servers . digital signatures . login passwords
Digital signatures
The structure of a market is described in terms of:
Direct competition, suppliers and substitute products
Which of the following is not an example of a PUP? . adware . browser parasite . drive-by download . spyware
Drive-by download
Proxy servers are also known as
Dual-home Systems
Two-tier Architecture
E-commerce system in which a web server responds to requests for web pages and a database server provides backend data storage
Attribute
Each characteristic, or quality, describing the entity (name, address, DL number)
Advantages of using web for database access
Ease of use of browser software Web interface requires few or no changes to database Inexpensive to add web interface to system
Form
Efficient way to capture data, imply entities, attributes and relationships
Horizontal Scaling
Employing multiple computers to share the workload
Components of Databases
Entity Attribute Relationship
Relationships
Exist between entities One-to-one One-to-many Many-to-many
Text Mining
Extracts key elements from large, unstructured data sets (stored e-mails)
All of the following are methods of securing channels of communication except: A) SSL. B) S-HTTP. C) VPN. D) FTP.
FTP
Apache Web server software is based on Microsoft's Windows operating system.
False
Digital cash is legal tender that is instantly convertible into other forms of value without the intermediation of any third parties
False
One of the most important challenges in developing an e-commerce presence is understanding that the technology must drive the business. T/F
False
Phishing attacks rely on browser parasites
False
TLS does not guarantee server-side authentication
False
Backdoor
Feature of malware that allows attacker to remotely access a comprised computer
Hierarchy in Database
Field, Record, File, Database
Data Mining
Finds hidden patterns, relationships in large databases and infers rules to predict future behavior (discovery driven)
Data Administration
Firm function responsible for specific policies and procedures to manage data
Information Policy
Firm's rules, procedures, roles for sharing, managing, standardizing data
White Hats
Good hackers who help orbs locate and fix security flaws
Field
Group of characters as word(s) or umber
File
Group of records of same type
Record
Group of related fields
Grey hats
Hackers who believe they are pursuing good by breaking in and revealing system flaws
Firewall
Hardware or software that filters communication packets and prevents some packets from entering the network based on a security policy
Context
Helps us understand the data
Before new database is in place, need to:
Identify and correct faulty data Est. better routines for editing data once database in operation
Unstructured Data
Images, video, documents
Vertical Scaling
Increasing processing power of individual components
Information Requirements
Info elements that they system must produce in order to achier the business objectives
PUP (potentially unwanted program)
Installs itself on computer without user's informed consent
Which dimension(s) of security is spoofing a threat to?
Integrity and Authenticity
Database Management System (DBMS)
Interfaces between applications and physical data files Separates logical and physical views of data Solves problems of traditional file environment
JET (joint engine technology)
Joint Engine Technology Database that is used as underlying database engine for Access
All of the following might be part of a Web site's middle-tier layer except: .a database server .an ad server .legacy corporate applications .a mail server.
Legacy corporate applications
The overall rate of online credit card fraud is ________ % of all online card transactions.
Less than 1%
Spam (junk) web sites
Link fams, promise to offer products or services, but really just collections of ads
Which of the following typically includes a data flow diagram to describe the flow of information for an e-commerce site? . physical design . logical design . testing plan . co-location plan
Logical design
Drive-by download
Malware that comes with a downloaded file that a user requests
Which of the following is a set of short-range wireless technologies used to share information among devices within about 2 inches of each other?
NFC
Structured Data
Numbers, text, dates
Entity Instance
Occurrence of an entity (Human is entity, Spencer is instance)
Merchant Server Softwarer Package
Offers integrated environment that provides most or all of functionality and capabilities needed to develop a sophisticated customer-centric site
What is the Dominant Database System?
Oracle
Database
Organized collection of logically related data; self-describing collection of integrated tables
CMS
Organizes, stores and processes web site content
Adware
PUP that serves pop-up ads to your computer
Entity
Person, place, thing that we identify (people, cars) Can be tangible or abstract
Which of the following details the actual hardware components to be used in a system?
Physical Design
Data governance
Policies and processes for managing availability, usability, integrity and security of enterprise data, especially as it relates to gov regulations
ransomware (scareware)
Prevents you from accessing your computer or files and demands you pay a fine
Java
Programming language that allows programmers to create interactivity and active content on client computer, saving considerable load on the server
Reventon is an example of:
Ransomware
I/O Intensive
Requires input/output operations rather than heavy-duty processing power
Which of the following is the least expensive path to creating a mobile Internet presence?
Resizing a website for mobile use
Which of the following is used to process certificates and private/public key information? A) HTTP B) SSL C) FTP D) data capture tools
SSL
Symmetric key encryption is also known as:
Secret Key Encryption
Partitioned Database
Separate locations store different parts of database
SQL
Sequential Query Language
Accessibility Rules
Set of design objectives that ensure disabled users can effectively access your sight (handicapped)
Which of the following helps you understand the marketing effectiveness of your e-commerce site? shopping cart product database site tracking and reporting system inventory management system
Site tracking and reporting system
Widget
Small, prebuilt chunk of code that executes automatically in your html web page
Active Server Pages
Software development tool that enables programmers using Microsoft's IIS package to build dynamic pages
Principle tools of business intelligence include:
Software for database query and reporting Online analytical processing (OLAP) Data mining
Web application Server
Software program that provide specific business functionality required of a web site
Proxy Server
Software server that handles all communications originating from or vein sent to the Internet, acting as a spokesperson or bodyguard for the org
E-commerce merchant server software
Software that provides the basic functionality needed for online sales, including catalog, order taking, shopping cart and credit card processing
Data Cleansing
Software to detect and correct data that are incorrect, incomplete, improperly formatted or redundant (enforces consistency)
Data Definition Capability
Specifies structure of database content, used to create tables and define characteristics of fields
Software that is used to obtain private user information such as a user's keystrokes or copies of e-mail is referred to as:
Spyware
Which of the following is not a main factor in determining overall demand for an e-commerce site? -static file sizes -number of items in inventory -user profiles -type of content
Static File Size
Data
Stored representations of meaningful objects and events
Distributing databases
Storing database in more than one place
Data Quality Audit
Structured survey of the accuracy and level of completeness of the data in an info system
A digital certificate contains all of the following except the: . subject's private key. . subject's public key. . digital signature of the certification authority. . digital certificate serial number.
Subject's private key
Online Analytical Processing (OLAP)
Supports multidimensional data analysis (each aspect of info is different dimension) and enables rapid, online answers to ad hoc queries
Digital Envelop
Technique that uses symmetric encryption for large documents but public key encryption to encrypt and send the symmetric key
System Testing
Testing site as a whole, in way typical user will use it
All of the following are factors in contributing to the increase in cybercrime except: . the ability to remotely access the Internet. . the Internet's similarity to telephone networks. . the ability to anonymously access the Internet. . the Internet is an open, vulnerable design.
The Internet's similarity to telephone networks
Responsive Web design
Tools and design principles that automatically adjust the layout of a web site depending on user screen resolution
Business Intelligence
Tools for consolidating, analyzing and providing access to vast amounts of data to help users make better business decisions
. Insiders present a greater security threat to e-commerce sites than outsiders
True
A worm does not need to be activated by a user in order for it to replicate itself
True
In order to accept payments by credit card, online merchants typically must have a merchant account established with a bank or financial institution
True
Mobile Web apps are typically built using HTML5 and Java.
True
Prior to the development of e-commerce, Web sites primarily delivered static content. T/F
True
Smishing attacks exploit SMS messages
True
Spoofing involves attempting to hide a true identity by using someone else's e-mail or IP address
True
Storing HTML pages in RAM rather than on a server's hard drive is an inexpensive way to fine-tune the processing architecture of a Web site. T/F
True
The U.S. federal government has historically not been in favor of the development and export of strong encryption systems.
True
The Web server software used does not significantly impact how a Web site's Web pages look on users':
True
The annual maintenance cost for a Web site is likely to be as high as its development cost.
True
The easiest and least expensive way to prevent threats to system integrity is to install anti-virus software (T/F)
True
The systems development life cycle methodology is useful when creating an e-commerce Web site.
True
Upgrading a server from a single processor to multiple processors is an example of scaling a site horizontally. T/F
True
Using prebuilt templates is typically one of the most cost-effective choices when building a Web
True
Which of the following did Dropbox implement after a series of security snafus in 2011 and 2012? a. firewall b. SSL/TLS c. two-factor authentication d. anti-virus software
Two-Factor Authentication
An e-commerce Web site that processes orders requires, at minimum, a ________ system architecture.
Two-tier
Social Engineering
Type of phishing that relies on human curiosity, greed, gullibility in order to trick into taking action that will result in downloading malware
System Functionalities
Types of info systems capabilities you will need to achieve your business objectives
________ involves testing a site program's modules one at a time.
Unit testing
Entity Relationship Diaram
Used by database designers to document the data model and illustrate relationships between entities
Data Manipulation Language
Used to add, change, delete, retrieve data from database (SQL)
Components of DBMS
Users > Database application > SQL > DBMS > Database UASMD
Predictive Analysis
Uses data mining techniques, historical data and assumptions about future conditions to predict outcomes of events (prob customer will respond to offer)
DDoS (distributed denial of serve)
Using numerous computers to attack the target network from numerous launch points
Site management tools
Verify that links on pages are still valid and also identify orphan files
Mobile Web Site
Version of a regular desktop web site that is scaled down in content and navigation (most basic)
Linden Dollars, created for use in Second Life, are an example of:
Virtual Currency
Malware
Viruses, worms, ransomware, Trojan horses and bots
Which of the following is the current standard used to protect Wi-Fi networks?
WPA2
Java Server Pages
Web page coding standard that allows developers to dynamically generate web pages in response to user requests
Multi-tier architecture
Web server is linked to a middle-tier layer that includes series of application servers that perform specific tasks as well as a backend layer of existing corporate systems
4 kinds of e-commerce presence
Web sites e-mail social media offline media
Co-location
When a firm purchases or leases a web server (and has total control over its operation) but locates it in a vendor's physical facility. Vendor maintains the facility, communications lines and machinery
Which of the following is an example of a CMS?
Wordpress
A system design has two main components:
a logical design and a physical design
Key (cipher)
any method for transforming plain text to cipher text
Black hats
bad hackers
Offline media is typically used for all of the following marketing activities except: education.exposure.conversation.branding
conversation
Which system functionality must your Web site have in order to be able to personalize or customize a product for a client? an ad server a site tracking and reporting system an inventory management system customer on-site tracking
customer on-site tracking
Metadata
descriptions of the properties or characteristics of the data, including data types, field sizes, allowable values and data context (limit of what data can be..gpa can be 0-4 and 3 number places)
DoS (denial of service)
flooding web site with useless traffic to inundate and overwhelm the network
Most of the time required to maintain an e-commerce site is spent on:
general administration and making changes and enhancements to the system.
CERT coordination center
monitors and tracks online criminal activity reported to it by private corporations and gov agencies that seek out it is help
Float
period of time between purchase and actual payment
Security Token
physical device or software that generates an identifier that can be used in addition to or in place of a password
Encryption
process of transforming plain text or data into cipher text that can't be read by anyone other than the sender and receiver
Browser Parasite
program that can monitor and change the settings of a user's browser
JavaScript
programming language invented by Netscape that is used to control the objects on an HTML page and handle interactions with the browser
All of the following statements about public key encryption are true except: . public key encryption uses two mathematically related digital keys. . public key encryption ensures authentication of the sender. . public key encryption does not ensure message integrity. . public key encryption is based on the idea of irreversible mathematical functions.
public key encryption does not ensure message integrity.
CGI (common gateway interface)
set of standards for communication between a browser and program running on a server that allows for interaction between user and server
Zero-day vulnerability
software vulnerability that has been previously unreported and for which no patch yet exists
P2P payment systems are a variation on what type of payment system?
stored value payment system
None of the following payment systems offers immediate monetary value except: A) personal checks. B) credit cards. C) stored value/debit card. D) accumulating balance.
stored value/debit card.
All the following statements about symmetric key encryption are true except: . in symmetric key encryption, both the sender and the receiver use the same key to encrypt and decrypt a message. . the Data Encryption Standard is a symmetric key encryption system. . symmetric key encryption is computationally slower. . symmetric key encryption is a key element in digital envelopes.
symmetric key encryption is computationally slower.
In order from beginning to end, the major steps in the SDLC, are:
systems analysis/planning; systems design; building the system; testing; implementation.
SQL InjectionAttack
takes advantage of poorly coded web app software that fails to properly validate or filter data entered by a user on a web page
The term stateless refers to the fact that:
the server does not have to maintain an ongoing dedicated interaction with the client computer.
Sniffer
type of eavesdropping program that monitors info traveling over anetwork
Bot
type of malicious code that can be covertly installed on a computer when connected to the internet, then responds to external commands sent by attacker
PGP (pretty good privacy)
widely used email public key encryption software program
An example of a privacy violation of e-commerce security is:
your online purchasing history being sold to other merchants without your consent.
The research firm Cybersource estimated that online credit card fraud in the United States amounted to about ________ in 2012.
$3.5 Billion
All of the following are simple steps for optimizing Web page content that can reduce response times except: reducing unnecessary HTML comments. Using more efficient graphics. Avoiding unnecessary links to other pages on the site. Segmenting computer servers to perform dedicated functions.
- segmenting computer servers to perform dedicated functions
What are the two most important management challenges in building a successful e-commerce presence?
-developing a clear understanding of business objectives -knowing how to choose the right technology to achieve those objectives
Which of the following is an example of an integrity violation of e-commerce security? A) A Web site is not actually operated by the entity the customer believes it to be. B) A merchant uses customer information in a manner not intended by the customer. C) A customer denies that he or she is the person who placed the order. D) An unauthorized person intercepts an online communication and changes its contents.
. An unauthorized person intercepts an online communication and changes its contents.
All of the following statements about PKI are true except . The term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties. . PKI is not effective against insiders who have a legitimate access to corporate systems including customer information. . PKI guarantees that the verifying computer of the merchant is secure. . The acronym PKI stands for public key infrastructure.
. PKI guarantees that the verifying computer of the merchant is secure.
3 Key techniques Database Approach
1. Data warehousing 2. Data mining (looking for relationships) 3. Tools for accessing internal databases throughout the web
Public Key Cryptography
2 mathematically related digital keys are used; a public key and a private key. Private is kept secret by owner and public is widely disseminated. Both can be used to encrypt and decrypt, however once key is used to encrypt message, same key can't be used to unencrypted message
Online bill payments are believed to cost ________ to process compared to ________ for paper bills.
20 to 30 cents, $3 to $7
The Data Encryption Standard uses a(n) _____ bit key.
56
All of the following are methods of improving the processing architecture of a Web site except: a) separating static content from dynamic content b) optimizing ASP code c) optimizing database schema d) adding web servers
Adding web servers
All of the following are important factors in Web site optimization except: .selecting keywords and page titles .identifying market niches for your services or products .buying search engine ads .adhering to accessibility guidelines.
Adhering to accessibility guidelines
Hash Function
Algorithm that produces a fixed-length number called a has or message digest
Hardware Platform
All underlying computing equipment that the system uses to achieve its functionality
Stored Value Payment System
Account created by depositing funds into an account and from which funds are paid out or withdrawn as needed (Starbucks)
privacy Policy
A set of public statements declaring to your customers how you treat their personal info
All of the following are basic functionality provided by Web servers except: A) a product catalog. B) marketing software C) a shopping cart. D) credit card processing.
A shopping cart
Privacy
Ability to control the use of info about oneself
Availability
Ability to ensure that an e-commerce site continues to function as intended
Nonrepudiation
Ability to ensure that e-commerce participants do not deny their online actions
Integrity
Ability to ensure that info being displayed on a website or transmitted or received over the Internet has not been altered in any way by an unauthorized party
Confidentiality
Ability to ensure that messages and data are available only to those who are authorized to view them
Authenticity
Ability to identify the identify of a person or entity with whom you are dealing on the internet
________ verifies that the business objectives of the system as originally conceived are in fact working.
Acceptance testing
The leading Web server software is
Apache
Mobile Web App
App built to run on the mobile web browser built into a smartphone or tablet computer
Native App
App designed specifically to operate using the mobile devices hardware and operating system
Trojan horse
Appears to be benign, but then does something other than expected
System Architecture
Arrangement of software, machinery and tasks in an info system needed to achieve a specific functionality
Data Dictionary
Automated or manual file storing definitions of data elements and their characteristics
Pharming
Automatically redirecting a web link to an address different than the intended one, with a site masquerading as the intended desination
Which of the following dimensions of e-commerce security is not provided for by encryption? . confidentiality . availability . message integrity . nonrepudiation
Availability