Homework answers / question archive / Saudi Electronic University ECOM 101 E-commerce 2013, 9e Chapter 5 E-commerce Security and Payment Systems 1) Typically, the more security measures added to a Web site, the slower and more difficult it becomes to use

Saudi Electronic University ECOM 101 E-commerce 2013, 9e Chapter 5 E-commerce Security and Payment Systems 1) Typically, the more security measures added to a Web site, the slower and more difficult it becomes to use

Business

Share With

---

Saudi Electronic University

ECOM 101

E-commerce 2013, 9e

Chapter 5 E-commerce Security and Payment Systems

1) Typically, the more security measures added to a Web site, the slower and more difficult it becomes to use.

 

 

 

2)            A worm does not need to be activated by a user in order for it to replicate itself.

 

 

 

3)            A Trojan horse appears to be benign, but then does something other than expected.

 

 

 

4)            Phishing attacks rely on browser parasites.

 

 

5)            Insiders present a greater security threat to e-commerce sites than outsiders.

 

 

 

6)            The use of a digital signature helps to ensure integrity, authenticity, and nonrepudiation.

 

 

 

7)            Drive-by downloads are now the most common method of infecting computers.

 

 

 

8)            Smishing attacks exploit SMS messages.

 

 

9)            TLS does not guarantee server-side authentication.

 

 

10)          The easiest and least expensive way to prevent threats to system integrity is to install anti- virus software.

 

 

 

11)          The United States federal government has historically not been in favor of the development and export of strong encryption systems.

 

 

 

12)          Credit cards are the dominant form of online payment throughout the world.

 

 

13)          In order to accept payments by credit card, online merchants typically must have a merchant account established with a bank or financial institution.

 

 

14)          Digital cash is legal tender that is instantly convertible into other forms of value without the intermediation of any third parties.

 

 

 

15)          PayPal requires the recipient of a payment to have a PayPal account to receive funds.

 

16)          All of the following are factors in contributing to the increase in cybercrime except:

A)           the ability to remotely access the Internet.

B)            the Internet's similarity to telephone networks.

C)            the ability to anonymously access the Internet.

D)           the Internet is an open, vulnerable design.

 

 

17)          The Computer Security Institute reported in its 2011 survey that approximately                  percent of responding organizations experienced a computer security incident within the previous 12 months.

A)           25 B) 45

C)            75

D)           95

 

 

18)          The overall rate of online credit card fraud is       percent of all online card transactions.

A)           less than 1

B)            around 1

C)            around 5

D)           around 10

 

 

19)          According to the Computer Security Institute's 2011 Computer Crime and Security Survey, which of the following was the most commonly reported type of attack?

A)           malware infection

B)            laptop theft

C)            Web site defacement

D)           insider abuse

 

 

20)          The six key dimensions to e-commerce security are nonrepudiation, authenticity, availability, integrity, privacy, and:

A)           confidentiality.

B)            usability.

C)            functionality.

D)           viability.

 

 

21)                         refers to the ability to ensure that e-commerce participants do not deny their online actions.

A)           Nonrepudiation

B)            Authenticity

C)            Availability

D)           Integrity

 

 

22)                         refers to the ability to identify the person or entity with whom you are dealing on the Internet.

A)           Nonrepudiation B) Authenticity

C)            Availability

D)           Integrity

 

23)          Which of the following is an example of an integrity violation of e-commerce security?

A)           A Web site is not actually operated by the entity the customer believes it to be.

B)            A merchant uses customer information in a manner not intended by the customer.

C)            A customer denies that he or she is the person who placed the order.

D)           An unauthorized person intercepts an online communication and changes its contents.

 

24)                         refers to the ability to ensure that an e-commerce site continues to function as intended.

A)           Nonrepudiation

B)            Authenticity C) Availability

D) Integrity

 

 

25)          An example of a privacy violation of e-commerce security is:

A)           your e-mail being read by a hacker.

B)            your online purchasing history being sold to other merchants without your consent.

C)            your computer being used as part of a botnet.

D)           your e-mail being altered by a hacker.

 

26)                         refers to the ability to ensure that messages and data are only available to those authorized to view them.

A)           Confidentiality

B)            Integrity

C)            Privacy

D)           Availability

 

 

27)          Which of the following is not a key point of vulnerability when dealing with e-commerce?

A)           the client computer

B)            the server

C)            the communications pipeline D) the credit card companies

 

 

28)          All of the following were computer crimes committed in 2011-2012 except:

A)           Russian hackers posting over 6 million Facebook usernames and passwords online.

B)            77 million user credit card numbers stolen from Sony's PlayStation gameserver.

C)            A Stuxnet worm wiped computers in the Iranian Oil Ministry clean. D) Melissa worm spreads through Microsoft Word templates.

 

 

 

29)          Which of the following is a prominent hacktivist group? A) Anonymous

B)            Anti-Phishing Working Group

C)            IC3

D)           Symantec

 

 

30)          Most of the world's spam is delivered via which of the following?

A)           viruses

B)            worms

C)            Trojan horses D) botnets

 

 

31)          Botnets are typically used for all of the following except:

A)           DDoS attacks. B) phishing attacks.

C)            storing network traffic for analysis.

D)           stealing information from computers.

 

32)          Software that is used to obtain private user information such as a user's keystrokes or copies of e-mail is referred to as:

A)           spyware.

B)            a backdoor.

C)            pupware.

D)           adware.

 

33)          The Conficker worm targeted:

A)           Microsoft Word.

B)            Microsoft Outlook Express. C) Microsoft operating systems.

D) Microsoft Access database software.

 

34)          Netsky.P, which spreads by sending e-mails from an infected computer to all of the e-mail addresses found on that infected computer, is an example of a:

A)           macro virus.

B)            worm/Trojan horse.

C)            Trojan horse/virus.

D)           bot program.

 

35)          What is the most frequent cause of stolen credit cards and card information today?

A)           lost cards

B)            the hacking and looting of corporate servers storing credit card information

C)            sniffing programs

D)           phishing attacks

 

 

36)          Which dimension(s) of security is spoofing a threat to?

A)           integrity

B)            availability

C)            integrity and authenticity

D)           availability and integrity

 

 

37)          All of the following are examples of malicious code except:

A)           viruses.

B)            bots.

C)            worms. D) sniffers.

 

 

38)          Symmetric key encryption is also known as:

A)           public key encryption. B) secret key encryption.

C)            PGP.

D)           PKI.

 

39)          All the following statements about symmetric key encryption are true except:

A)           In symmetric key encryption, both the sender and the receiver use the same key to encrypt and decrypt a message.

B)            The Data Encryption Standard is a symmetric key encryption system. C) Symmetric key encryption is computationally slower.

D) Symmetric key encryption is a key element in digital envelopes.

 

 

40)          The Data Encryption Standard uses a(n) -bit key.

A)           8 B) 56 C) 256

D) 512

 

 

 

 

41)          All of the following statements about public key encryption are true except:

A)           Public key encryption uses two mathematically related digital keys. B) Public key encryption ensures authentication of the sender.

C)            Public key encryption does not ensure message integrity.

D)           Public key encryption is based on the idea of irreversible mathematical functions.

 

 

42)          If you used a symmetric key encryption for large documents, with public key encryption to encrypt and send the symmetric key, you would be using a digital:

A)           envelope.

B)            signature.

C)            certificate.

D)           hash.

 

 

 

43)          All of the following statements about PKI are true except:

A)           The term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties.

B)            PKI is not effective against insiders who have a legitimate access to corporate systems including customer information.

C)            PKI guarantees that the verifying computer of the merchant is secure.

D)           The acronym PKI stands for public key infrastructure.

 

 

44)          A digital certificate contains all of the following except the: A) subject's private key.

B)            subject's public key.

C)            digital signature of the certification authority.

D)           digital certificate serial number.

 

 

45)          Which of the following dimensions of e-commerce security is not provided for by encryption?

A)           confidentiality B) availability

C)            message integrity

D)           nonrepudiation

 

46)          All of the following are methods of securing channels of communication except:

A)           SSL/TLS.

B)            certificates.

C)            VPN. D) FTP.

 

 

47)          A             is hardware or software that acts as a filter to prevent unwanted packets from entering a network.

A)           firewall

B)            virtual private network

C)            proxy server

D)           PPTP

 

 

48)          Proxy servers are also known as:

A)           firewalls.

B)            application gateways. C) dual home systems.

D) packet filters.

 

 

49)          All of the following are used for authentication except:

A)           digital signatures.

B)            certificates of authority.

C)            biometric devices. D) packet filters.

 

 

50)          What is the first step in developing an e-commerce security plan?

A)           Create a security organization.

B)            Develop a security policy. C) Perform a risk assessment.

D) Perform a security audit.

 

51)          What is the last step in developing an e-commerce security plan? A) Perform a security audit.

B)            Develop an implementation plan.

C)            Create a security organization.

D)           Develop a security policy.

 

52)          Which of the following is not an example of an access control?

A)           firewalls

B)            proxy   servers C) digital signatures

D) login passwords

 

 

53)          Which of the following is the primary federal statute used to combat computer crime?

A)           Homeland Security Act

B)            CAN-SPAM Act

C)            Computer Security Enhancement Act D) Computer Fraud and Abuse Act

 

 

54)          To allow lower-level employees access to the corporate network while preventing them from accessing private human resources documents, you would use:

A)           access controls.

B)            an authorization management system.

C)            security tokens.

D)           an authorization policy.

 

 

55)          All of the following are features of cash except:

A)           It is instantly convertible into other forms of value without intermediation.

B)            It requires no authentication.

C)            It is anonymous. D) It provides float.

 

 

56)          All the following are stakeholders in payment systems except: A) ISPs.

B)            consumers.

C)            financial intermediaries.

D)           government regulators.

 

57)          P2P payment systems are a variation on what type of payment system? A) stored value payment system

B)            digital checking system

C)            accumulating balance system

D)           digital credit card system

 

58)          All of the following statements about debit cards are true except:

A)           Debit cards eliminate the need for consumers to write a paper check when making a purchase. B) Debit cards enable consumers to make purchases even if they do not have sufficient funds at the time of purchase.

C)            Debit cards do not provide any float.

D)           Debit cards do not have the protections provided by Regulation Z to credit cards.

 

 

59)          All of the following are examples of stored value payment systems except:

A)           smart cards. B) credit cards.

C)            gift certificates.

D)           prepaid cards.

 

 

60)          None of the following payment systems offers immediate monetary value except:

A)           personal checks.

B)            credit cards.

C)            stored value/debit card.

D)           accumulating balance.

 

 

61)          Malware that comes with a downloaded file that a user requests is called a:

A)           Trojan horse.

B)            backdoor.

C)            drive-by download.

D)           PUP.

 

62)          Which of the following is not an example of a PUP?

A)           adware

B)            browser parasite C) drive-by download

D) spyware

 

 

63)          All of the following are limitations of the existing online credit card payment system except:

A)           poor security.

B)            cost to consumers.

C)            cost to merchant.

D)           social equity.

 

 

64)          Linden Dollars, created for use in Second Life, are an example of:

A)           digital cash.

B)            virtual currency.

C)            EBPP

D)           peer-to-peer payment systems.

 

65)          Which of the following is a set of short-range wireless technologies used to share information among devices within about 2 inches of each other?

A)           DES B) NFC

C)            IM

D)           text messaging