ecommerce final – Flashcards
Unlock all answers in this set
Unlock answersquestion
companies can do business online using their own servers and server software is used most often by large companies
answer
self hosting
question
Internet service providers (ISPs) provide Internet access to companies and individuals. Virtually all of these companies offer Web-hosting services as well and sometimes called themselves
answer
commerce service providers
question
These firms, which often offer Web server management and rent application software (such as databases, shopping carts, and content management programs) to businesses, sometimes call themselves (managed service providers)( application service providers)
answer
ok
question
the client's Web site is on a server that hosts other Web sites simultaneously and is operated by the service provider at its location.
answer
Shared hosting
question
the service provider makes a Web server available to the client, but the client does not share the server with other clients of the service provider.
answer
dedicated hosting
question
the service provider rents a physical space to the client to install its own sen er hardware. The client installs its own software and maintains the server. The service provider is responsible only for providing a reliable power supply and a connection to the Internet.
answer
co-location
question
The best hosting services provide Web server hardware and software combinations that are_______, which means they can be adapted to meet changing requirements when their clients grow.
answer
scalable
question
a listing of goods and services
answer
catalog
question
is a simple list written in HTML that appears on a Web page or a series of Web pages
answer
static catalog
question
stores the information about items in a database, usually on a separate computer that is accessible to the server that is running the Web site itself.
answer
dynamic catalog
question
HTTP messaging, which is the foundation of the Web, is a ___________(it does not retain information from one transmission or session to another),
answer
stateless system
question
is a company based in Tucker, Georgia, that .sells electronic commerce software to companies that operate small and midsize electronic commerce Web sites
answer
PDG Software
question
occurs when the shopper proceeds to the virtual checkout counter by clicking a checkout button.
answer
Transaction processing
question
a collection of information that is stored on a computer in a highly structured way.
answer
database
question
is software that makes it easy for users to enter, edit, update, and retrieve information in the database.
answer
database manager
question
Large information systems that store the same data in many different physical locations are called ________and the databases within those systems are called distributed database systems.
answer
distributed information systems
question
_______ which was developed and is maintained by a community of programmers on the Web. Similar to the Linux operating system ______is open-source software, even though it was developed by a Swedish company (______ AB), which is now owned by Oracle.
answer
MySQL
question
_________is software that takes information about sales and inventory shipments from the electronic commerce software and transmits it to accounting and inventory management software in a form that these systems can read.
answer
Middleware
question
Making a company's information systems work together is called __________ and is an important goal of companies when they install middleware.
answer
interoperability
question
A program that performs a specific function, such as creating invoices, calculating payroll, or processing payments received from customers, is called an application program, application software, or, more simply, an application.
answer
ok
question
___________is a computer that takes the request messages received by the Web server and runs application programs that perform some kind of action based on the contents of the request messages.
answer
application server
question
The actions that the application server software performs are determined by the rules used in the business. These rules are called _______________
answer
Business logic
question
In many organizations, the business logic is distributed among many different applications that are used in different parts of the organization. In recent years, many IT departments have devoted significant resources to the creation of links among these scattered applications so that the organization's business logic can be interconnected. The creation and management of these links is called _________
answer
application integration (enterprise application integration)
question
___________ application systems return pages generated by scripts that include the rules for presenting data on the Web page with the business logic.
answer
Page based
question
Because page-based systems combine presentation and business logic, they are hard to revise and update. To avoid this problem, an increasing number of businesses use a _________ application system that separates the presentation logic from the business logic.
answer
component based
question
______________________ software packages are business systems that integrate all facets of a business, including accounting, logistics, manufacturing, marketing, planning, project management, and treasury functions.
answer
ERP (Enterprise resource planning)
question
The W3C defines __________ as software systems that support interoperable machine-to-machine interaction over a network._________ is a set of software and technologies that allow computers to use the Web to interact with each other directly, without human operators directing the specific interactions.
answer
Web service
question
A general name for the ways programs interconnect with each other is ____. When the interaction is done over the Web, the techniques are called Web ____.
answer
(application program interface) API
question
Implementing The first widely used approach to Web services was ______________, which is a message-passing protocol that defines how to send marked-up data from one software application to another across a network.
answer
(Simple Object Access Protocol) SOAP
question
The other two specifications are the Web Services Description Language (WSDL), which is used to describe the logic unit characteristics of each Web service, and the Universal Description, Discovery, and Integration Specification (UDDI), which works as a sort of address book to identify the locations of Web services and their associated WSDL descriptions.
answer
ok
question
In 2000, Roy Fielding outlined a principle called _________________, that describes the way the Web uses networking architecture to identify and locate Web pages and the elements (graphics, audio clips, and so on) that make up those Web pages. Some Web services designers who found SOAP to be overly complex for their applications turned to Fielding's REST idea and used it to structure their work.
answer
(Representational State Transfer) REST
question
__________ CSPs provide small businesses with a basic Web site, online store design tools, storefront templates, and an easy-to-use interface. These service providers charge a low monthly fee and may also charge one-time setup fees (similar to basic CSPs), however, others also charge a percentage of or fixed amount for each customer transaction. Amazon Services (through its "Professional Sellers" and "Individual Sellers" programs) and eBay Stores.
answer
Mall style
question
______ ___________ _________ helps companies control the large amounts of text, graphics, and media files that have become crucial to doing business.
answer
Content management software
question
Thus, large companies are using systems that help them manage the knowledge itself, rather than the documentary representations of that knowledge. The software that has been developed to meet that goal is called ____________ software. _______________ software helps companies do four main things: collect and organize knowledge, share the knowledge among users, enhance the ability of users to collaborate, and preserve the knowledge gained through the use of information so that future users can benefit from the learning of current users.
answer
knowledge management
question
___________ software helps companies to coordinate planning and operations with their partners in the industry supply chains of which they are members. ____ software performs two general types of functions: planning and execution.
answer
Supply chain management
question
________________ software must obtain data from operations software that conducts activities such as sales automation, customer service center operations, and marketing campaigns. The software must also gather data about customer activities on the company's Web site and any other points of contact the company has with its existing and potential customers.
answer
Customer relationship management
question
The Salesforce.com practice of replacing a company's investment in computing equipment by selling Internet-based access to its own computing hardware and software is called ____________, and it has become an important new force in the software industry. _____________ allows companies to gain the benefits of software without having to install computing hardware and maintain it.
answer
cloud computing
question
__________ is the protection of assets from unauthorized access, use, alteration, or destruction. There are two general types of security: physical and logical.
answer
Computer security
question
_____________ includes tangible protection devices, such as alarms, guards, fireproof doors, security fences, safes or vaults, and bombproof buildings.
answer
Physical security
question
Protection of assets using nonphysical means is called ________ security
answer
logical
question
Any act or object that poses a danger to computer assets is known as a threat. A countermeasure is a procedure that recognizes, reduces, or eliminates a threat.
answer
ok
question
An__________, in this context, is a person or device that can listen in on and copy Internet transmissions.
answer
eavesdropper
question
Secrecy refers to protecting against unauthorized data disclosure and ensuring the authenticity of the data source. Integrity refers to preventing unauthorized data modification. Necessity refers to preventing data delays or denials (removal). Integrity threats are reported less frequently and are less well known to the general public. An integrity violation occurs, for example, when an e-mail message is intercepted and its contents arc changed before it is forwarded to its original destination. That is, the integrity of the message has been violated. In this particular exploit, which is called a (man-in-the-middle exploit), the contents of the e-mail are often altered in a way that changes the message's original meaning.
answer
ok
question
There are two ways of categorizing cookies: by time duration and by source. The two kinds of time-duration cookie categories include (session cookies), which exist until the Web client ends the connection (or "session"), and (persistent cookies), which remain on the client computer indefinitely.
answer
ok
question
Another way to categorize cookies is by their source. Cookies can be placed on the client computer by the Web server site, in which case they are called (first-party cookies), or they can be placed by a different Web site, in which case they are called (third-party cookies). A third-party cookie originates on a Web site other than the site being visited. These third-party Web sites usually provide advertising or other content that appears on the Web site being viewed.
answer
ok
question
_____is a tiny graphic that a third- party Web site places on another site's Web page. When a site visitor loads the Web page, the _______ is delivered by the third-party site, which can then place a cookie on the visitor's computer. A _________'s only purpose is to provide a way for a third-party Web site (the identity of which is unknown to the visitor) to place cookies from that third-party site on the visitor's computer.
answer
Web bug
question
These programs run when a client device loads the Web page and are called ______ _______. ____ ______ programs can display moving graphics, download and play audio, or implement Web-based spreadsheet programs.
answer
active content
question
JavaScript and VBScript are ______ ________; they provide scripts, or commands, that are executed on the client.
answer
scripting languages
question
An______ is a small application program. ______ typically run within the Web browser and are most often written in the Java programming language.
answer
applet
question
An_______ control is an object that contains programs and properties that Web designers place on Web pages to perform particular tasks. Unlike Java or JavaScript code, _______ controls run only on computers with Windows operating systems.
answer
ActiveX
question
-->A Trojan horse is a program hidden inside another program or Web page that masks its true purpose. The Trojan horse could snoop around a client computer and send back private information to a cooperating Web server—a secrecy violation. The program could alter or erase information on a client computer—an integrity violation. Zombies are equally threatening. -->A zombie is a Trojan horse that secretly takes over another computer for the purpose of launching attacks on other computers. The computers running the zombie are also sometimes called zombies. When a Trojan horse (or other type of virus) has taken over a large number of computers (and thus made them into zombies), the person who planted the virus can take control of all the computers and -->form a botnet (short for robotic network, also called a zombie farm when the computers in the network are zombies) that can act as an attacking unit, sending spam or launching denial-of-service attacks against specific Web sites.
answer
ok
question
browser ___________, which are programs that enhance the capabilities of browsers, handle Web content that a browser cannot handle.______ can enable a browser to perform useful tasks, such as playing audio or video; however, ______ can also pose security threats to client computers by executing commands buried within the media being manipulated.
answer
plugin
question
A______ is a type of virus that replicates itself on the computers that it infects. ______ can spread quickly through the Internet.
answer
worm
question
A ______________ or digital ID is an attachment to an e-mail message or a program embedded in a Web page that verifies that the sender or Web site is who or what it claims to be.
answer
digital certificate
question
The term__________ describes the process of hiding information (a command, for example) within another piece of information. This information can he used for malicious purposes.
answer
steganography
question
A _______ _________ ______ is one that uses an element of a person's biological makeup to perform the identification. These devices include writing pads that detect the form and pressure of a person writing a signature, eye scanners that read the pattern of blood vessels in a person's retina or the color levels in a person's iris, and scanners that read the palm of a person's hand (rather than just one fingerprint) or that read the pattern of veins on the back of a person's hand.
answer
biometric security device
question
Almost all mobile devices include software that allows the owner to initiate a ______________ if the device is stolen. A ____________ clears all of the personal data stored on the device, including e-mails, text messages, contact lists, photos, videos, and any type of document file. If a mobile device does not include ___________ software, it can be added as an app.
answer
remote wipe
question
Apps that contain malware or that collect information from the mobile device and forward it to perpetrators are called _____ ______. To weed out _____ ______, the Apple App Store tests apps before they are authorized for sale. The Android Market does not screen for rogue apps as extensively as Apple;
answer
rogue apps
question
Software applications called _______ __________ provide the means to record information that passes through a computer or router that is handling Internet traffic. Using a ________ _________ is analogous to tapping a telephone line and recording a conversation. _____ _______ can read e-mail messages and unencrypted Web client- server message traffic, such as user logins, passwords, and credit card numbers.
answer
sniffer programs
question
Periodically, security experts find electronic holes, called___________, in electronic commerce software. A _________ is an element of a program (or a separate program) that allows users to run the program without going through the normal authentication procedure for access to the program.
answer
backdoors
question
Several companies and organizations offer_______ ________ ____________ that hide personal information from sites visited. These services provide a measure of secrecy to Web surfers who use them by replacing the user's IP address with the IP address of the anonymous Web service on the front end of any URLs that the user visits.
answer
anonymous Web service
question
An integrity threat, also known as active_________, exists when an unauthorized party can alter a message stream of information. Unprotected banking transactions, such as deposit amounts transmitted over the Internet, are subject to integrity violations.
answer
wiretapping
question
_______________ is an example of an integrity violation. _____________ is the electronic defacing of an existing Web site's page. The electronic equivalent of destroying property or placing graffiti on objects, ______________ occurs whenever someone replaces a Web site's regular content with his or her own content.
answer
Cybervandalism
question
-->Masquerading or spoofing—pretending to be someone you are not, or representing a Web site as an original when it is a fake—is one means of disrupting Web sites. -->Domain name servers (DNSs) are the computers on the Internet that maintain directories that link domain names to IP addresses.
answer
ok
question
These exploits, which capture confidential customer information, arc called________ __________. The most common victims of ________ _____ are users of online banking and payment system (such as PayPal) Web sites.
answer
phishing expeditions
question
Attackers can use the botnets you learned about earlier in this chapter to launch a simultaneous attack on a Web site (or a number of Web sites) from all of the computers in the botnet. This form of attack is called a ________ attack. The attack on U.S. and South Korean government and business Web sites you learned about at the beginning of this chapter was a _____ attack.
answer
(distributed denial-of-scrvice) DDOS
question
The security of the connection depends on the ________________, which is a set of rules for encrypting transmissions from the wireless devices to the WAPs.
answer
WEP (Wireless Encryption Protocol)
question
In some cities that have large concentrations of wireless networks, attackers drive around in cars using their wireless-equipped laptop computers to search for accessible networks. These attackers are called -->wardrivers. When wardrivers find an open network (or a WAP that has a common default login and password), they sometimes place a chalk mark on the building so that other attackers will know that an easily entered wireless network is nearby. -->This practice is called warchalking. Some warchalkers have created Web sites that include maps of wireless access locations in major cities around the world.
answer
OK
question
________ is the coding of information by using a mathematically based program and a secret key to produce a string of characters that is unintelligible. The science that studies __________ is called cryptography
answer
Encryption
question
A program that transforms normal text, called -->plain text, into cipher text (the unintelligible string of characters) is called an -->encryption program. The logic behind an encryption program that includes the mathematics used to do the transformation from plain text to cipher text is called an -->encryption algorithm.
answer
OK
question
____ _______ is a process that uses a hash algorithm to calculate a number, called a hash value, from a message of any length. It is a fingerprint for the message because it is almost certain to be unique for each message.
answer
Hash coding
question
__________ ________, or public-key encryption, encodes messages by using two mathematically related numeric keys. In 1977, MIT professors Ronald Rivest, Adi Shamir, and I^eonard Adleman invented the RSA Public Key Cryptosystem. In their system, one key of the pair, ealled a public key, is freely distributed to anyone interested in communicating securely with the holder of both keys. The public key is used to encrypt messages using one of several different encryption algorithms. The second key, called a private key, is kept by the key owner. The owner uses the private key to decrypt all messages received. -->One of the most popular technologies used to implement public-key encryption today is called Pretty Good Privacy (PGP).
answer
Asymmetric encryption
question
__________ __________, also known as private-key encryption, encodes a message with an algorithm that uses a single numeric key, such as 456839420783, to encode and decode data.
answer
Symmetric encryption
question
A ______ ______ is a key used by an encryption algorithm to create cipher text from plain text during a single secure session.
answer
session key
question
S-HTTP security is established during the initial session between a client and a server. Either the client or the server can specify that a particular security feature be required, optional, or refused. This process of proposing and accepting (or rejecting) various transmission conditions is called _________ __________. sometimes called an envelope. This -->(secure envelope) encapsulates and encrypts the message, which provides secrecy, integrity, and client/server authentication. S-HTTP is still used by some Web servers; however, SSL has largely replaced it.
answer
session negotiation
question
To detect message alteration, a hash algorithm is applied to the message content to create a _____ _________, which is a number that summarizes the encrypted information.
answer
message digest
question
An encrypted message digest created using a private key is called a ________ _________.
answer
digital signature
question
A________ is an area of memory set aside to hold data read from a file or database. A ________ is necessary whenever any input or output operation takes place because a computer can process file information much faster than the information can be read from input devices or written to output devices.
answer
buffer
question
one in which excessive data is sent to a server, can occur on mail servers. Called a _______ ______, the attack occurs when hundreds or even thousands of people each send a message to a particular address.
answer
mail bomb
question
An ______ ______ _______ is a list or database of files and other resources and the usernames of people who can access the files and other resources.
answer
access control list (ACL)
question
A_______ is software or a hardware-software combination that is installed in a network to control the packet traffic moving through it. Most organizations place a ________ at the Internet entry point of their networks. -->Those networks inside the _______ are often called trusted, whereas networks outside the _______ are called untrusted.
answer
firewall
question
Firewalls are classified into the following categories: packet filter, gateway server, and proxy server. -->Packet-filter firewalls examine all data flowing back and forth between the trusted network (within the firewall) and the Internet. -->Gateway servers are firewalls that filter traffic based on the application requested. Gateway servers limit access to specific applications such as Telnet, FTP, and HTTP. -->Proxy server firewalls are firewalls that communicate with the Internet on the private network's behalf.
answer
OK
question
_______ _________ ________ are designed to monitor attempts to log into servers and analyze those attempts for patterns that might indicate a cracker's attack is under way.
answer
Intrusion detection systems
question
In addition to firewalls installed on organizations' networks, it is possible to install software-only firewalls on individual client computers. These firewalls are often called _______ _________. The use of ________ _______ has become an important tool in the protection of expanded network perimeters for many companies.
answer
personal firewall
question
Internet payments for items costing from a few cents to approximately a dollar are called_______________ --> small payments is used to describe all payments of less than S10
answer
micropayments
question
An ___________ _______ is a set of connections between banks that issue credit cards, the associations that own the credit cards (such as MasterCard or Visa), and merchants' banks.
answer
interchange network
question
In some payment card systems, the card issuer pays the merchants that accept the card directly and does not use an intermediary, such as a hank or clearinghouse system. These types of arrangements are called ________ ______ __________ because no other institution is involved in the transaction.
answer
closed loop system
question
Whenever additional parties, such as the intermediaries in this example, are included in payment card transaction processing, the system is called an ________ _______ _________. Visa and MasterCard are two of the most widely known examples of ________ _______ _________. Many banks issue both of these cards. Unlike American Express or Discover, neither Visa nor MasterCard issues cards directly to consumers. Visa and MasterCard are ((credit card associations)) that are operated by the banks who are members in the associations. These member banks, which are
answer
open loop system
question
An __________ _______ is a bank that does business with sellers (both Internet and non- Internet) that want to accept payment cards. To process payment cards for Internet transactions, a business must set up a ((merchant account)) with an _________ ________.
answer
acquiring bank
question
_________ __________ is a technique used by criminals to convert money that they have obtained illegally into cash that they can spend without having it identified as the proceeds of an illegal activity.
answer
Money laundering
question
Software-based digital wallets fall into two categories, depending on where they are stored. A ((server-side digital wallet)) stores a customer's information on a remote server belonging to a particular merchant or wallet publisher. Smartphones and tablets, as mobile devices, are candidates to become ((hardware-based digital)) wallets that can store a variety of identity credentials (such as a driver's license, medical insurance card, store loyalty cards, and other identifying documents). Near field communication (NFC) technology, which allows for contactless data transmission over short distances, can also be used if the smartphone is equipped with a chip similar to those that have been used on payment cards (such as MasterCard's PayPass card) for a number of years.
answer
ok
question
A ________ _____ is a plastic card with an embedded microchip that can store information. _______ _____ is also called stored-value cards. _______ _____ is safer than magnetic strip credit cards
answer
smart card
question
When the e-mails used in a phishing expedition are carefully designed to target a particular person or organization, the exploit is called ________ _______. The _______ ________ perpetrator must do considerable research on the intended recipient, hut by obtaining detailed personal information and using it in the e-mail, the perpetrator can greatly increase the chances that the victim will open the e-mail and click the link to the phishing Web site.
answer
spear phishing
question
U.S. laws define ((organized crime)), also called ((racketeering)), as unlawful activities conducted by a highly organized, disciplined association for profit. The associations that engage in organized crime are often differentiated from less organized groups such as gangs and from organized groups that conduct unlawful activities for political purposes, such as terrorist organizations. The Internet has opened new opportunities for organized crime in its traditional types of criminal activities and in new areas such as generating spam (which you learned about in earlier chapters), phishing, and identity theft. ((Identity theft)) is a criminal act in which the perpetrator gathers personal information about a victim and then uses that information to obtain credit.
answer
ok
question
Businesses use tactics called ((downstream strategies)) to improve the value that the business provides to its customers. Alternatively, businesses can pursue ((upstream strategies)) that focus on reducing costs or generating value by working with suppliers or inbound shipping and freight service providers.
answer
ok
question
In addition to hardware and software costs, the project budget must include the costs of hiring, training, and paying the personnel who will design the Web site, write or customize the software, create the content, and operate and maintain the site. Many organizations now track costs by activity and calculate a total cost for each activity. These cost numbers, called ___________(TCO), include all costs related to the activity.
answer
total cost of ownership
question
A person would pitch an idea for an online business to a group of businesspersons who had money and enough business knowledge to evaluate the idea's potential. These investors, often called ((angel investors)) ((Venture capitalists)) are very wealthy individuals, groups of wealthy individuals, or investment firms that look for small companies that are about to grow rapidly. They invest large amounts of money (between a million and a few hundred million dollars) hoping that in a few years the company will be large enough to sell stock to the public in an event called an initial public offering (IPO). In the IPO, the venture capitalists take their profits and once again search for a new small company in which to invest.
answer
ok
question
Most companies have procedures that call for an evaluation of any major expenditure of funds. These major investments in equipment, personnel, and other assets are called ((capital projects)) or ((capital investments)). evaluation approaches are called ((return on investment)) (ROI) techniques because they measure the amount of income (return) that will be provided by a specific current expenditure (investment). ROI techniques provide a quantitative expression of whether the benefits of a particular investment exceed their costs (including opportunity costs).
answer
ok
question
Companies today recognize the value of the accumulated mass of employees' knowledge about the business and its processes. The value of an organization's pool of this type of knowledge is called ((intellectual capital)). the company outsources the initial site design and development to launch the project quickly. The outsourcing team then trains the company's information systems professionals in the new technology before handing the operation of the site over to them. This approach is called ((early outsourcing)). Once the company has gained all the competitive advantage provided by the system, the maintenance of the electronic commerce system can be outsourced so that the company's information systems professionals can turn their attention and talents to developing new technologies that will provide further competitive advantage. This approach is called ((late outsourcing)). In both the early outsourcing and late outsourcing approaches, a single group is responsible for the entire design, development, and operation of a project—either inside or outside the company. This typical outsourcing pattern works well for many information systems projects. However, electronic commerce initiatives can benefit from a partial outsourcing approach, too. In ((partial outsourcing)), which is also called ((component outsourcing)), the company identifies specific portions of the project that can be completely designed, developed, implemented, and operated by another firm that specializes in a particular function.
answer
ok
question
An__________ is a company that offers startup companies a physical location with offices, accounting and legal assistance, computers, and Internet connections at a very low monthly cost.
answer
incubator
question
______ ___________ is a collection of formal techniques for planning and controlling the activities undertaken to achieve a specific goal.
answer
Project management
question
A company's top technology manager is its chief information officer (CIO). _________ __________ __________ is a technique in which each project is monitored as if it were an investment in a financial portfolio. The CIO records the projects in a list (usually using spreadsheet or database management software) and updates the list regularly with current information about each project's status. By managing each project as a portfolio element, project portfolio managers can make trade
answer
Project portfolio management