IS 194 Test 2
Unlock all answers in this set
Unlock answersquestion
The easiest and least expensive way to prevent threats to system integrity is to install anti-virus software (T/F)
answer
True
question
Digital cash is legal tender that is instantly convertible into other forms of value without the intermediation of any third parties
answer
False
question
Phishing attacks rely on browser parasites
answer
False
question
The U.S. federal government has historically not been in favor of the development and export of strong encryption systems.
answer
True
question
In order to accept payments by credit card, online merchants typically must have a merchant account established with a bank or financial institution
answer
True
question
________ refers to the ability to ensure that messages and data are only available to those authorized to view them
answer
Confidentiality
question
All of the following statements about public key encryption are true except: . public key encryption uses two mathematically related digital keys. . public key encryption ensures authentication of the sender. . public key encryption does not ensure message integrity. . public key encryption is based on the idea of irreversible mathematical functions.
answer
public key encryption does not ensure message integrity.
question
Which of the following countries has been found to have engaged in cyberespionage against Google?
answer
China
question
An intrusion detection system can perform all of the following functions except:
answer
Blocking suspicious activity
question
Which of the following is not an example of a PUP? . adware . browser parasite . drive-by download . spyware
answer
Drive-by download
question
Which of the following did Dropbox implement after a series of security snafus in 2011 and 2012? a. firewall b. SSL/TLS c. two-factor authentication d. anti-virus software
answer
Two-Factor Authentication
question
Proxy servers are also known as
answer
Dual-home Systems
question
Online bill payments are believed to cost ________ to process compared to ________ for paper bills.
answer
20 to 30 cents, $3 to $7
question
All the following statements about symmetric key encryption are true except: . in symmetric key encryption, both the sender and the receiver use the same key to encrypt and decrypt a message. . the Data Encryption Standard is a symmetric key encryption system. . symmetric key encryption is computationally slower. . symmetric key encryption is a key element in digital envelopes.
answer
symmetric key encryption is computationally slower.
question
P2P payment systems are a variation on what type of payment system?
answer
stored value payment system
question
Which of the following is not an example of an access control? . firewalls . proxy servers . digital signatures . login passwords
answer
Digital signatures
question
None of the following payment systems offers immediate monetary value except: A) personal checks. B) credit cards. C) stored value/debit card. D) accumulating balance.
answer
stored value/debit card.
question
Reventon is an example of:
answer
Ransomware
question
Which of the following dimensions of e-commerce security is not provided for by encryption? . confidentiality . availability . message integrity . nonrepudiation
answer
Availability
question
Spoofing involves attempting to hide a true identity by using someone else's e-mail or IP address
answer
True
question
TLS does not guarantee server-side authentication
answer
False
question
A worm does not need to be activated by a user in order for it to replicate itself
answer
True
question
Smishing attacks exploit SMS messages
answer
True
question
Rustock is an example of which of the following?
answer
Botnet
question
An example of a privacy violation of e-commerce security is:
answer
your online purchasing history being sold to other merchants without your consent.
question
Which of the following is an example of an integrity violation of e-commerce security? A) A Web site is not actually operated by the entity the customer believes it to be. B) A merchant uses customer information in a manner not intended by the customer. C) A customer denies that he or she is the person who placed the order. D) An unauthorized person intercepts an online communication and changes its contents.
answer
. An unauthorized person intercepts an online communication and changes its contents.
question
Which of the following is the current standard used to protect Wi-Fi networks?
answer
WPA2
question
The overall rate of online credit card fraud is ________ % of all online card transactions.
answer
Less than 1%
question
All of the following are limitations of the existing online credit card payment system except: . poor security. . cost to consumers. . cost to merchant. . social equity.
answer
Cost to consumers
question
A digital certificate contains all of the following except the: . subject's private key. . subject's public key. . digital signature of the certification authority. . digital certificate serial number.
answer
Subject's private key
question
Which of the following is a set of short-range wireless technologies used to share information among devices within about 2 inches of each other?
answer
NFC
question
All of the following statements about PKI are true except . The term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties. . PKI is not effective against insiders who have a legitimate access to corporate systems including customer information. . PKI guarantees that the verifying computer of the merchant is secure. . The acronym PKI stands for public key infrastructure.
answer
. PKI guarantees that the verifying computer of the merchant is secure.
question
All of the following are factors in contributing to the increase in cybercrime except: . the ability to remotely access the Internet. . the Internet's similarity to telephone networks. . the ability to anonymously access the Internet. . the Internet is an open, vulnerable design.
answer
The Internet's similarity to telephone networks
question
Linden Dollars, created for use in Second Life, are an example of:
answer
Virtual Currency
question
. Insiders present a greater security threat to e-commerce sites than outsiders
answer
True
question
. Most of the world's spam is delivered via which of the following?
answer
Botnets
question
The research firm Cybersource estimated that online credit card fraud in the United States amounted to about ________ in 2012.
answer
$3.5 Billion
question
The Data Encryption Standard uses a(n) _____ bit key.
answer
56
question
Symmetric key encryption is also known as:
answer
Secret Key Encryption
question
Which dimension(s) of security is spoofing a threat to?
answer
Integrity and Authenticity
question
Software that is used to obtain private user information such as a user's keystrokes or copies of e-mail is referred to as:
answer
Spyware
question
All of the following are methods of securing channels of communication except: A) SSL. B) S-HTTP. C) VPN. D) FTP.
answer
FTP
question
Prior to the development of e-commerce, Web sites primarily delivered static content. T/F
answer
True
question
Upgrading a server from a single processor to multiple processors is an example of scaling a site horizontally. T/F
answer
True
question
Mobile Web apps are typically built using HTML5 and Java.
answer
True
question
Apache Web server software is based on Microsoft's Windows operating system.
answer
False
question
The annual maintenance cost for a Web site is likely to be as high as its development cost.
answer
True
question
4 kinds of e-commerce presence
answer
Web sites e-mail social media offline media
question
Which of the following typically includes a data flow diagram to describe the flow of information for an e-commerce site? . physical design . logical design . testing plan . co-location plan
answer
Logical design
question
A system design has two main components:
answer
a logical design and a physical design
question
All of the following are basic functionality provided by Web servers except: A) a product catalog. B) marketing software C) a shopping cart. D) credit card processing.
answer
A shopping cart
question
All of the following are simple steps for optimizing Web page content that can reduce response times except: reducing unnecessary HTML comments. Using more efficient graphics. Avoiding unnecessary links to other pages on the site. Segmenting computer servers to perform dedicated functions.
answer
- segmenting computer servers to perform dedicated functions
question
Offline media is typically used for all of the following marketing activities except: education.exposure.conversation.branding
answer
conversation
question
All of the following are methods of improving the processing architecture of a Web site except: a) separating static content from dynamic content b) optimizing ASP code c) optimizing database schema d) adding web servers
answer
Adding web servers
question
Which of the following technologies could you use to place the content of your Web site in a database so that you can then dynamically generate requests for pages? -Apache web server -proxy server -shopping cart -CMS
answer
CMS
question
Which of the following is not a main factor in determining overall demand for an e-commerce site? -static file sizes -number of items in inventory -user profiles -type of content
answer
Static File Size
question
________ verifies that the business objectives of the system as originally conceived are in fact working.
answer
Acceptance testing
question
In order from beginning to end, the major steps in the SDLC, are:
answer
systems analysis/planning; systems design; building the system; testing; implementation.
question
Which of the following is an example of a CMS?
answer
Wordpress
question
What are the two most important management challenges in building a successful e-commerce presence?
answer
-developing a clear understanding of business objectives -knowing how to choose the right technology to achieve those objectives
question
Which of the following details the actual hardware components to be used in a system?
answer
Physical Design
question
One of the most important challenges in developing an e-commerce presence is understanding that the technology must drive the business. T/F
answer
False
question
The systems development life cycle methodology is useful when creating an e-commerce Web site.
answer
True
question
Storing HTML pages in RAM rather than on a server's hard drive is an inexpensive way to fine-tune the processing architecture of a Web site. T/F
answer
True
question
All of the following are basic information requirements for a product database except: .product descriptions .stock numbers .customer ID numbers .inventory levels
answer
Customer ID number
question
Which of the following is the least expensive path to creating a mobile Internet presence?
answer
Resizing a website for mobile use
question
The term stateless refers to the fact that:
answer
the server does not have to maintain an ongoing dedicated interaction with the client computer.
question
Most of the time required to maintain an e-commerce site is spent on:
answer
general administration and making changes and enhancements to the system.
question
The cost of hardware, software, and telecommunications services needed to build a Web site have ________ over the last decade.
answer
Decreased drastically
question
Advantages of dynamic page generation include all of the following except: a) lowered menu costs b)market segmentation c) nearly cost-free price discrimination d) client-side execution of programming
answer
Client-side execution of programming
question
Which of the following is used to process certificates and private/public key information? A) HTTP B) SSL C) FTP D) data capture tools
answer
SSL
question
An e-commerce Web site that processes orders requires, at minimum, a ________ system architecture.
answer
Two-tier
question
The leading Web server software is
answer
Apache
question
All of the following are important factors in Web site optimization except: .selecting keywords and page titles .identifying market niches for your services or products .buying search engine ads .adhering to accessibility guidelines.
answer
Adhering to accessibility guidelines
question
Using prebuilt templates is typically one of the most cost-effective choices when building a Web
answer
True
question
The Web server software used does not significantly impact how a Web site's Web pages look on users':
answer
True
question
________ involves testing a site program's modules one at a time.
answer
Unit testing
question
All of the following might be part of a Web site's middle-tier layer except: .a database server .an ad server .legacy corporate applications .a mail server.
answer
Legacy corporate applications
question
The structure of a market is described in terms of:
answer
Direct competition, suppliers and substitute products
question
Which system functionality must your Web site have in order to be able to personalize or customize a product for a client? an ad server a site tracking and reporting system an inventory management system customer on-site tracking
answer
customer on-site tracking
question
The primary way a Web site is able to personalize the content presented to a visitor is through the use of:
answer
Cookies nom
question
Which of the following helps you understand the marketing effectiveness of your e-commerce site? shopping cart product database site tracking and reporting system inventory management system
answer
Site tracking and reporting system
question
Database
answer
Organized collection of logically related data; self-describing collection of integrated tables
question
File
answer
Group of records of same type
question
Record
answer
Group of related fields
question
Field
answer
Group of characters as word(s) or umber
question
Hierarchy in Database
answer
Field, Record, File, Database
question
Data
answer
Stored representations of meaningful objects and events
question
Structured Data
answer
Numbers, text, dates
question
Unstructured Data
answer
Images, video, documents
question
Information
answer
Data processed to increase knowledge in the person using the data
question
Metadata
answer
descriptions of the properties or characteristics of the data, including data types, field sizes, allowable values and data context (limit of what data can be..gpa can be 0-4 and 3 number places)
question
Context
answer
Helps us understand the data
question
Problems with traditional file environment (maintained separately by different departments)
answer
Data redundancy Data inconsistency Program-data dependence (change program requires change in data) Lack of flexibility Poor security Lack of data sharing and availability
question
Database Management System (DBMS)
answer
Interfaces between applications and physical data files Separates logical and physical views of data Solves problems of traditional file environment
question
Components of DBMS
answer
Users > Database application > SQL > DBMS > Database UASMD
question
What is the Dominant Database System?
answer
Oracle
question
SQL
answer
Sequential Query Language
question
JET (joint engine technology)
answer
Joint Engine Technology Database that is used as underlying database engine for Access
question
Components of Databases
answer
Entity Attribute Relationship
question
Entity
answer
Person, place, thing that we identify (people, cars) Can be tangible or abstract
question
Attribute
answer
Each characteristic, or quality, describing the entity (name, address, DL number)
question
Relationships
answer
Exist between entities One-to-one One-to-many Many-to-many
question
Entity Instance
answer
Occurrence of an entity (Human is entity, Spencer is instance)
question
Form
answer
Efficient way to capture data, imply entities, attributes and relationships
question
Data Definition Capability
answer
Specifies structure of database content, used to create tables and define characteristics of fields
question
Data Dictionary
answer
Automated or manual file storing definitions of data elements and their characteristics
question
Data Manipulation Language
answer
Used to add, change, delete, retrieve data from database (SQL)
question
Entity Relationship Diaram
answer
Used by database designers to document the data model and illustrate relationships between entities
question
Distributing databases
answer
Storing database in more than one place
question
Partitioned Database
answer
Separate locations store different parts of database
question
Replicated Database
answer
Central database duplicated in entirety at different locations
question
3 Key techniques Database Approach
answer
1. Data warehousing 2. Data mining (looking for relationships) 3. Tools for accessing internal databases throughout the web
question
Business Intelligence
answer
Tools for consolidating, analyzing and providing access to vast amounts of data to help users make better business decisions
question
Principle tools of business intelligence include:
answer
Software for database query and reporting Online analytical processing (OLAP) Data mining
question
Online Analytical Processing (OLAP)
answer
Supports multidimensional data analysis (each aspect of info is different dimension) and enables rapid, online answers to ad hoc queries
question
Data Mining
answer
Finds hidden patterns, relationships in large databases and infers rules to predict future behavior (discovery driven)
question
Predictive Analysis
answer
Uses data mining techniques, historical data and assumptions about future conditions to predict outcomes of events (prob customer will respond to offer)
question
Text Mining
answer
Extracts key elements from large, unstructured data sets (stored e-mails)
question
Advantages of using web for database access
answer
Ease of use of browser software Web interface requires few or no changes to database Inexpensive to add web interface to system
question
Information Policy
answer
Firm's rules, procedures, roles for sharing, managing, standardizing data
question
Data Administration
answer
Firm function responsible for specific policies and procedures to manage data
question
Data governance
answer
Policies and processes for managing availability, usability, integrity and security of enterprise data, especially as it relates to gov regulations
question
Database Administration
answer
Defining, organizing, implementing, maintaining database; performed by database design and management group
question
Before new database is in place, need to:
answer
Identify and correct faulty data Est. better routines for editing data once database in operation
question
Data Quality Audit
answer
Structured survey of the accuracy and level of completeness of the data in an info system
question
Data Cleansing
answer
Software to detect and correct data that are incorrect, incomplete, improperly formatted or redundant (enforces consistency)
question
System Functionalities
answer
Types of info systems capabilities you will need to achieve your business objectives
question
Information Requirements
answer
Info elements that they system must produce in order to achier the business objectives
question
System Design Specification
answer
Description of the main components in a system and relationship to one another
question
CMS
answer
Organizes, stores and processes web site content
question
Co-location
answer
When a firm purchases or leases a web server (and has total control over its operation) but locates it in a vendor's physical facility. Vendor maintains the facility, communications lines and machinery
question
System Testing
answer
Testing site as a whole, in way typical user will use it
question
System Architecture
answer
Arrangement of software, machinery and tasks in an info system needed to achieve a specific functionality
question
Two-tier Architecture
answer
E-commerce system in which a web server responds to requests for web pages and a database server provides backend data storage
question
Multi-tier architecture
answer
Web server is linked to a middle-tier layer that includes series of application servers that perform specific tasks as well as a backend layer of existing corporate systems
question
Site management tools
answer
Verify that links on pages are still valid and also identify orphan files
question
Dynamic Page generation
answer
Contents of page are stored as objects in a database, rather than being hard coded in HTML. When user requests a web page, contents for that peg are fetched from database
question
Web application Server
answer
Software program that provide specific business functionality required of a web site
question
E-commerce merchant server software
answer
Software that provides the basic functionality needed for online sales, including catalog, order taking, shopping cart and credit card processing
question
Merchant Server Softwarer Package
answer
Offers integrated environment that provides most or all of functionality and capabilities needed to develop a sophisticated customer-centric site
question
Open Source Software
answer
Developed by community of programmers and designers and free to use and modify
question
Hardware Platform
answer
All underlying computing equipment that the system uses to achieve its functionality
question
I/O Intensive
answer
Requires input/output operations rather than heavy-duty processing power
question
Vertical Scaling
answer
Increasing processing power of individual components
question
Horizontal Scaling
answer
Employing multiple computers to share the workload
question
CGI (common gateway interface)
answer
set of standards for communication between a browser and program running on a server that allows for interaction between user and server
question
Active Server Pages
answer
Software development tool that enables programmers using Microsoft's IIS package to build dynamic pages
question
Java
answer
Programming language that allows programmers to create interactivity and active content on client computer, saving considerable load on the server
question
Java Server Pages
answer
Web page coding standard that allows developers to dynamically generate web pages in response to user requests
question
JavaScript
answer
programming language invented by Netscape that is used to control the objects on an HTML page and handle interactions with the browser
question
Widget
answer
Small, prebuilt chunk of code that executes automatically in your html web page
question
privacy Policy
answer
A set of public statements declaring to your customers how you treat their personal info
question
Accessibility Rules
answer
Set of design objectives that ensure disabled users can effectively access your sight (handicapped)
question
Mobile Web Site
answer
Version of a regular desktop web site that is scaled down in content and navigation (most basic)
question
Responsive Web design
answer
Tools and design principles that automatically adjust the layout of a web site depending on user screen resolution
question
Mobile Web App
answer
App built to run on the mobile web browser built into a smartphone or tablet computer
question
Native App
answer
App designed specifically to operate using the mobile devices hardware and operating system
question
Integrity
answer
Ability to ensure that info being displayed on a website or transmitted or received over the Internet has not been altered in any way by an unauthorized party
question
Nonrepudiation
answer
Ability to ensure that e-commerce participants do not deny their online actions
question
Authenticity
answer
Ability to identify the identify of a person or entity with whom you are dealing on the internet
question
Confidentiality
answer
Ability to ensure that messages and data are available only to those who are authorized to view them
question
Privacy
answer
Ability to control the use of info about oneself
question
Availability
answer
Ability to ensure that an e-commerce site continues to function as intended
question
Malware
answer
Viruses, worms, ransomware, Trojan horses and bots
question
Drive-by download
answer
Malware that comes with a downloaded file that a user requests
question
Virus
answer
Computer program that has the ability to replicate itself and spread to other files
question
Worm
answer
Designed to spread from computer to computer
question
ransomware (scareware)
answer
Prevents you from accessing your computer or files and demands you pay a fine
question
Trojan horse
answer
Appears to be benign, but then does something other than expected
question
Backdoor
answer
Feature of malware that allows attacker to remotely access a comprised computer
question
Bot
answer
type of malicious code that can be covertly installed on a computer when connected to the internet, then responds to external commands sent by attacker
question
PUP (potentially unwanted program)
answer
Installs itself on computer without user's informed consent
question
Adware
answer
PUP that serves pop-up ads to your computer
question
Browser Parasite
answer
program that can monitor and change the settings of a user's browser
question
Social Engineering
answer
Type of phishing that relies on human curiosity, greed, gullibility in order to trick into taking action that will result in downloading malware
question
White Hats
answer
Good hackers who help orbs locate and fix security flaws
question
Black hats
answer
bad hackers
question
Grey hats
answer
Hackers who believe they are pursuing good by breaking in and revealing system flaws
question
Pharming
answer
Automatically redirecting a web link to an address different than the intended one, with a site masquerading as the intended desination
question
Spam (junk) web sites
answer
Link fams, promise to offer products or services, but really just collections of ads
question
DoS (denial of service)
answer
flooding web site with useless traffic to inundate and overwhelm the network
question
DDoS (distributed denial of serve)
answer
Using numerous computers to attack the target network from numerous launch points
question
Sniffer
answer
type of eavesdropping program that monitors info traveling over anetwork
question
SQL InjectionAttack
answer
takes advantage of poorly coded web app software that fails to properly validate or filter data entered by a user on a web page
question
Zero-day vulnerability
answer
software vulnerability that has been previously unreported and for which no patch yet exists
question
Encryption
answer
process of transforming plain text or data into cipher text that can't be read by anyone other than the sender and receiver
question
Key (cipher)
answer
any method for transforming plain text to cipher text
question
Symmetric Key Encryption
answer
Both sender and receiver use same key to encrypt and decrypt the message
question
Public Key Cryptography
answer
2 mathematically related digital keys are used; a public key and a private key. Private is kept secret by owner and public is widely disseminated. Both can be used to encrypt and decrypt, however once key is used to encrypt message, same key can't be used to unencrypted message
question
Hash Function
answer
Algorithm that produces a fixed-length number called a has or message digest
question
Digital Envelop
answer
Technique that uses symmetric encryption for large documents but public key encryption to encrypt and send the symmetric key
question
PKI (public key infrastructure)
answer
CAs and digital certificate procedures that are accepted by all parties
question
PGP (pretty good privacy)
answer
widely used email public key encryption software program
question
Secure negotiated session
answer
Client-server session in which URL of the requested doc, along with contents, contents of forms and cookies exchanged are encrypted
question
Firewall
answer
Hardware or software that filters communication packets and prevents some packets from entering the network based on a security policy
question
Proxy Server
answer
Software server that handles all communications originating from or vein sent to the Internet, acting as a spokesperson or bodyguard for the org
question
Security Token
answer
physical device or software that generates an identifier that can be used in addition to or in place of a password
question
CERT coordination center
answer
monitors and tracks online criminal activity reported to it by private corporations and gov agencies that seek out it is help
question
Float
answer
period of time between purchase and actual payment
question
Stored Value Payment System
answer
Account created by depositing funds into an account and from which funds are paid out or withdrawn as needed (Starbucks)
