Deck 5: E-Commerce Security and Payment Systems

A) malware infection
B) laptop theft
C) Web site defacement
D) insider abuse

A) 25
B) 45
C) 75
D) 95

A) less than 1
B) around 1
C) around 5
D) around 10

A) the ability to remotely access the Internet.
B) the Internet's similarity to telephone networks.
C) the ability to anonymously access the Internet.
D) the Internet is an open, vulnerable design.

A) confidentiality.
B) usability.
C) functionality.
D) viability.

A) spyware.
B) a backdoor.
C) pupware.
D) adware.

A) DDoS attacks.
B) phishing attacks.
C) storing network traffic for analysis.
D) stealing information from computers.

A) 8
B) 56
C) 256
D) 512

A) Russian hackers posting over 6 million Facebook usernames and passwords online.
B) 77 million user credit card numbers stolen from Sony's PlayStation gameserver.
C) A Stuxnet worm wiped computers in the Iranian Oil Ministry clean.
D) Melissa worm spreads through Microsoft Word templates.

A) lost cards
B) the hacking and looting of corporate servers storing credit card information
C) sniffing programs
D) phishing attacks

A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity

A) public key encryption.
B) secret key encryption.
C) PGP.
D) PKI.

A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity

A) macro virus.
B) worm/Trojan horse.
C) Trojan horse/virus.
D) bot program.

A) viruses
B) worms
C) Trojan horses
D) botnets

A) Anonymous
B) Anti-Phishing Working Group
C) IC3
D) Symantec

A) the client computer
B) the server
C) the communications pipeline
D) the credit card companies

A) Microsoft Word.
B) Microsoft Outlook Express.
C) Microsoft operating systems.
D) Microsoft Access database software.

A) In symmetric key encryption, both the sender and the receiver use the same key to encrypt and decrypt a message.
B) The Data Encryption Standard is a symmetric key encryption system.
C) Symmetric key encryption is computationally slower.
D) Symmetric key encryption is a key element in digital envelopes.

A) integrity
B) availability
C) integrity and authenticity
D) availability and integrity

A) Confidentiality
B) Integrity
C) Privacy
D) Availability

A) A Web site is not actually operated by the entity the customer believes it to be.
B) A merchant uses customer information in a manner not intended by the customer.
C) A customer denies that he or she is the person who placed the order.
D) An unauthorized person intercepts an online communication and changes its contents.

A) viruses.
B) bots.
C) worms.
D) sniffers.

A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity

A) your e-mail being read by a hacker.
B) your online purchasing history being sold to other merchants without your consent.
C) your computer being used as part of a botnet.
D) your e-mail being altered by a hacker.

A) digital signatures.
B) certificates of authority.
C) biometric devices.
D) packet filters.

A) It is instantly convertible into other forms of value without intermediation.
B) It requires no authentication.
C) It is anonymous.
D) It provides float.

A) personal checks.
B) credit cards.
C) stored value/debit card.
D) accumulating balance.

A) smart cards.
B) credit cards.
C) gift certificates.
D) prepaid cards.

A) Perform a security audit.
B) Develop an implementation plan.
C) Create a security organization.
D) Develop a security policy.

A) ISPs.
B) consumers.
C) financial intermediaries.
D) government regulators.

A) Public key encryption uses two mathematically related digital keys.
B) Public key encryption ensures authentication of the sender.
C) Public key encryption does not ensure message integrity.
D) Public key encryption is based on the idea of irreversible mathematical functions.

A) firewalls.
B) application gateways.
C) dual home systems.
D) packet filters.

A) access controls.
B) an authorization management system.
C) security tokens.
D) an authorization policy.

A) stored value payment system
B) digital checking system
C) accumulating balance system
D) digital credit card system

A) subject's private key.
B) subject's public key.
C) digital signature of the certification authority.
D) digital certificate serial number.

A) envelope.
B) signature.
C) certificate.
D) hash.

A) firewall
B) virtual private network
C) proxy server
D) PPTP

A) Homeland Security Act
B) CAN-SPAM Act
C) Computer Security Enhancement Act
D) Computer Fraud and Abuse Act

A) confidentiality
B) availability
C) message integrity
D) nonrepudiation

A) firewalls
B) proxy servers
C) digital signatures
D) login passwords

A) Debit cards eliminate the need for consumers to write a paper check when making a purchase.
B) Debit cards enable consumers to make purchases even if they do not have sufficient funds at the time of purchase.
C) Debit cards do not provide any float.
D) Debit cards do not have the protections provided by Regulation Z to credit cards.

A) Create a security organization.
B) Develop a security policy.
C) Perform a risk assessment.
D) Perform a security audit.

A) SSL/TLS.
B) certificates.
C) VPN.
D) FTP.

A) The term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties.
B) PKI is not effective against insiders who have a legitimate access to corporate systems including customer information.
C) PKI guarantees that the verifying computer of the merchant is secure.
D) The acronym PKI stands for public key infrastructure.

A) Trojan horse.
B) backdoor.
C) drive-by download.
D) PUP.

A) digital cash.
B) virtual currency.
C) EBPP
D) peer-to-peer payment systems.

A) adware
B) browser parasite
C) drive-by download
D) spyware

A) poor security.
B) cost to consumers.
C) cost to merchant.
D) social equity.

A) DES
B) NFC
C) IM
D) text messaging