Deck 10: E-Commerce Fraud and Security

A)encryption,functionality,and privacy
B)quality,reliability,and speed
C)authentication,authorization,and nonrepudiation
D)confidentiality,integrity,and availability

A)software bug
B)risk of an attack or intrusion
C)spyware
D)weakness in software or network

A)Spamming
B)Pretexting
C)Social engineering
D)Phishing

A)depends on the trust and confidence of customers.
B)proactively meets regulatory,financial,marketing and operational requirements.
C)protects against unauthorized transactions and overrides of accounting controls.
D)requires digital signatures or digital certificates for all transactions.

A)Biometric
B)Keystroke logging
C)Access control
D)Intrusion detection

A)IPS
B)DOS
C)VPN
D)DNS

A)information assurance.
B)data integrity.
C)information integrity.
D)human firewall.

A)a collection of a few hundred hijacked Internet computers that have been set up to forward traffic,including spam and viruses,to other computers on the Internet.
B)a piece of software code that inserts itself into a host or operating system to launch DOS attacks.
C)a piece of code in a worm that spreads rapidly and exploits some known vulnerability.
D)a coordinated network of computers that can scan and compromise other computers and launch DOS attacks.

A)The Internet was designed for maximum efficiency without regard for its security or users with malicious intent.
B)The shift is toward profit-motivated crimes.
C)Managers treat EC security as a process.
D)Many companies fail to implement basic IT security management best practices,business continuity plans,and disaster recovery plans.

A)integrity.
B)availability.
C)authentication.
D)nonrepudiation.

A)There is growth in EC sales and the number of shoppers with higher incomes.
B)Information is a valuable form of currency.
C)Hackers are increasingly motived by fame and notoriety.
D)Scammers are outsourcing work to programmers to gain control of computers or wireless networks.

A)Internet underground economy
B)Denial of service
C)Cybercriminal
D)Virtual private network

A)integrity.
B)availability.
C)authentication.
D)nonrepudiation.

A)financial fraud
B)viruses and worms
C)unintentional human errors
D)targeted attacks

A)integrity.
B)availability.
C)authentication.
D)nonrepudiation.

A)has become the cornerstone for secure e-payments and intranet applications.
B)is based on the Data Encryption Standard,which is the standard symmetric encryption algorithm supported by U.S.government agencies.
C)encrypts and decrypts large amounts of data effectively.
D)uses encryption keys ranging from 64 bits to 128 bits.

A)Hardware and software security defenses protect against irresponsible business practices or corrupt management.
B)There is no single hardware or software solution appropriate for all companies.
C)If firewalls and antivirus software are not upgraded and monitored constantly,they will not remain useful.
D)After the EC security program and policies are defined and risk assessment completed,then the software and hardware needed to support and enforce them can be put in place.

A)uses rules to analyze suspicious activity at the perimeter of a network or at key locations in the network.
B)resides on the server that is being monitored where it can detect whether critical or security-related files have been tampered with or whether a user has attempted to access files that he or she is not authorized to use.
C)can perform certain actions when an attack occurs,such as terminating network connections based on security policies.
D)consists of information system resources-firewalls,routers,Web servers,database servers,and files that look like production systems,but do no real work.

A)Access control determines which persons,programs,or machines can legitimately use a network resource and which resources he,she,or it can use.
B)Access control lists (ACLs)define users' rights,such as what they are allowed to read,view,write,print,copy,delete,execute,modify,or move.
C)All resources need to be considered together to identify the rights of users or categories of users.
D)After a user has been identified,the user must be authenticated.

A)certificate authority
B)public key infrastructure
C)secure socket layer
D)digital envelope

A)Customers need to trust that the online marketplace and its businesses will not violate the right to privacy.
B)Unethical privacy practices can have both immediate and long-term negative business consequences.
C)Violators expose themselves to harsh penalties from various government agencies and victimized customers,as well as bloggers and consumer interest groups.
D)All of the above

A)application-level proxies.
B)bastion gateways.
C)packet-filtering routers.
D)IP blockers.

A)A digital signature is the electronic equivalent of a personal signature,which can be forged.
B)Digital signatures are based on public keys for authenticating the identity of the sender of a message or document.
C)Digital signatures ensure that the original content of an electronic message or document is unchanged.
D)Digital signatures are portable.

A)They are less expensive than private leased lines because they use the public Internet to carry information.
B)They ensure the confidentiality and integrity of the data transmitted over the Internet without requiring encryption.
C)They can reduce communication costs dramatically because VPN equipment is cheaper than other remote solutions.
D)Remote users can use broadband connections rather than make long distance calls to access an organization's private network.

A)biometric systems
B)human firewalls
C)intrusion detection systems
D)access control lists

A)Packet-filtering routers often are the first layer of network defense.
B)An administrator might miss some important rules,which would leave a hole in the firewall.
C)Because the content of a packet is irrelevant to a packet filter,once a packet is let through the firewall,the inside network is open to data-driven attacks.
D)An administrator might incorrectly specify a rule creating a vulnerability.

A)the commitment and involvement of executive management.
B)layers of hardware and software defenses.
C)information security policies and training.
D)secure design of EC applications.

A)are used to validate the sender and time stamp of the transaction so it cannot be later claimed that the transaction was unauthorized or invalid.
B)have been compromised by phishers and spammers.
C)provide complete confidence that the transactions are secure.
D)Both A and B

A)Sophisticated hackers use browsers to crack into Web sites.
B)Strong EC security makes online shopping inconvenient and demanding on customers.
C)There is a lack of cooperation from credit card issuers and foreign ISPs.
D)Online shoppers do not take necessary precautions to avoid becoming a victim.

A)message digest.
B)plaintext.
C)encryption.
D)key space.