Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 9: E-Commerce Security and Fraud Protection

Full screen (f)
exit full mode
Question
A cyberwarrior is a person who intentionally carries out crimes over the Internet.
Use Space or
up arrow
down arrow
to flip the card.
Question
Exposure is the estimated cost,loss,or damage that can result if a threat exploits a vulnerability.
Question
Protection of the U.S.computer networks is in the hands of the Department of the Interior (DOI).
Question
The Internet,or more specifically the Internet and network protocols,was never intended for use by untrusted users or components.
Question
Spam and spyware are the most frequently used technical security attack methods used by cybercriminals.
Question
An IP address uniquely identifies each computer connected to a network or the Internet.
Question
Computer security refers to the protection of data,networks,computer programs,computer power,and other elements of computerized information systems.
Question
Detection measures are actions that will make criminals abandon their idea of attacking a specific system.
Question
The CyberCop Portal analyzes and combats cyberthreats and vulnerabilities.
Question
Validation is the assurance that online customers or trading partners cannot falsely deny their purchase or transaction.
Question
There is a clear shift in the nature of the operation of computer criminals from the desire for fame to the desire for financial gain.
Question
Fraud is aimed mostly against organizations.
Question
Seattle's Northwest Hospital and Medical Center was attacked by malware that was able to enter their network through a Windows flaw.
Question
Key logs provide the means to reconstruct what specific actions have occurred and may help EC security investigators identify the person or program that performed unauthorized actions.
Question
A macro virus or macro worm is executed when the application object that contains the macro is opened or a particular procedure is executed.
Question
Social engineering refers to criminals tricking unsuspecting people into giving them information or access that they should not have.
Question
A cyberwar occurs when computers are set up to attack other computers in the same or other organizations.
Question
Data leaks were the most important EC security management concern for 2011.
Question
The Internet was designed for maximum efficiency and security by providing for error checking to ensure that the message was sent and received correctly,user authentication,and access control.
Question
Phishing is an example of a technical attack.
Question
________ is a crimeware technique used to steal the identity of target companies to get the identities of their customers.

A) Spamming
B) Pretexting
C) Social engineering
D) Phishing
Question
Protecting information and information systems from unauthorized access,use,disclosure,disruption,modification,perusal,inspection,recording,or destruction best defines

A) information security.
B) security audit.
C) anti-virus protection.
D) incident management.
Question
Network viruses can enter through unprotected ports and compromise the whole network.
Question
Risk aversion is an approach oriented toward prevention and seeks to minimize the chance of avoidable disasters.
Question
The ________ translates or converts domain names to their IP addresses.

A) IPS
B) DOS
C) VPN
D) DNS
Question
Acceptable use policies (AUP)inform users of their responsibilities when a cyberattack or network intrusion has occurred.
Question
A digital envelope is the combination of the encrypted original message and the digital signature,using the recipient's public key.
Question
Girlfriend Trojans come to life when computer owners visit one of a number of online banking or e-commerce sites.
Question
Due care in EC are those actions that a company is reasonably expected to take based on the risks affecting its business and online transactions.
Question
Ninety-three percent of companies that suffer a significant data loss go out of business within 5 years.
Question
Biometric systems are authentication systems that identify a person by measurement of a biological characteristic,such as fingerprints,iris patterns,facial features,or voice.
Question
General controls are intended to protect specific applications.
Question
Access control is a mechanism that determines who can legitimately use a network resource.
Question
Splogs are software applications that have some degree of reactivity,autonomy,and adaptability.An agent is able to adapt itself based on changes occurring in its environment.
Question
________ refers to the e-markets for stolen information.

A) Internet underground economy
B) Denial of service
C) Cybercriminal
D) Virtual private network
Question
________ systems are highly useful for both law enforcement and for law breaking,for example,by providing a means to obtain passwords or encryption keys and thus bypassing other security measures.

A) Biometric
B) Keystroke logging
C) Access control
D) Intrusion detection
Question
An intrusion detection system uses the public Internet to carry information but remains private by using encryption,authentication,and access control to verify the identity of anyone using the network.
Question
Malvertising is fake online advertising designed to trick you into downloading malicious software onto your computer.
Question
The success of an EC security strategy and program depends on the commitment and involvement of senior management.
Question
A honeypot is a production system that looks like it does real work,but acts as a decoy and is watched to study how network intrusions occur.
Question
The estimated cost,loss,or damage that can result if a threat exploits a vulnerability best describes

A) total cost of ownership.
B) present value of risk.
C) exposure.
D) risk feasibility assessment.
Question
A malicious hacker who may represent a serious problem for a corporation best describes a

A) cyberspy.
B) cracker.
C) web surfer.
D) Internet commando.
Question
Creating a rogue copy of a popular website that shows contents similar to the original to a Web crawler.Once there,an unsuspecting user is redirected to malicious websites.This description is indicative of

A) electronic splogging.
B) cyberworming.
C) page hijacking.
D) spamming.
Question
An attack on a website in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources best describes

A) cyberraid.
B) denial-of-service attack.
C) cyberhijacking.
D) botnet infestation.
Question
The protection of information systems against unauthorized access to or modification of information that is stored,processed,or being sent over a network is referred to as

A) information assurance.
B) data integrity.
C) information integrity.
D) human firewall.
Question
A generic term for malicious software is

A) NOS.
B) ad-aware.
C) spynet.
D) malware.
Question
A program that appears to have a useful function but that contains a hidden function that presents a security risk best defines

A) virus.
B) worm.
C) Trojan horse.
D) botnet.
Question
The probability that a vulnerability will be known and used best describes

A) risk.
B) feasibility.
C) security fault.
D) splog point.
Question
According to Sullivan (2011),the vulnerabilities in Business IT and EC systems include each of the following organizational weaknesses except

A) end-user training and security awareness.
B) lax security with mobile devices.
C) inappropriate use of business computers and network services.
D) closed systems not reacting quickly enough to security breaches.
Question
The assurance that an online customer or trading partner cannot falsely deny their purchase or transaction is referred to as

A) integrity.
B) availability.
C) authentication.
D) nonrepudiation.
Question
A type of nontechnical attack that uses some ruse to trick users into revealing information or performing an action that compromises a computer or network best describes

A) splog.
B) social engineering.
C) viral email.
D) identity theft.
Question
Computers infected with malware that are under the control of a spammer,hacker,or other criminal best describes

A) fraud servers.
B) electronic defenders.
C) zombies.
D) cyber warriors.
Question
A plan that keeps the business running after a disaster occurs best defines

A) security audit specifications.
B) business continuity plan.
C) vulnerability assessment plan.
D) project initiation plan.
Question
The process of verifying the real identity of an individual,computer,computer program,or EC website best defines

A) vulnerability assessment.
B) security audit.
C) authentication.
D) authorization.
Question
A strategy that views EC security as the process of preventing and detecting unauthorized use of the organization's brand,identity,website,e-mail,information,or other asset and attempts to defraud the organization,its customers,and employees best describes

A) feasibility assessment.
B) EC security strategy.
C) information systems security plan.
D) disaster recovery plan.
Question
The process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform is known as

A) integrity.
B) availability.
C) authorization.
D) nonrepudiation.
Question
A software program that runs independently,consuming the resources of its host in order to maintain itself,that is capable of propagating a complete working version of itself onto another machine best describes

A) splog.
B) tidal wave.
C) Trojan horse.
D) worm.
Question
Unintentional threats include each of the following except

A) human errors.
B) environmental hazards.
C) computer system malfunctions.
D) identity theft.
Question
According to Sullivan (2011),vulnerabilities in IT and EC systems include each of the following except

A) poor application security.
B) weak boundary security.
C) lack of environmental support.
D) unencrypted communications.
Question
Someone who gains unauthorized access to a computer system best describes a

A) hacker.
B) network technician.
C) cyberwarrior.
D) cyberseeker.
Question
A botnet is a

A) collection of a few hundred hijacked Internet computers that have been set up to forward traffic, including spam and viruses, to other computers on the Internet.
B) piece of software code that inserts itself into a host or operating system to launch DoS attacks.
C) piece of code in a worm that spreads rapidly and exploits some known vulnerability.
D) coordinated network of computers that can scan and compromise other computers and launch DoS attacks.
Question
The key reasons why EC criminals cannot be stopped include each of the following except

A) sophisticated hackers use browsers to crack into Web sites.
B) strong EC security makes online shopping inconvenient and demanding on customers.
C) there is a lack of cooperation from credit card issuers and foreign ISPs.
D) online shoppers do not take necessary precautions to avoid becoming a victim.
Question
Fingerprint scanners,facial recognition systems,and voice recognition are examples of ________ that recognize a person by some physical trait.

A) biometric systems
B) human firewalls
C) intrusion detection systems
D) access control lists
Question
A method used to ensure confidentiality and integrity of data transmitted over the Internet by encrypting data packets,sending them in packets across the Internet,and decrypting them at the destination address best defines

A) data wrapping.
B) message envelope.
C) protocol tunneling.
D) Trojan horse.
Question
Security functions or characteristics of digital signatures include all of the following except

A) a digital signature is the electronic equivalent of a personal signature, which can be forged.
B) digital signatures are based on public keys for authenticating the identity of the sender of a message or document.
C) digital signatures ensure that the original content of an electronic message or document is unchanged.
D) digital signatures are portable.
Question
A page that uses techniques that deliberately subvert a search engine's algorithms to artificially inflate the page's ranking best describes

A) Trojan page.
B) spam site.
C) zombie.
D) search engine imposter.
Question
Which of the following refers to the assurance that access to data,the website,or other EC data service is timely,available,reliable,and restricted to authorized users?

A) spontaneity
B) confidentiality
C) integrity
D) availability
Question
An exercise that determines the impact of losing the support of an EC resource to an organization and establishes the escalation of that loss over time,identifies the minimum resources needed to recover,and prioritizes the recovery of processes and supporting systems best describes

A) business continuity plan.
B) business impact analysis.
C) vulnerability assessment.
D) computer security incident management.
Question
A mathematical computation that is applied to a message,using a private key to encrypt the message,best defines

A) locking code.
B) Sharpe ratio.
C) hash.
D) standard deviation.
Question
Advantages of virtual private networks include each of the following except

A) they are less expensive than private leased lines because they use the public Internet to carry information.
B) they ensure the confidentiality and integrity of the data transmitted over the Internet without requiring encryption.
C) they can reduce communication costs dramatically because VPN equipment is cheaper than other remote solutions.
D) remote users can use broadband connections rather than make long distance calls to access an organization's private network.
Question
Which of the following refers to the assurance of data privacy and accuracy?

A) integrity
B) availability
C) confidentiality
D) security
Question
Software that gathers user information over an Internet connection without the user's knowledge best defines

A) spyware.
B) Trojan horse.
C) zombie.
D) search engine spam.
Question
An EC security strategy and program begins with

A) the commitment and involvement of executive management.
B) layers of hardware and software defenses.
C) information security policies and training.
D) secure design of EC applications.
Question
The mathematical formula used to encrypt the plaintext into the ciphertext,and vice versa best defines

A) key space.
B) encryption algorithm.
C) locking algorithm.
D) public key infrastructure.
Question
A method of evaluating the security of a computer system or a network by simulating an attack from a malicious source best describes

A) vulnerability assessment.
B) penetration test.
C) security breach.
D) cyber audit.
Question
The large number of possible key values created by the algorithm to use when transforming the message best describes

A) determinate.
B) encryption code.
C) encryption lock.
D) key space.
Question
The success and security of EC can be measured by

A) encryption, functionality, and privacy.
B) quality, reliability, and speed.
C) authentication, authorization, and nonrepudiation.
D) confidentiality, integrity, and availability.
Question
Which of the following refers to the process of identifying,quantifying,and prioritizing the vulnerabilities in a system?

A) vulnerability assessment
B) feasibility assessment
C) initial security report
D) certification audit
Question
A summary of a message converted into a string of digits after the hash has been applied best describes

A) reference rate.
B) message digest.
C) digital certificate.
D) key code.
Question
Each of the following is a characteristic of access control except

A) access control determines which persons, programs, or machines can legitimately use a network resource and which resources he, she, or it can use.
B) access control lists (ACLs) define users' rights, such as what they are allowed to read, view, write, print, copy, delete, execute, modify, or move.
C) all resources need to be considered together to identify the rights of users or categories of users.
D) after a user has been identified, the user must be authenticated.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/85
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 9: E-Commerce Security and Fraud Protection
1
A cyberwarrior is a person who intentionally carries out crimes over the Internet.
False
2
Exposure is the estimated cost,loss,or damage that can result if a threat exploits a vulnerability.
True
3
Protection of the U.S.computer networks is in the hands of the Department of the Interior (DOI).
False
4
The Internet,or more specifically the Internet and network protocols,was never intended for use by untrusted users or components.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
5
Spam and spyware are the most frequently used technical security attack methods used by cybercriminals.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
6
An IP address uniquely identifies each computer connected to a network or the Internet.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
7
Computer security refers to the protection of data,networks,computer programs,computer power,and other elements of computerized information systems.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
8
Detection measures are actions that will make criminals abandon their idea of attacking a specific system.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
9
The CyberCop Portal analyzes and combats cyberthreats and vulnerabilities.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
10
Validation is the assurance that online customers or trading partners cannot falsely deny their purchase or transaction.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
11
There is a clear shift in the nature of the operation of computer criminals from the desire for fame to the desire for financial gain.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
12
Fraud is aimed mostly against organizations.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
13
Seattle's Northwest Hospital and Medical Center was attacked by malware that was able to enter their network through a Windows flaw.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
14
Key logs provide the means to reconstruct what specific actions have occurred and may help EC security investigators identify the person or program that performed unauthorized actions.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
15
A macro virus or macro worm is executed when the application object that contains the macro is opened or a particular procedure is executed.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
16
Social engineering refers to criminals tricking unsuspecting people into giving them information or access that they should not have.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
17
A cyberwar occurs when computers are set up to attack other computers in the same or other organizations.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
18
Data leaks were the most important EC security management concern for 2011.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
19
The Internet was designed for maximum efficiency and security by providing for error checking to ensure that the message was sent and received correctly,user authentication,and access control.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
20
Phishing is an example of a technical attack.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
21
________ is a crimeware technique used to steal the identity of target companies to get the identities of their customers.

A) Spamming
B) Pretexting
C) Social engineering
D) Phishing
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
22
Protecting information and information systems from unauthorized access,use,disclosure,disruption,modification,perusal,inspection,recording,or destruction best defines

A) information security.
B) security audit.
C) anti-virus protection.
D) incident management.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
23
Network viruses can enter through unprotected ports and compromise the whole network.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
24
Risk aversion is an approach oriented toward prevention and seeks to minimize the chance of avoidable disasters.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
25
The ________ translates or converts domain names to their IP addresses.

A) IPS
B) DOS
C) VPN
D) DNS
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
26
Acceptable use policies (AUP)inform users of their responsibilities when a cyberattack or network intrusion has occurred.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
27
A digital envelope is the combination of the encrypted original message and the digital signature,using the recipient's public key.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
28
Girlfriend Trojans come to life when computer owners visit one of a number of online banking or e-commerce sites.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
29
Due care in EC are those actions that a company is reasonably expected to take based on the risks affecting its business and online transactions.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
30
Ninety-three percent of companies that suffer a significant data loss go out of business within 5 years.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
31
Biometric systems are authentication systems that identify a person by measurement of a biological characteristic,such as fingerprints,iris patterns,facial features,or voice.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
32
General controls are intended to protect specific applications.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
33
Access control is a mechanism that determines who can legitimately use a network resource.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
34
Splogs are software applications that have some degree of reactivity,autonomy,and adaptability.An agent is able to adapt itself based on changes occurring in its environment.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
35
________ refers to the e-markets for stolen information.

A) Internet underground economy
B) Denial of service
C) Cybercriminal
D) Virtual private network
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
36
________ systems are highly useful for both law enforcement and for law breaking,for example,by providing a means to obtain passwords or encryption keys and thus bypassing other security measures.

A) Biometric
B) Keystroke logging
C) Access control
D) Intrusion detection
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
37
An intrusion detection system uses the public Internet to carry information but remains private by using encryption,authentication,and access control to verify the identity of anyone using the network.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
38
Malvertising is fake online advertising designed to trick you into downloading malicious software onto your computer.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
39
The success of an EC security strategy and program depends on the commitment and involvement of senior management.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
40
A honeypot is a production system that looks like it does real work,but acts as a decoy and is watched to study how network intrusions occur.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
41
The estimated cost,loss,or damage that can result if a threat exploits a vulnerability best describes

A) total cost of ownership.
B) present value of risk.
C) exposure.
D) risk feasibility assessment.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
42
A malicious hacker who may represent a serious problem for a corporation best describes a

A) cyberspy.
B) cracker.
C) web surfer.
D) Internet commando.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
43
Creating a rogue copy of a popular website that shows contents similar to the original to a Web crawler.Once there,an unsuspecting user is redirected to malicious websites.This description is indicative of

A) electronic splogging.
B) cyberworming.
C) page hijacking.
D) spamming.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
44
An attack on a website in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources best describes

A) cyberraid.
B) denial-of-service attack.
C) cyberhijacking.
D) botnet infestation.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
45
The protection of information systems against unauthorized access to or modification of information that is stored,processed,or being sent over a network is referred to as

A) information assurance.
B) data integrity.
C) information integrity.
D) human firewall.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
46
A generic term for malicious software is

A) NOS.
B) ad-aware.
C) spynet.
D) malware.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
47
A program that appears to have a useful function but that contains a hidden function that presents a security risk best defines

A) virus.
B) worm.
C) Trojan horse.
D) botnet.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
48
The probability that a vulnerability will be known and used best describes

A) risk.
B) feasibility.
C) security fault.
D) splog point.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
49
According to Sullivan (2011),the vulnerabilities in Business IT and EC systems include each of the following organizational weaknesses except

A) end-user training and security awareness.
B) lax security with mobile devices.
C) inappropriate use of business computers and network services.
D) closed systems not reacting quickly enough to security breaches.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
50
The assurance that an online customer or trading partner cannot falsely deny their purchase or transaction is referred to as

A) integrity.
B) availability.
C) authentication.
D) nonrepudiation.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
51
A type of nontechnical attack that uses some ruse to trick users into revealing information or performing an action that compromises a computer or network best describes

A) splog.
B) social engineering.
C) viral email.
D) identity theft.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
52
Computers infected with malware that are under the control of a spammer,hacker,or other criminal best describes

A) fraud servers.
B) electronic defenders.
C) zombies.
D) cyber warriors.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
53
A plan that keeps the business running after a disaster occurs best defines

A) security audit specifications.
B) business continuity plan.
C) vulnerability assessment plan.
D) project initiation plan.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
54
The process of verifying the real identity of an individual,computer,computer program,or EC website best defines

A) vulnerability assessment.
B) security audit.
C) authentication.
D) authorization.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
55
A strategy that views EC security as the process of preventing and detecting unauthorized use of the organization's brand,identity,website,e-mail,information,or other asset and attempts to defraud the organization,its customers,and employees best describes

A) feasibility assessment.
B) EC security strategy.
C) information systems security plan.
D) disaster recovery plan.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
56
The process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform is known as

A) integrity.
B) availability.
C) authorization.
D) nonrepudiation.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
57
A software program that runs independently,consuming the resources of its host in order to maintain itself,that is capable of propagating a complete working version of itself onto another machine best describes

A) splog.
B) tidal wave.
C) Trojan horse.
D) worm.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
58
Unintentional threats include each of the following except

A) human errors.
B) environmental hazards.
C) computer system malfunctions.
D) identity theft.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
59
According to Sullivan (2011),vulnerabilities in IT and EC systems include each of the following except

A) poor application security.
B) weak boundary security.
C) lack of environmental support.
D) unencrypted communications.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
60
Someone who gains unauthorized access to a computer system best describes a

A) hacker.
B) network technician.
C) cyberwarrior.
D) cyberseeker.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
61
A botnet is a

A) collection of a few hundred hijacked Internet computers that have been set up to forward traffic, including spam and viruses, to other computers on the Internet.
B) piece of software code that inserts itself into a host or operating system to launch DoS attacks.
C) piece of code in a worm that spreads rapidly and exploits some known vulnerability.
D) coordinated network of computers that can scan and compromise other computers and launch DoS attacks.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
62
The key reasons why EC criminals cannot be stopped include each of the following except

A) sophisticated hackers use browsers to crack into Web sites.
B) strong EC security makes online shopping inconvenient and demanding on customers.
C) there is a lack of cooperation from credit card issuers and foreign ISPs.
D) online shoppers do not take necessary precautions to avoid becoming a victim.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
63
Fingerprint scanners,facial recognition systems,and voice recognition are examples of ________ that recognize a person by some physical trait.

A) biometric systems
B) human firewalls
C) intrusion detection systems
D) access control lists
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
64
A method used to ensure confidentiality and integrity of data transmitted over the Internet by encrypting data packets,sending them in packets across the Internet,and decrypting them at the destination address best defines

A) data wrapping.
B) message envelope.
C) protocol tunneling.
D) Trojan horse.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
65
Security functions or characteristics of digital signatures include all of the following except

A) a digital signature is the electronic equivalent of a personal signature, which can be forged.
B) digital signatures are based on public keys for authenticating the identity of the sender of a message or document.
C) digital signatures ensure that the original content of an electronic message or document is unchanged.
D) digital signatures are portable.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
66
A page that uses techniques that deliberately subvert a search engine's algorithms to artificially inflate the page's ranking best describes

A) Trojan page.
B) spam site.
C) zombie.
D) search engine imposter.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
67
Which of the following refers to the assurance that access to data,the website,or other EC data service is timely,available,reliable,and restricted to authorized users?

A) spontaneity
B) confidentiality
C) integrity
D) availability
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
68
An exercise that determines the impact of losing the support of an EC resource to an organization and establishes the escalation of that loss over time,identifies the minimum resources needed to recover,and prioritizes the recovery of processes and supporting systems best describes

A) business continuity plan.
B) business impact analysis.
C) vulnerability assessment.
D) computer security incident management.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
69
A mathematical computation that is applied to a message,using a private key to encrypt the message,best defines

A) locking code.
B) Sharpe ratio.
C) hash.
D) standard deviation.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
70
Advantages of virtual private networks include each of the following except

A) they are less expensive than private leased lines because they use the public Internet to carry information.
B) they ensure the confidentiality and integrity of the data transmitted over the Internet without requiring encryption.
C) they can reduce communication costs dramatically because VPN equipment is cheaper than other remote solutions.
D) remote users can use broadband connections rather than make long distance calls to access an organization's private network.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
71
Which of the following refers to the assurance of data privacy and accuracy?

A) integrity
B) availability
C) confidentiality
D) security
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
72
Software that gathers user information over an Internet connection without the user's knowledge best defines

A) spyware.
B) Trojan horse.
C) zombie.
D) search engine spam.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
73
An EC security strategy and program begins with

A) the commitment and involvement of executive management.
B) layers of hardware and software defenses.
C) information security policies and training.
D) secure design of EC applications.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
74
The mathematical formula used to encrypt the plaintext into the ciphertext,and vice versa best defines

A) key space.
B) encryption algorithm.
C) locking algorithm.
D) public key infrastructure.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
75
A method of evaluating the security of a computer system or a network by simulating an attack from a malicious source best describes

A) vulnerability assessment.
B) penetration test.
C) security breach.
D) cyber audit.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
76
The large number of possible key values created by the algorithm to use when transforming the message best describes

A) determinate.
B) encryption code.
C) encryption lock.
D) key space.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
77
The success and security of EC can be measured by

A) encryption, functionality, and privacy.
B) quality, reliability, and speed.
C) authentication, authorization, and nonrepudiation.
D) confidentiality, integrity, and availability.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
78
Which of the following refers to the process of identifying,quantifying,and prioritizing the vulnerabilities in a system?

A) vulnerability assessment
B) feasibility assessment
C) initial security report
D) certification audit
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
79
A summary of a message converted into a string of digits after the hash has been applied best describes

A) reference rate.
B) message digest.
C) digital certificate.
D) key code.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
80
Each of the following is a characteristic of access control except

A) access control determines which persons, programs, or machines can legitimately use a network resource and which resources he, she, or it can use.
B) access control lists (ACLs) define users' rights, such as what they are allowed to read, view, write, print, copy, delete, execute, modify, or move.
C) all resources need to be considered together to identify the rights of users or categories of users.
D) after a user has been identified, the user must be authenticated.
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 85 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree