CHAP5QUIZ

Chapter 5
1) Typically, the more security measures added to an e-commerce site, the slower and more
difficult it becomes to use.
Answer: TRUE
Page Ref: 258-259
Difficulty: Moderate
AACSB: Information technology
2) A worm needs to be activated by a user in order for it to replicate itself.

Answer: FALSE
Page Ref: 262
3) A Trojan horse appears to be benign, but then does something other than expected.
Answer: TRUE
Page Ref: 263
4) Phishing attacks rely on browser parasites.

Answer: FALSE
Page Ref: 264, 266
5) CryptoLocker is an example of ransomware.

Answer: TRUE
Page Ref: 263
6) Spoofing involves attempting to hide a true identity by using someone else's e-mail or IP
address.
Answer: TRUE
Page Ref: 272
Difficulty: Difficult
7) The Java Runtime Environment is a frequent target of exploit kits.

Answer: TRUE
Page Ref: 261
8) Smishing attacks exploit SMS messages.

Answer: TRUE
Page Ref: 277
9) SLS/TLS provides irrefutability.

Answer: FALSE
Page Ref: 292
10) The easiest and least expensive way to prevent threats to system integrity is to install anti-
virus software.
Answer: TRUE
Page Ref: 295
11) The Heartbleed bug is an example of a software vulnerability.

Answer: TRUE
Page Ref: 275-276
12) Credit cards are the dominant form of online payment throughout the world.
Answer: FALSE
Page Ref: 302
Difficulty: Easy
AACSB: Application of knowledge
13) Apple Pay uses near field communication (NFC) chips.

Answer: TRUE
Page Ref: 302
14) Digital cash is legal tender that is instantly convertible into other forms of value without the
intermediation of any third parties.
Answer: FALSE
Page Ref: 308
15) There is a finite number of Bitcoins that can be created.
Answer: TRUE
Page Ref: 309
16) All of the following experienced high-profile data breaches in 2013 except:
A) Evernote.
B) Home Depot.
C) Sony.
D) Adobe.
Answer: C
Page Ref: 268
17) Bitcoins are an example of:

A) digital cash.
B) virtual currency.
C) a stored value payment system.
D) an EBPP system.
Answer: A
Page Ref: 309
18) The overall rate of online credit card fraud is ________ % of all online card transactions.
A) less than 1
B) around 5
C) around 10
D) around 15
Answer: A
Page Ref: 271
19) In the United States, the primary form of online payment is:
A) PayPal.
B) Bill Me Later.
C) Amazon Payment.
D) Google Wallet.
Answer: A
Page Ref: 303
Difficulty: Easy
20) Privacy is sometimes confused with:
A) confidentiality.
B) authenticity.
C) integrity.
D) nonrepudiation.
Answer: A
Page Ref: 257
Difficulty: Easy
21) ________ refers to the ability to ensure that e-commerce participants do not deny their online
actions.
A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity
Answer: A
Page Ref: 257
22) ________ refers to the ability to identify the person or entity with whom you are dealing on
the Internet.
A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity
Answer: B
Page Ref: 257
23) Which of the following is an example of an integrity violation of e-commerce security?

A) A Web site is not actually operated by the entity the customer believes it to be.
B) A merchant uses customer information in a manner not intended by the customer.
C) A customer denies that he or she is the person who placed the order.
D) An unauthorized person intercepts an online communication and changes its contents.
Answer: D
Page Ref: 257
AACSB: Analytical thinking
24) ________ refers to the ability to ensure that an e-commerce site continues to function as
intended.
A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity
Answer: C
Page Ref: 258
25) An example of an online privacy violation is:

A) your e-mail being read by a hacker.
B) your online purchasing history being sold to other merchants without your consent.
C) your computer being used as part of a botnet.
D) your e-mail being altered by a hacker.
Answer: B
Page Ref: 257-258
26) ________ refers to the ability to ensure that messages and data are only available to those
authorized to view them.
A) Confidentiality
B) Integrity
C) Privacy
D) Availability
Answer: A
Page Ref: 257
27) Which of the following is not a key point of vulnerability when dealing with e-commerce?
A) the client computer
B) the server
C) the communications pipeline
D) the credit card companies
Answer: D
Page Ref: 260-261
28) Accessing data without authorization on Dropbox is an example of which of the following?
A) social network security issue
B) cloud security issue
C) mobile platform security issue
D) sniffing
Answer: B
Page Ref: 280
29) Which of the following is a prominent hacktivist group?

A) Anonymous
B) Anti-Phishing Working Group
C) IC3
D) Symantec
Answer: A
Page Ref: 268
30) Most of the world's malware is delivered via which of the following?
A) viruses
B) worms
C) Trojan horses
D) botnets
Answer: C
Page Ref: 263
31) Which of the following is the leading cause of data breaches?

A) theft of a computer
B) accidental disclosures
C) hackers
D) DDoS attacks
Answer: C
Page Ref: 268
32) Software that is used to obtain private user information such as a user's keystrokes or copies
of e-mail is referred to as:
A) spyware.
B) a backdoor.
C) pupware.
D) adware.
Answer: A
Page Ref: 266
33) Next generation firewalls provide all of the following except:

A) an application-centric approach to firewall control
B) the ability to identify applications regardless of the port, protocol, or security evasion tools
used
C) the ability to automatically update applications with security patches
D) the ability to identify users regardless of the device or IP address
Answer: C
Page Ref: 293
34) In 2013, the Target retail chain experienced which of the following?
A) a large-scale data breach
B) a DDoS attack that shut down its Web site
C) a hacktivist attack to protest its wage policies
D) a browser parasite
Answer: A
Page Ref: 269-270
Difficulty: Easy
35) What is the most frequent cause of stolen credit cards and card information today?
A) lost cards
B) the hacking and looting of corporate servers storing credit card information
C) sniffing programs
D) phishing attacks
Answer: B
Page Ref: 271
36) Which dimension(s) of security is spoofing a threat to?
A) integrity
B) availability
C) integrity and authenticity
D) availability and integrity
Answer: C
Page Ref: 272
37) All of the following are examples of malicious code except:

A) viruses.
B) bots.
C) worms.
D) sniffers.
Answer: D
Page Ref: 261-264
38) Symmetric key cryptography is also known as:

A) public key cryptography.
B) secret key cryptography.
C) PGP.
D) PKI.
Answer: B
Page Ref: 282
39) All the following statements about symmetric key cryptography are true except:
A) in symmetric key cryptography, both the sender and the receiver use the same key to encrypt
and decrypt a message.
B) the Data Encryption Standard is a symmetric key encryption system.
C) symmetric key cryptography is computationally slower.
D) symmetric key cryptography is a key element in digital envelopes.
Answer: C
Page Ref: 282-283
40) The Data Encryption Standard uses a(n) ________-bit key.
A) 8
B) 56
C) 256
D) 512
Answer: B
Page Ref: 283
41) All of the following statements about public key cryptography are true except:
A) public key cryptography uses two mathematically related digital keys.
B) public key cryptography ensures authentication of the sender.
C) public key cryptography does not ensure message integrity.
D) public key cryptography is based on the idea of irreversible mathematical functions.
Answer: B
Page Ref: 283-284
42) Which of the following is the current standard used to protect Wi-Fi networks?
A) WEP
B) TLS
C) WPA2
D) WPA3
Answer: C
Page Ref: 292
43) All of the following statements about PKI are true except:
A) The term PKI refers to the certification authorities and digital certificate procedures that are
accepted by all parties.
B) PKI is not effective against insiders who have a legitimate access to corporate systems
including customer information.
C) PKI guarantees that the verifying computer of the merchant is secure.
D) The acronym PKI stands for public key infrastructure.
Answer: C
Page Ref: 288-289
44) A digital certificate contains all of the following except the:
A) subject's private key.
B) subject's public key.
C) digital signature of the certification authority.
D) digital certificate serial number.
Answer: A
Page Ref: 288-289
45) Which of the following dimensions of e-commerce security is not provided for by
encryption?
A) confidentiality
B) availability
C) message integrity
D) nonrepudiation
Answer: B
Page Ref: 281
46) All of the following are methods of securing channels of communication except:
A) SSL/TLS.
B) certificates.
C) VPN.
D) FTP.
Answer: D
Page Ref: 290-292
47) A ________ is hardware or software that acts as a filter to prevent unwanted packets from
entering a network.
A) firewall
B) virtual private network
C) proxy server
D) PPTP
Answer: A
Page Ref: 293
Difficulty: Easy
48) Proxy servers are also known as:
A) firewalls.
B) application gateways.
C) dual home systems.
D) packet filters.
Answer: C
Page Ref: 294
49) All of the following are used for authentication except:

A) digital signatures.
B) certificates of authority.
C) biometric devices.
D) packet filters.
Answer: D
Page Ref: 297-298
50) What is the first step in developing an e-commerce security plan?

A) Create a security organization.
B) Develop a security policy.
C) Perform a risk assessment.
D) Perform a security audit.
Answer: C
Page Ref: 296
51) An intrusion detection system can perform all of the following functions except:
A) examining network traffic.
B) setting off an alarm when suspicious activity is detected.
C) checking network traffic to see if it matches certain patterns or preconfigured rules.
D) blocking suspicious activity.
Answer: D
Page Ref: 295
52) Which of the following is not an example of an access control?
A) firewalls
B) proxy servers
C) digital signatures
D) login passwords
Answer: C
Page Ref: 297
53) Online bill payment now accounts for ________ of all bill payments, while paper checks
account for ________.
A) less than 10%, less than 25%
B) about 25%, about 10%
C) more than 50%, less than 25%
D) 100%, 0%
Answer: C
Page Ref: 311
54) To allow lower-level employees access to the corporate network while preventing them from
accessing private human resources documents, you would use:
A) access controls.
B) an authorization management system.
C) security tokens.
D) an authorization policy.
Answer: B
Page Ref: 298
Difficulty: Easy
55) Zeus is an example of which of the following?

A) SQL injection attack
B) browser parasite
C) DDoS attack
D) Trojan horse
Answer: D
Page Ref: 263
56) All of the following statements about Apple Pay are true except which of the following?
A) Apple Pay is available for both iPhone 5s and iPhone 6s.
B) Apple Pay is based on Touch ID biometric fingerprint scanning.
C) Apple Pay can be used for mobile payments at the point of sale at a physical store.
D) Apple Pay relies on the consumer having a credit card on file with Apple's iTunes.
Answer: A
Page Ref: 307, 313-315
57) PayPal is an example of what type of payment system?

A) online stored value payment system
B) digital checking system
C) accumulating balance system
D) digital credit card system
Answer: A
Page Ref: 305
58) In May 2014, the U.S. Department of Justice indicted five army members from which of the
following countries for conducting industrial espionage against U.S. Steel and Westinghouse?
A) Russia
B) China
C) Iran
D) Iraq
Answer: B
Page Ref: 250
59) Rustock is an example of which of the following?

A) worm
B) botnet
C) phishing
D) hacktivism
Answer: B
Page Ref: 264
60) Which of the following is not a major trend in e-commerce payments in 2014-2015?
A) Mobile retail payment volume decreases.
B) PayPal remains the most popular alternative payment method.
C) Apple introduces Apple Pay.
D) Payment by credit and/or debit card remains the dominant form of online payment.
Answer: A
Page Ref: 302
61) Malware that comes with a downloaded file that a user requests is called a:
A) Trojan horse.
B) backdoor.
C) drive-by download.
D) PUP.
Answer: C
Page Ref: 262
62) Which of the following is not an example of a PUP?

A) adware
B) browser parasite
C) drive-by download
D) spyware
Answer: C
Page Ref: 264-265
63) All of the following are limitations of the existing online credit card payment system except:
A) poor security.
B) cost to consumers.
C) cost to merchant.
D) social equity.
Answer: B
Page Ref: 305
64) Linden Dollars, created for use in Second Life, are an example of:
A) digital cash.
B) virtual currency.
C) EBPP.
D) peer-to-peer payment systems.
Answer: B
Page Ref: 308
65) Which of the following is a set of short-range wireless technologies used to share
information among devices within about 2 inches of each other?
A) DES
B) NFC
C) IM
D) text messaging
Answer: B
Page Ref: 307
66) ________ was designed to cripple Iranian nuclear centrifuges.

Answer: Stuxnet
Page Ref: 249
67) To allow employees to connect securely over the Internet to their corporate network, you
would use a(n) ________.
Answer: VPN, virtual private network
Page Ref: 292
68) ________ relies on human curiosity, greed, and gullibility to trick people into taking action
that will result in the downloading of malware.
Answer: Social engineering
Page Ref: 266
69) A(n) ________ helps organizations locate and fix security flaws.
Answer: white hat
Page Ref: 268
Difficulty: Easy
70) Automatically redirecting a Web link to a different address is called ________.
Answer: pharming
Page Ref: 272
71) A(n) ________ vulnerability involves a vulnerability unknown to security experts that is
actively exploited before there is a patch available.
Answer: zero-day
Page Ref: 275
72) A fingerprint or retina (eye) scan is an example of ________.

Answer: biometrics
Page Ref: 298
73) ________ text is text that has been encrypted and thus cannot be read by anyone other than
the sender and the receiver.
Answer: Cipher
Page Ref: 281
74) ________ typically attack governments, organizations, and sometimes individuals for
political purposes.
Answer: Hacktivists
Page Ref: 268
75) The most common form of securing a digital channel of communication is ________.
Answer: SSL/TLS, Secure Sockets Layer/Transport Layer Security
Page Ref: 290
76) A(n) ________ is a feature of viruses, worms, and Trojans that allows an attacker to remotely
access a compromised computer.
Answer: backdoor
Page Ref: 263
77) To internal computers, a proxy server is known as the ________.
Answer: gateway
Page Ref: 294
78) Using a technique referred to as ________, mobile application developers use their private
key to encrypt a digital signature.
Answer: code signing
Page Ref: 289
79) Malicious code is sometimes also referred to as ________.

Answer: malware
Page Ref: 261
80) ________ enables the online delivery and payment of monthly bills.
Answer: EBPP, Electronic billing presentment and payment
Page Ref: 308

CHAP5QUIZ

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CHAP5QUIZ

Uploaded by

Copyright:

Available Formats

Chapter 5

2) A worm needs to be activated by a user in order for it to replicate itself.

4) Phishing attacks rely on browser parasites.

5) CryptoLocker is an example of ransomware.

7) The Java Runtime Environment is a frequent target of exploit kits.

8) Smishing attacks exploit SMS messages.

9) SLS/TLS provides irrefutability.

11) The Heartbleed bug is an example of a software vulnerability.

13) Apple Pay uses near field communication (NFC) chips.

17) Bitcoins are an example of:

23) Which of the following is an example of an integrity violation of e-commerce security?

25) An example of an online privacy violation is:

29) Which of the following is a prominent hacktivist group?

31) Which of the following is the leading cause of data breaches?

33) Next generation firewalls provide all of the following except:

37) All of the following are examples of malicious code except:

38) Symmetric key cryptography is also known as:

49) All of the following are used for authentication except:

50) What is the first step in developing an e-commerce security plan?

55) Zeus is an example of which of the following?

57) PayPal is an example of what type of payment system?

59) Rustock is an example of which of the following?

62) Which of the following is not an example of a PUP?

66) ________ was designed to cripple Iranian nuclear centrifuges.

72) A fingerprint or retina (eye) scan is an example of ________.

79) Malicious code is sometimes also referred to as ________.

You might also like