Professional Documents
Culture Documents
1) Typically, the more security measures added to an e-commerce site, the slower and more
difficult it becomes to use.
Answer: TRUE
Page Ref: 258-259
Difficulty: Moderate
AACSB: Information technology
3) A Trojan horse appears to be benign, but then does something other than expected.
Answer: TRUE
Page Ref: 263
Difficulty: Moderate
AACSB: Information technology
6) Spoofing involves attempting to hide a true identity by using someone else's e-mail or IP
address.
Answer: TRUE
Page Ref: 272
Difficulty: Difficult
AACSB: Information technology
10) The easiest and least expensive way to prevent threats to system integrity is to install anti-
virus software.
Answer: TRUE
Page Ref: 295
Difficulty: Moderate
AACSB: Information technology
12) Credit cards are the dominant form of online payment throughout the world.
Answer: FALSE
Page Ref: 302
Difficulty: Easy
AACSB: Application of knowledge
14) Digital cash is legal tender that is instantly convertible into other forms of value without the
intermediation of any third parties.
Answer: FALSE
Page Ref: 308
Difficulty: Difficult
AACSB: Information technology
15) There is a finite number of Bitcoins that can be created.
Answer: TRUE
Page Ref: 309
Difficulty: Moderate
AACSB: Information technology
16) All of the following experienced high-profile data breaches in 2013 except:
A) Evernote.
B) Home Depot.
C) Sony.
D) Adobe.
Answer: C
Page Ref: 268
Difficulty: Moderate
AACSB: Application of knowledge
18) The overall rate of online credit card fraud is ________ % of all online card transactions.
A) less than 1
B) around 5
C) around 10
D) around 15
Answer: A
Page Ref: 271
Difficulty: Difficult
AACSB: Information technology
19) In the United States, the primary form of online payment is:
A) PayPal.
B) Bill Me Later.
C) Amazon Payment.
D) Google Wallet.
Answer: A
Page Ref: 303
Difficulty: Easy
AACSB: Information technology
20) Privacy is sometimes confused with:
A) confidentiality.
B) authenticity.
C) integrity.
D) nonrepudiation.
Answer: A
Page Ref: 257
Difficulty: Easy
AACSB: Application of knowledge
21) ________ refers to the ability to ensure that e-commerce participants do not deny their online
actions.
A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity
Answer: A
Page Ref: 257
Difficulty: Moderate
AACSB: Information technology
22) ________ refers to the ability to identify the person or entity with whom you are dealing on
the Internet.
A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity
Answer: B
Page Ref: 257
Difficulty: Moderate
AACSB: Information technology
26) ________ refers to the ability to ensure that messages and data are only available to those
authorized to view them.
A) Confidentiality
B) Integrity
C) Privacy
D) Availability
Answer: A
Page Ref: 257
Difficulty: Moderate
AACSB: Information technology
27) Which of the following is not a key point of vulnerability when dealing with e-commerce?
A) the client computer
B) the server
C) the communications pipeline
D) the credit card companies
Answer: D
Page Ref: 260-261
Difficulty: Moderate
AACSB: Information technology
28) Accessing data without authorization on Dropbox is an example of which of the following?
A) social network security issue
B) cloud security issue
C) mobile platform security issue
D) sniffing
Answer: B
Page Ref: 280
Difficulty: Moderate
AACSB: Information technology
30) Most of the world's malware is delivered via which of the following?
A) viruses
B) worms
C) Trojan horses
D) botnets
Answer: C
Page Ref: 263
Difficulty: Moderate
AACSB: Information technology
34) In 2013, the Target retail chain experienced which of the following?
A) a large-scale data breach
B) a DDoS attack that shut down its Web site
C) a hacktivist attack to protest its wage policies
D) a browser parasite
Answer: A
Page Ref: 269-270
Difficulty: Easy
AACSB: Information technology
35) What is the most frequent cause of stolen credit cards and card information today?
A) lost cards
B) the hacking and looting of corporate servers storing credit card information
C) sniffing programs
D) phishing attacks
Answer: B
Page Ref: 271
Difficulty: Moderate
AACSB: Information technology
36) Which dimension(s) of security is spoofing a threat to?
A) integrity
B) availability
C) integrity and authenticity
D) availability and integrity
Answer: C
Page Ref: 272
Difficulty: Difficult
AACSB: Analytical thinking
39) All the following statements about symmetric key cryptography are true except:
A) in symmetric key cryptography, both the sender and the receiver use the same key to encrypt
and decrypt a message.
B) the Data Encryption Standard is a symmetric key encryption system.
C) symmetric key cryptography is computationally slower.
D) symmetric key cryptography is a key element in digital envelopes.
Answer: C
Page Ref: 282-283
Difficulty: Difficult
AACSB: Information technology
40) The Data Encryption Standard uses a(n) ________-bit key.
A) 8
B) 56
C) 256
D) 512
Answer: B
Page Ref: 283
Difficulty: Difficult
AACSB: Information technology
41) All of the following statements about public key cryptography are true except:
A) public key cryptography uses two mathematically related digital keys.
B) public key cryptography ensures authentication of the sender.
C) public key cryptography does not ensure message integrity.
D) public key cryptography is based on the idea of irreversible mathematical functions.
Answer: B
Page Ref: 283-284
Difficulty: Difficult
AACSB: Information technology
42) Which of the following is the current standard used to protect Wi-Fi networks?
A) WEP
B) TLS
C) WPA2
D) WPA3
Answer: C
Page Ref: 292
Difficulty: Moderate
AACSB: Information technology
43) All of the following statements about PKI are true except:
A) The term PKI refers to the certification authorities and digital certificate procedures that are
accepted by all parties.
B) PKI is not effective against insiders who have a legitimate access to corporate systems
including customer information.
C) PKI guarantees that the verifying computer of the merchant is secure.
D) The acronym PKI stands for public key infrastructure.
Answer: C
Page Ref: 288-289
Difficulty: Difficult
AACSB: Information technology
44) A digital certificate contains all of the following except the:
A) subject's private key.
B) subject's public key.
C) digital signature of the certification authority.
D) digital certificate serial number.
Answer: A
Page Ref: 288-289
Difficulty: Difficult
AACSB: Information technology
45) Which of the following dimensions of e-commerce security is not provided for by
encryption?
A) confidentiality
B) availability
C) message integrity
D) nonrepudiation
Answer: B
Page Ref: 281
Difficulty: Difficult
AACSB: Information technology
46) All of the following are methods of securing channels of communication except:
A) SSL/TLS.
B) certificates.
C) VPN.
D) FTP.
Answer: D
Page Ref: 290-292
Difficulty: Moderate
AACSB: Information technology
47) A ________ is hardware or software that acts as a filter to prevent unwanted packets from
entering a network.
A) firewall
B) virtual private network
C) proxy server
D) PPTP
Answer: A
Page Ref: 293
Difficulty: Easy
AACSB: Information technology
48) Proxy servers are also known as:
A) firewalls.
B) application gateways.
C) dual home systems.
D) packet filters.
Answer: C
Page Ref: 294
Difficulty: Moderate
AACSB: Information technology
51) An intrusion detection system can perform all of the following functions except:
A) examining network traffic.
B) setting off an alarm when suspicious activity is detected.
C) checking network traffic to see if it matches certain patterns or preconfigured rules.
D) blocking suspicious activity.
Answer: D
Page Ref: 295
Difficulty: Moderate
AACSB: Information technology
52) Which of the following is not an example of an access control?
A) firewalls
B) proxy servers
C) digital signatures
D) login passwords
Answer: C
Page Ref: 297
Difficulty: Moderate
AACSB: Information technology
53) Online bill payment now accounts for ________ of all bill payments, while paper checks
account for ________.
A) less than 10%, less than 25%
B) about 25%, about 10%
C) more than 50%, less than 25%
D) 100%, 0%
Answer: C
Page Ref: 311
Difficulty: Difficult
AACSB: Information technology
54) To allow lower-level employees access to the corporate network while preventing them from
accessing private human resources documents, you would use:
A) access controls.
B) an authorization management system.
C) security tokens.
D) an authorization policy.
Answer: B
Page Ref: 298
Difficulty: Easy
AACSB: Information technology
58) In May 2014, the U.S. Department of Justice indicted five army members from which of the
following countries for conducting industrial espionage against U.S. Steel and Westinghouse?
A) Russia
B) China
C) Iran
D) Iraq
Answer: B
Page Ref: 250
Difficulty: Moderate
AACSB: Application of knowledge
61) Malware that comes with a downloaded file that a user requests is called a:
A) Trojan horse.
B) backdoor.
C) drive-by download.
D) PUP.
Answer: C
Page Ref: 262
Difficulty: Moderate
AACSB: Information technology
63) All of the following are limitations of the existing online credit card payment system except:
A) poor security.
B) cost to consumers.
C) cost to merchant.
D) social equity.
Answer: B
Page Ref: 305
Difficulty: Moderate
AACSB: Application of knowledge
64) Linden Dollars, created for use in Second Life, are an example of:
A) digital cash.
B) virtual currency.
C) EBPP.
D) peer-to-peer payment systems.
Answer: B
Page Ref: 308
Difficulty: Moderate
AACSB: Information technology
65) Which of the following is a set of short-range wireless technologies used to share
information among devices within about 2 inches of each other?
A) DES
B) NFC
C) IM
D) text messaging
Answer: B
Page Ref: 307
Difficulty: Difficult
AACSB: Information technology
67) To allow employees to connect securely over the Internet to their corporate network, you
would use a(n) ________.
Answer: VPN, virtual private network
Page Ref: 292
Difficulty: Moderate
AACSB: Information technology
68) ________ relies on human curiosity, greed, and gullibility to trick people into taking action
that will result in the downloading of malware.
Answer: Social engineering
Page Ref: 266
Difficulty: Moderate
AACSB: Information technology
69) A(n) ________ helps organizations locate and fix security flaws.
Answer: white hat
Page Ref: 268
Difficulty: Easy
AACSB: Information technology
70) Automatically redirecting a Web link to a different address is called ________.
Answer: pharming
Page Ref: 272
Difficulty: Moderate
AACSB: Information technology
71) A(n) ________ vulnerability involves a vulnerability unknown to security experts that is
actively exploited before there is a patch available.
Answer: zero-day
Page Ref: 275
Difficulty: Moderate
AACSB: Information technology
73) ________ text is text that has been encrypted and thus cannot be read by anyone other than
the sender and the receiver.
Answer: Cipher
Page Ref: 281
Difficulty: Moderate
AACSB: Information technology
74) ________ typically attack governments, organizations, and sometimes individuals for
political purposes.
Answer: Hacktivists
Page Ref: 268
Difficulty: Moderate
AACSB: Information technology
75) The most common form of securing a digital channel of communication is ________.
Answer: SSL/TLS, Secure Sockets Layer/Transport Layer Security
Page Ref: 290
Difficulty: Difficult
AACSB: Information technology
76) A(n) ________ is a feature of viruses, worms, and Trojans that allows an attacker to remotely
access a compromised computer.
Answer: backdoor
Page Ref: 263
Difficulty: Moderate
AACSB: Information technology
77) To internal computers, a proxy server is known as the ________.
Answer: gateway
Page Ref: 294
Difficulty: Moderate
AACSB: Information technology
78) Using a technique referred to as ________, mobile application developers use their private
key to encrypt a digital signature.
Answer: code signing
Page Ref: 289
Difficulty: Moderate
AACSB: Information technology
80) ________ enables the online delivery and payment of monthly bills.
Answer: EBPP, Electronic billing presentment and payment
Page Ref: 308
Difficulty: Moderate
AACSB: Information technology