1. What is E-commerce? How does it differ from traditional commerce?

Explain in brief.
E-commerce, also known as electronic commerce, refers to the buying and selling of goods
and services over the internet. This type of commerce uses electronic devices such as
computers, laptops, smartphones, and tablets to conduct transactions online.
In contrast, traditional commerce, also known as brick-and-mortar commerce, refers to the
exchange of goods and services through physical stores or retail shops. This type of
commerce requires customers to visit the store in person and physically interact with the
products before making a purchase.
The main difference between e-commerce and traditional commerce is that e-commerce
operates entirely online, while traditional commerce operates through physical stores. This
difference greatly impacts the way transactions are conducted, as e-commerce relies on
electronic payment methods, while traditional commerce relies on physical payment methods
such as cash or credit/debit cards. Additionally, e-commerce provides customers with the
ability to shop from anywhere and at any time, while traditional commerce operates within a
limited geographical location and operating hours.
2. List benefits of e-commerce to customer, organizations and society.
Benefits of e-commerce to customers:
1. Convenience: Customers can shop from anywhere, at any time, without having to
leave their homes.
2. Wider Selection: E-commerce allows customers to access a larger selection of products
and services than they would have access to through traditional brick-and-mortar stores.
3. Price Comparison: E-commerce provides customers with the ability to compare prices
from multiple merchants in order to get the best deal.
4. Personalized Shopping Experience: E-commerce allows customers to personalize their
shopping experience through recommendations, product reviews, and personalized
advertisements.
Benefits of e-commerce to organizations:
1. Increased Reach: E-commerce allows organizations to reach a larger customer base
beyond their physical location.
2. Increased Efficiency: E-commerce automates many business processes, such as order
fulfillment and payment processing, increasing efficiency and reducing costs.
3. Improved Customer Relationships: E-commerce provides organizations with the
ability to interact with customers in real-time, allowing them to build stronger relationships
and provide better customer service.
Benefits of e-commerce to society:
1. Increased Employment: E-commerce creates job opportunities in areas such as web
development, marketing, and customer service.
2. Improved Access to Goods and Services: E-commerce provides consumers with
access to goods and services that may not be available in their physical location, improving
the overall quality of life for individuals and communities.
3. Environmental Sustainability: E-commerce reduces the need for physical retail spaces,
reducing the impact of commercial development on the environment.

1
 3. What do you mean about e commerce framework? Explain its major
components?
An e-commerce framework refers to a set of standards, processes, and technologies that
support the buying and selling of goods and services over the internet. It provides a
structured approach for businesses to conduct electronic transactions and manage customer
relationships.
The major components of an e-commerce framework include:
1. Payment Gateway: A payment gateway is a secure and encrypted system that facilitates
the transfer of money between a customer's bank account and a merchant's account.
2. Shopping Cart: A shopping cart is a software application that enables customers to
select products and services, calculate the total cost of their order, and proceed to
checkout.
3. Order Management: Order management refers to the processes and systems used by
merchants to manage customer orders, including order fulfillment, payment processing,
and customer service.
4. Customer Relationship Management (CRM): CRM is a set of processes and
technologies used by organizations to manage interactions with customers and analyze
customer data to improve customer satisfaction and loyalty.
5. Inventory Management: Inventory management refers to the processes and systems
used by organizations to manage their inventory levels and optimize the flow of goods
and services.
6. Marketing and Promotions: Marketing and promotions refer to the efforts made by
organizations to promote their products and services, increase brand awareness, and drive
customer engagement.
4. E-commerce can be classified into different types. What are these explain all
of them.
E-commerce can be classified into several different types, including:
1. Business-to-Consumer (B2C): B2C e-commerce refers to transactions between
businesses and individual consumers, where businesses sell products and services
directly to consumers through an online store or marketplace. Examples include
Amazon, eBay, and Walmart.
2. Consumer-to-Consumer (C2C): C2C e-commerce refers to transactions between
individuals, where individuals buy and sell products and services through online
marketplaces such as Etsy and eBay.
3. Business-to-Business (B2B): B2B e-commerce refers to transactions between
businesses, where one business sells products or services to another business. This type of
e-commerce is commonly used by wholesalers, manufacturers, and distributors.
4. Consumer-to-Business (C2B): C2B e-commerce refers to transactions where
individuals provide goods or services to businesses, such as freelance work or selling
handmade items.
5. Mobile Commerce (m-commerce): Mobile commerce refers to e-commerce
transactions conducted through mobile devices such as smartphones and tablets. This
type of e-commerce allows customers to shop and make purchases on-the-go.
6. Social Commerce: Social commerce refers to e-commerce transactions that take place
on social media platforms such as Facebook and Instagram. This type of e-commerce
2
 allows businesses to sell products directly to customers through their social media
pages.
7. Marketplaces: Marketplaces are online platforms that allow multiple merchants to sell
their products and services to a common customer base. Examples include Amazon and
eBay.

5. Define electronic markets. Figure out characteristics of electronic market.

Electronic markets, also known as e-markets, are online platforms where buyers and sellers
can exchange goods and services electronically. These platforms enable businesses to reach a
larger customer base, lower costs, and improve efficiency through the use of technology.
The characteristics of electronic markets include:
1. 24/7 Availability: Electronic markets are accessible 24/7, allowing buyers and sellers
to conduct transactions at any time, from anywhere in the world.
2. Global Reach: Electronic markets have a global reach, allowing businesses to reach
customers and suppliers from around the world.
3. Instant Access to Information: Electronic markets provide instant access to information
on products, prices, and suppliers, making it easier for buyers to make informed
purchasing decisions.
4. Increased Competition: Electronic markets increase competition by providing more
market participants with access to customers and suppliers, leading to lower prices and
higher quality products and services.
5. Improved Efficiency: Electronic markets improve efficiency by automating many manual
processes, such as order placement, payment processing, and shipping.
The role of internet and web is very important in e-commerce. Support point by points.
The internet and the web play a crucial role in e-commerce by providing the infrastructure
and platforms necessary for businesses to reach customers and conduct electronic
transactions. Some of the key ways that the internet and web support e-commerce include:
1. Access to a Large Customer Base: The internet and web provide businesses with
access to a large, global customer base, allowing them to reach customers from around the
world.
2. Improved Customer Reach and Engagement: The internet and web allow businesses to
reach and engage with customers through social media, email marketing, and other digital
channels.
3. Real-Time Communication: The internet and web provide real-time communication
channels between businesses and customers, allowing for faster and more effective
customer service.
4. Online Marketplaces: The internet and web provide the platform for online
marketplaces such as Amazon and eBay, which allow businesses to reach a large customer
base and reduce the costs of selling online.
5. Online Payment Processing: The internet and web provide the infrastructure for online
payment processing, allowing businesses to accept payments from customers using credit
cards, digital wallets, and other online payment methods.
6. Big Data and Analytics: The internet and web provide access to large amounts of data
and analytics tools that allow businesses to better understand their customers, improve
their operations, and make data-driven decisions.
3
 6. What do you know about social networks? Explain features of SNS (Social
network Service).
Social networks, also known as Social Network Services (SNS), are online platforms that
allow individuals and organizations to connect and share information, ideas, and content
with one another. Some of the most popular social networks include Facebook, Twitter,
Instagram, and LinkedIn.
Features of Social Network Services (SNS) include:
1. User Profiles: SNS allows users to create personal profiles, which typically include a
profile picture, biographical information, and a list of connections or friends.
2. Content Sharing: SNS allows users to share a variety of content, including text,
images, videos, and links, with their connections or the public.
3. Connections and Relationships: SNS allows users to connect with others and form
relationships through the addition of friends or followers.
4. News Feeds and Notifications: SNS provides users with a news feed that displays
updates from their connections, as well as notifications of new activity, such as
comments or likes.
5. Search and Discovery: SNS provides users with search and discovery tools that allow
them to find and connect with others based on shared interests and other criteria.
Overall, Social Network Services (SNS) provide a platform for individuals and organizations
to connect, share information, and form relationships with one another. These platforms have
become an important part of our daily lives and have had a significant impact on how we
communicate, access information, and interact with one another.
7. Define m-commerce with its advantages and disadvantages.
M-commerce, or mobile commerce, refers to the buying and selling of goods and services
through mobile devices, such as smartphones and tablets. This form of e-commerce has
become increasingly popular in recent years as the use of mobile devices continues to grow.
Advantages of M-commerce include:
1. Convenience: M-commerce provides customers with the convenience of shopping
from anywhere, at any time, using their mobile devices.
2. Improved Customer Experience: M-commerce offers a more personalized and
interactive shopping experience, with features such as location-based promotions,
augmented reality, and mobile-optimized websites.
3. Increased Reach: M-commerce allows businesses to reach a larger audience, as more
and more consumers use their mobile devices to access the internet and make
purchases.
4. Real-Time Data Collection: M-commerce provides businesses with real-time data on
customer behavior and preferences, which can be used to improve marketing and
customer service efforts.
Disadvantages of M-commerce include:
1. Security Concerns: M-commerce transactions are vulnerable to security threats such as
hacking and identity theft, which can cause serious harm to both customers and
businesses.
2. Limited Screen Size: The small screen size of mobile devices can make it difficult for
customers to view products and complete transactions.

4
 3. Slow Network Connections: Slow network connections can cause slow page load
times and limit the ability of customers to make purchases in a timely manner.
4. Limited Payment Options: M-commerce platforms may not offer the same range of
payment options as traditional e-commerce platforms, which can make it difficult for
customers to make purchases.
Overall, M-commerce offers a number of advantages and disadvantages. While it provides
customers with greater convenience and improved shopping experiences, it also poses
security risks and has limitations that must be addressed. Despite these challenges, m-
commerce is likely to continue to grow in importance as mobile devices become more
ubiquitous and central to our daily lives.
8. What is wireless application protocol ( WAP )? how does it work explain?
Discuss the layered architecture of WAP?
Wireless Application Protocol (WAP) is a protocol used to provide internet services and
applications to wireless devices such as mobile phones, smartphones and PDAs.
It works by providing a standardized way of accessing the web and other internet-based
content on wireless devices, while taking into account the limitations of these devices such
as limited screen size, processing power and bandwidth.
WAP works by translating internet content, such as HTML web pages, into a compact binary
format called Wireless Markup Language (WML) that can be delivered and displayed on
mobile devices. The WAP stack consists of several protocols, including WAP Protocol Stack
(WAP PS), Wireless Session Protocol (WSP), Wireless Transaction Protocol (WTP), and
Wireless Datagram Protocol (WDP).
The layered architecture of WAP includes several layers, each responsible for different tasks:
1. Wireless Session Layer (WSL): This layer is responsible for managing the wireless
session between the device and the WAP gateway. It ensures the reliability of the data
transmission and handles issues such as congestion control.
2. Wireless Transport Layer Security (WTLS): This layer provides security for the data
transmission, including encryption and authentication.
3. Wireless Datagram Protocol (WDP): This layer is responsible for the transport of data
packets between the device and the WAP gateway.
4. Wireless Application Environment (WAE): This layer provides a runtime environment
for the execution of WAP applications.
5. Wireless Markup Language (WML): This layer provides the markup language used to
format content for display on wireless devices.
6. Wireless Markup Language Script (WML Script): This layer provides a script
language used to provide dynamic content and interactions in WAP applications.
These layers work together to provide a secure and reliable way to access internet-based
content and services on wireless devices.
9. What is I-way or information superhighway? Information super highway is
composed of different components. Explain these with structure of I-way
The Information Superhighway, also known as the I-Way, refers to the global network of
interconnected computer networks, linked by a range of technologies such as high-speed
fiber-optic cables, satellite links, and wireless connections. It provides a vast array of
services, including the World Wide Web, email, online video, and other multimedia services.
The structure of the I-way consists of the following components:
5
 1. Network infrastructure: The physical components of the I-way, including fiber-optic
cables, routers, switches, and other networking equipment that connect the different
networks together.
2. Transmission technologies: The technologies used to transmit data over the I-way,
such as TCP/IP, Ethernet, and Wi-Fi.
3. Application layer: The applications and services that run on top of the network
infrastructure and transmission technologies, such as email, instant messaging, video
conferencing, and e-commerce.
4. Content layer: The digital content that is accessible over the I-way, including web
pages, audio and video files, and other multimedia content.
5. End-user devices: The devices used by individuals to access the I-way, including
computers, smartphones, and other connected devices.
Overall, the I-way provides a vast array of communication and information services that
have transformed the way we live, work, and interact with each other.

10. What is ADSL technology in brief. How does it works? Figure out which SDSL
is better then ADSL.
ADSL (Asymmetric Digital Subscriber Line) is a type of digital subscriber line (DSL)
technology that provides high-speed Internet access over standard telephone lines. It is called
asymmetric because the speed of the connection is not equal in both directions; the download
speed is typically faster than the upload speed.
ADSL works by using the existing telephone line infrastructure to transmit digital data,
while still allowing normal voice telephone calls to occur simultaneously. The technology
uses frequency-division multiplexing (FDM) to separate the data and voice signals into
different frequency bands, with the data signal transmitted at a higher frequency than the
voice signal.
Regarding the comparison between SDSL (Synchronous Digital Subscriber Line) and
ADSL, it depends on the specific requirements of the user. SDSL provides equal upload and
download speeds, which makes it a good choice for applications that require a lot of data to
be uploaded, such as hosting a website or using cloud-based services. However, SDSL is
typically more expensive than ADSL, and it is not as widely available as ADSL.
In conclusion, both SDSL and ADSL have their own advantages and disadvantages, and the
best option depends on the specific needs of the user. If fast download speed is a priority and
upload speed is not as critical, ADSL may be the better option. If equal upload and download
speed is important, SDSL may be the better choice.

11. What is WiMax? How can WiMax technology revolutionize the internet
across mechanism.
WiMax (Worldwide Interoperability for Microwave Access) is a wireless broadband
technology that provides high-speed Internet access over long distances, typically several
miles. It is based on the IEEE 802.16 standard for wireless metropolitan area networks
(WMANs) and operates in the microwave frequency band.
WiMax technology can revolutionize the internet by providing high-speed wireless
broadband access in areas that are not served by traditional broadband technologies, such as
6
cable and DSL. This can bring the benefits of the internet to rural and remote areas, where
access to high-speed Internet has previously been limited.
In addition to expanding access to the internet, WiMax can also help to bridge the digital
divide by providing low-cost broadband access to communities that cannot afford more
expensive broadband options. This can help to promote digital literacy and economic
development in these areas.
Furthermore, WiMax can provide a more flexible and cost-effective alternative to traditional
wired broadband technologies. By using wireless technology, WiMax eliminates the need for
costly and time-consuming deployment of new physical infrastructure, making it easier and
more cost-effective to provide broadband access to new customers and communities.
In conclusion, WiMax technology has the potential to revolutionize the internet by
expanding access to high-speed wireless broadband, bridging the digital divide, and
providing a more flexible and cost-effective alternative to traditional wired broadband
technologies.

12. What are the features of good information? Figure out different
dimensions of information system.
Features of Good Information:
1. Accuracy: Good information is accurate, meaning that it is free from errors, omissions,
and inaccuracies.
2. Timeliness: Good information is timely, meaning that it is available when it is needed
and does not become outdated quickly.
3. Objectivity: Good information is objective, meaning that it is free from bias, prejudice,
and personal opinions.
4. Completeness: Good information is complete, meaning that it includes all the
necessary details and information required to address the task at hand.
5. Clarity: Good information is clear, meaning that it is easy to understand, well-
organized, and presented in a manner that is accessible to the intended audience.
Different Dimensions of an Information System:
1. Technical Dimension: This refers to the hardware, software, and network
infrastructure that is required to support the information system.
2. Organizational Dimension: This refers to the structure, processes, and culture of the
organization, and how they impact the information system.
3. Human Dimension: This refers to the people who use and manage the information
system, including users, system administrators, and information technology (IT)
professionals.
4. Data Dimension: This refers to the data that is stored, managed, and analyzed by the
information system, including the quality and accuracy of the data.
5. Information Dimension: This refers to the information that is generated, processed,
and communicated by the information system, including the format and structure of
the information.
6. Decision-making Dimension: This refers to the decision-making processes that are
supported by the information system, including how information is used to support
informed decision-making.

7
These dimensions provide a comprehensive view of an information system and help to
understand its capabilities, limitations, and potential for improvement.

13. Define computer-based information system? Explain the components of

CBIS.
A computer-based information system (CBIS) is a system that uses computer technology to
collect, store, process, and distribute information to support decision making and control in
an organization. CBIS is used to automate and support various business processes and
activities, such as accounting, human resources management, customer relationship
management, and supply chain management.
The components of a CBIS are:
1. Hardware: The physical components of the CBIS, including computers, servers,
storage devices, and peripheral devices such as printers and scanners.
2. Software: The computer programs that run on the hardware and support the processing
and management of data and information.
3. Data: The raw facts and figures that are collected, processed, and stored by the CBIS.
4. Procedures: The rules, policies, and procedures that govern how the CBIS operates,
including data input, processing, storage, and retrieval.
5. People: The users of the CBIS, including employees, customers, and suppliers, who
interact with the system to input data, access information, and perform transactions.
6. Network: The communication and connectivity infrastructure that enables the CBIS to
communicate and exchange data and information with other systems and users.
These components work together to support the collection, processing, storage, and
dissemination of information in the organization, enabling users to make informed decisions
and control operations.

14. What are the different types of computer based information system? Explain
all of them.
There are several types of computer-based information systems (CBIS), each serving
different functions and objectives in an organization. These include:
1. Transaction Processing System (TPS): A TPS is used to process routine transactions,
such as sales and purchases, in real-time. It is designed to handle high volumes of
transactions quickly and accurately.
2. Management Information System (MIS): An MIS provides management with the
information they need to make informed decisions. It typically uses data from multiple
sources, including the TPS, to provide managers with reports and summaries of
organizational performance.
3. Decision Support System (DSS): A DSS is a system that helps managers make
informed decisions by providing them with access to relevant data and analytical tools.
It can be used to support specific decision-making tasks, such as budgeting,
forecasting, and strategic planning.
4. Executive Information System (EIS): An EIS is a type of DSS that is specifically
designed for top-level executives. It provides executives with quick and easy access to

8
 the information they need to make informed decisions, such as key performance
indicators and summary reports.
5. Expert System: An expert system is a computer program that uses artificial
intelligence (AI) and knowledge-based systems to solve problems and make decisions.
Expert systems are designed to mimic the decision-making processes of human
experts and provide recommendations based on their expertise.
6. Supply Chain Management System (SCMS): A SCMS is a system that is used to
manage the flow of goods, services, and information from suppliers to customers. It is
designed to optimize the flow of materials and information, reduce costs, and improve
the overall efficiency of the supply chain.
7. Customer Relationship Management (CRM) System: A CRM system is used to
manage customer interactions and relationships. It is designed to help organizations
understand their customers, their needs, and their behaviors, and to provide them with
better customer service and support.
These are some of the most common types of computer-based information systems. The type
of CBIS that an organization uses will depend on its specific needs, goals, and objectives, as
well as the size and complexity of the organization.

15. What is transaction processing system? Explain the steps in transaction

process system (TPS).
A Transaction Processing System (TPS) is a type of computer-based information system that
is designed to process a large volume of routine transactions quickly and accurately. A TPS
is typically used in organizations to handle transactions such as sales, purchases, payroll, and
banking.
The steps in a TPS are:
1. Data Input: The first step in the transaction process is to input the data into the system.
This typically involves capturing information about the transaction, such as the date,
time, customer information, and product information, using a terminal or other input
device.
2. Data Validation: Once the data has been input, it is then validated to ensure that it is
accurate and complete. The TPS will check the data for errors, such as missing
information or incorrect data, and will reject transactions that do not meet the required
standards.
3. Processing: Once the data has been validated, the TPS will then process the
transaction. This may involve updating a database, generating reports, or producing
invoices or receipts.
4. Data Storage: After the transaction has been processed, the data is then stored in a
database for future reference. This enables the TPS to retrieve the data when it is
needed, such as when generating reports or performing analysis.
5. Data Retrieval: The TPS can also be used to retrieve data from the database for
analysis or reporting purposes. This allows organizations to gain insights into their
operations and make informed decisions about their business.
6. Output: Finally, the TPS will generate the appropriate output, such as receipts,
invoices, or reports, based on the transaction. The output is typically delivered to the
customer or another system for further processing.
9
 16. Explain management information system (MIS) with its characteristics.
A Management Information System (MIS) is a type of computer-based information system
that provides managers with the information they need to make informed decisions. It is
designed to support decision-making by providing managers with access to relevant data,
tools, and reports.
The characteristics of an MIS include:
1. Integration: An MIS integrates data from multiple sources within an organization to
provide a comprehensive view of performance and operations.
2. Real-time Data: An MIS provides managers with real-time access to information,
allowing them to make informed decisions quickly and efficiently.
3. Customization: An MIS can be customized to meet the specific needs of different
departments and managers within an organization.
4. Report Generation: An MIS can generate reports and summaries of organizational
performance, including financial reports, sales reports, and performance metrics.
5. User-friendly: An MIS is designed to be user-friendly, making it easy for managers to
access and use the information they need.

17. The main input of MIS is the output of the TPS. Support this statement
and highlights advantages or objectives or roles of MIS.
Yes, the main input of a Management Information System (MIS) is typically the output of a
Transaction Processing System (TPS). The TPS is responsible for capturing, processing, and
storing data about transactions that take place within an organization. The MIS uses this data
to provide managers with the information they need to make informed decisions.
The advantages and objectives of an MIS include:
1. Improved Decision-Making: An MIS provides managers with access to accurate, up-
to-date information, allowing them to make informed decisions quickly and
efficiently.
2. Better Data Management: An MIS integrates data from multiple sources within an
organization, making it easier to manage and access data.
3. Increased Efficiency: By automating many of the processes involved in data
management and analysis, an MIS helps to increase efficiency and reduce manual
processing times.
4. Enhanced Planning and Control: An MIS provides managers with access to real-time
data and performance metrics, allowing them to monitor performance and make
adjustments as needed.
5. Improved Collaboration: An MIS can facilitate collaboration and communication
between different departments and managers within an organization, enabling better
coordination and decision-making.
6. Better Customer Service: By providing access to customer data, an MIS can help
organizations to better understand customer needs and provide improved customer
service.
The role of an MIS is to provide managers with the information they need to make informed
decisions and improve organizational performance. By integrating data from multiple
sources and providing real-time access to data, the MIS supports decision-making, enhances
planning and control, and improves overall organizational efficiency.
10
 18. Differentiate between outsourcing and offshoring.
Outsourcing
Tasks are delegated to a third-party
provider
Typically refers to the outsourcing of a
specific task
A general term for utilizing the services
of a third-party provider in another
country
Work is accomplished by an anonymous
team
Little to no involvement in talent
acquisition, development plans and
performance management
Offshoring
Tasks are delegated directly to a
dedicated team member
Refers to outsourcing a complete role
Work is completed in another country by
your own dedicated resource
Work is accomplished and maintained by
your own global team, an extension of
your company
Usually involved from interview to offer.
Full integration into your team under
custom management arrangements

19. What is DDOS attack? Explain the working mechanism of anti-virus

software.
DDOS (Distributed Denial of Service) attack is a type of cyber-attack in which multiple
devices are used to overload the resources of a targeted system or network, causing it to
crash or become unavailable to users. The aim of a DDOS attack is to render the targeted
system or website inaccessible by flooding it with a large amount of traffic, making it unable
to respond to legitimate requests.
Anti-virus software works by analyzing the behavior and characteristics of files, emails, and
programs that are executed on a computer. It uses algorithms and databases of known viruses
to identify and quarantine potential threats. The software continuously monitors the system
and performs regular scans to detect any malicious activity. If a threat is detected, the
software either isolates it or removes it from the system.
In summary, anti-virus software operates by continuously monitoring the system, identifying
potential threats and taking action to prevent or remove them. This ensures that the system
remains secure from malicious attacks and data loss.

20. What is SSL? Explain the working mechanism of SSL in e-commerce

website.
SSL (Secure Sockets Layer) is a security protocol for establishing secure links between a
web server and a client in online communication. The successor to SSL is TLS (Transport
Layer Security).
In e-commerce websites, SSL works by encrypting the data transmitted between the client
(e.g., a web browser) and the server. This ensures that sensitive information such as credit
card numbers, passwords, and personal details are protected from eavesdropping and
tampering by malicious third parties.
Here is how SSL works in an e-commerce website:
1. The client sends a request to the server to initiate a secure session.
2. The server responds with its SSL certificate, which contains its public key.
11
 3. The client verifies the server's certificate, checking if it was issued by a trusted third-
party authority and if it is still valid.
4. The client generates a session key and encrypts it with the server's public key.
5. The client sends the encrypted session key to the server.
6. The server uses its private key to decrypt the session key and both client and server
use the session key to encrypt all further communications in the session.
7. Throughout the session, the client and server use the session key to encrypt and
decrypt data exchanged between them.
This process ensures that sensitive information transmitted during the session is protected
from unauthorized access and tampering, ensuring secure transactions in e-commerce
websites.

21. Explain the working mechanism of digital signature.

A digital signature is a mathematical scheme used to verify the authenticity and integrity of
digital messages or documents. It works by using a combination of public-key cryptography
and hashing algorithms. Here's how it works:
1. Hashing: A unique representation (hash) of the digital message or document is created
using a hashing algorithm.
2. Signing: The private key of the sender is used to encrypt the hash. This creates a
digital signature.
3. Verification: The recipient uses the sender's public key to decrypt the digital signature
and re-generate the hash.
4. Comparison: The recipient then compares the newly generated hash with the original
hash of the message or document.
If the hashes match, it means the message or document has not been altered in transit and the
digital signature is valid, thus verifying the authenticity and integrity of the message or
document.

22. Define network security goal with examples.

Network security goals refer to the objectives or targets that organizations or individuals aim
to achieve in order to protect their networks and systems from threats, attacks, and
unauthorized access. The main goal of network security is to ensure the confidentiality,
integrity, and availability of data and resources on a network. Here are some examples of
network security goals:
1. Confidentiality: Preventing unauthorized access to sensitive information, such as
confidential business data or personal information.
2. Integrity: Ensuring that data and information cannot be altered or tampered with in
transit or storage.
3. Availability: Maintaining the accessibility of resources and systems to authorized
users at all times, preventing disruptions or outages.
4. Authentication: Verifying the identity of users accessing a network or system.
5. Non-repudiation: Preventing the denial of actions taken by an individual on a network,
such as sending an email or making a financial transaction.

12
 23. Define the term 'Certification authority' and its role in e-commerce.
A certification authority (CA) is a trusted third-party organization that is responsible for
issuing, managing, and revoking digital certificates. A digital certificate is an electronic
document that contains information about the identity of an entity, such as a website or an
individual, and is used to secure communications and transactions over the internet.
The role of a CA in e-commerce is to provide a secure and trusted infrastructure for online
transactions. The CA verifies the identity of entities requesting a digital certificate, and
issues certificates only to entities that meet its standards. By relying on a trusted CA, e-
commerce websites and their customers can be sure that their transactions are secure and
their personal information is protected.

For example, when a customer visits an e-commerce website and starts a secure transaction,
the website's digital certificate is presented to the customer's web browser. The browser then
verifies the certificate with the CA that issued it. If the certificate is found to be valid and
issued by a trusted CA, the browser establishes a secure connection with the website, and the
customer can complete the transaction with confidence.

In summary, the role of a certification authority in e-commerce is to provide a secure and

trusted infrastructure for online transactions, helping to ensure the confidentiality and
security of sensitive information during online transactions.

24. Explain the public/private cryptography in details.

Public-key cryptography, also known as asymmetric cryptography, is a cryptographic system
that uses two keys, a public key and a private key, to encrypt and decrypt messages. The
main idea behind public-key cryptography is that each user has a pair of keys, a public key
and a private key, and can make their public key publicly available to anyone who wants to
send them a message.
Here's how public-key cryptography works:
1. Key Generation: A user generates a pair of keys, a public key and a private key, using
a key generation algorithm.
2. Encryption: When a sender wants to send a message to the recipient, the sender
encrypts the message using the recipient's public key.
3. Decryption: Only the recipient, who has the corresponding private key, can decrypt
the message and access the original message.
The security of public-key cryptography lies in the mathematical properties of the algorithms
used, and the fact that it is computationally infeasible to compute the private key from the
public key. This means that even if an attacker intercepts the encrypted message, they will
not be able to decrypt it without the private key.
In summary, public-key cryptography is a cryptographic system that uses a pair of keys, a
public key and a private key, to encrypt and decrypt messages. The public key is used for
encryption and the private key is used for decryption, ensuring the confidentiality and
security of sensitive information during transmission.

13
 25. Explain EC security requirement in details. Explain basic terminology of
EC Security.
Electronic Commerce (EC) security refers to the measures taken to protect electronic
transactions and the sensitive information involved in these transactions. The goal of EC
security is to ensure the confidentiality, integrity, and availability of electronic transactions
and to prevent unauthorized access, fraud, and other malicious activities.
Here are some of the basic terminologies and concepts in EC security:
1. Authentication: Verifying the identity of a user or system involved in an electronic
transaction. This can be achieved through the use of usernames and passwords,
biometrics, or digital certificates.
2. Authorization: Determining what actions a user or system is allowed to perform within
an EC system. This can involve granting access to specific resources or functionalities
based on the user's role or permissions.
3. Encryption: The process of converting plaintext into an unreadable format, using a
secret key, to ensure the confidentiality of sensitive information during transmission or
storage.
4. Hashing: The process of converting a message or file into a fixed-length digest using a
hashing algorithm, to ensure the integrity of data.
5. Digital Certificates: Electronic documents that contain information about the identity
of an entity and are used to secure communications and transactions over the internet.
6. Public Key Infrastructure (PKI): The system of digital certificates, certificate
authorities, and other components that are used to establish and manage secure
communications over the internet.
7. Firewall: A security system that controls access to a network by enforcing a set of
rules and policies, such as allowing or blocking specific types of traffic.

26. What is ransomware? Explain defense technic of ransomware?

Ransomware is a type of malicious software that encrypts a victim's files and demands
payment, usually in the form of cryptocurrency, to restore access to the encrypted files.
Ransomware attacks can cause significant financial and operational damage to individuals,
businesses, and government agencies.
To defend against ransomware, it is important to implement a multi-layered approach that
includes both technical and non-technical measures. Here are some of the key defense
techniques against ransomware:
1. Backup and Recovery: Regularly backing up important data to an external storage
device or cloud-based service can help you restore your data in case of a ransomware
attack.
2. Software Updates: Keeping all software, including operating systems, applications,
and security software, up to date can help prevent attackers from exploiting known
vulnerabilities.
3. Email and Web Filtering: Blocking malicious email attachments and blocking access
to known malicious websites can prevent the initial delivery of ransomware.
4. Endpoint Protection: Installing and maintaining endpoint protection software, such as
anti-virus, anti-malware, and firewalls, can help prevent the execution of ransomware
on your systems.
14
 5. User Education: Educating users on safe computing practices, such as avoiding
suspicious emails and attachments, can reduce the risk of falling victim to a
ransomware attack.
6. Incident Response Planning: Having a clear and well-defined incident response plan in
place can help organizations respond quickly and effectively to a ransomware attack,
minimizing damage and restoring normal operations.

27. What is digital signature? Explain the requirements of digital signature in

secure transaction.
A digital signature is an electronic equivalent of a handwritten signature that is used to verify
the authenticity and integrity of a digital document or message. A digital signature is created
using public key cryptography and is unique to the signer, allowing anyone to verify the
signature and confirm that the message or document has not been tampered with.
The requirements of digital signatures in secure transactions are:
1. Authentication: The digital signature must accurately identify the signer and confirm
their identity.
2. Non-repudiation: The digital signature must prevent the signer from denying having
signed the document or message.
3. Integrity: The digital signature must ensure that the document or message has not been
altered or tampered with since it was signed.
4. Uniqueness: The digital signature must be unique to the signer and not able to be
duplicated or reused.
5. Tamper-evident: The digital signature must clearly show any tampering or alteration
of the document or message after it has been signed.
6. Secure Key Management: The private key used to create the digital signature must be
securely stored and protected, and the public key must be easily accessible for
verification.

28. What is CA? Explain the working mechanism of CA.

CA stands for Certification Authority. A Certification Authority (CA) is a trusted third-party
organization that is responsible for issuing digital certificates. Digital certificates are used to
verify the identity of an entity, such as an individual or organization, in electronic
transactions.
The working mechanism of a CA is as follows:
1. Certificate Request: An entity, such as a website or an individual, submits a certificate
request to the CA. The request includes information about the entity and its public
key.
2. Verification: The CA verifies the identity of the entity by checking the information
provided in the certificate request and performing additional background checks, if
necessary.
3. Issuance of Certificate: If the entity's identity has been successfully verified, the CA
issues a digital certificate that contains the entity's name, public key, and other
relevant information.

15
 4. Distribution of Certificate: The CA distributes the digital certificate to the entity and
makes the certificate available in a public repository, such as a certificate store or a
certificate distribution center, so that others can verify the entity's identity.
5. Verification of Certificate: When an entity wants to verify the identity of another
entity in an electronic transaction, it checks the digital certificate issued by the CA to
confirm the identity of the other entity.
6. Revocation: If the digital certificate is no longer valid, the CA can revoke the
certificate and make this information available in the public repository.

29. Explain working mechanism of Securing Sockets Layer (SSL), describe the
mechanism of securing e-commerce networks.
Securing Sockets Layer (SSL) is a security protocol that provides end-to-end encryption for
internet communications, including e-commerce transactions. The working mechanism of
SSL is as follows:
1. SSL Handshake: When a client (e.g., a web browser) connects to a server (e.g., a web
server), the SSL Handshake takes place. During this process, the client and server
agree on the encryption methods to be used, and the client verifies the identity of the
server using the server's SSL certificate.
2. Encryption: Once the SSL Handshake is complete, all data transmitted between the
client and server is encrypted using a shared secret key. This ensures that even if the
data is intercepted, it cannot be read without the key.
3. Data Transmission: The encrypted data is transmitted between the client and server,
and the server decodes the data using the shared secret key. The decrypted data is then
processed by the server and a response is sent back to the client.
4. SSL Termination: When the client disconnects from the server, the SSL connection is
terminated and the shared secret key is discarded.
Securing e-commerce networks typically involves the use of SSL certificates,
firewalls, intrusion detection systems, and other security measures to protect against
unauthorized access, hacking, and other security threats. The SSL protocol provides
encryption and authentication for sensitive data, such as credit card numbers and
personal information, during e-commerce transactions.
In conclusion, SSL is a key component of e-commerce security, providing encryption
and authentication for sensitive data during transactions. By using SSL, e-commerce
networks can be protected against unauthorized access and other security threats,
helping to ensure the privacy and security of customer information.

30. What is technical attack? Explain five technical attack on EC Application

A technical attack is a type of attack that exploits vulnerabilities in computer systems,
networks, or applications to compromise their security and disrupt normal operation.
Technical attacks can be launched through a variety of means, including malware, social
engineering, and network intrusions.
Five common technical attacks on e-commerce applications are:
1. SQL Injection: This attack exploits vulnerabilities in an e-commerce website's
database by injecting malicious SQL code into the website's input fields. The attacker

16
 can use this method to gain unauthorized access to sensitive data, such as customer
information and credit card numbers.
2. Cross-Site Scripting (XSS): XSS is a type of attack that injects malicious code into a
web page, allowing the attacker to steal sensitive information, such as login
credentials, from users who access the compromised page.
3. Cross-Site Request Forgery (CSRF): CSRF is a type of attack that tricks a user into
sending an unintended request to a web application, such as a request to purchase
items or change account information.
4. Man-in-the-Middle (MitM) Attack: A MitM attack occurs when an attacker intercepts
and modifies the communication between two parties, allowing the attacker to steal
sensitive information, such as login credentials and payment information.
5. Denial of Service (DoS) Attack: A DoS attack is an attempt to make a computer
resource, such as an e-commerce website, unavailable to its intended users by
overwhelming it with excessive traffic. This type of attack can disrupt the normal
operation of an e-commerce website, causing significant financial losses for the e-
commerce business.
In conclusion, technical attacks on e-commerce applications are a major security threat and
can result in significant harm to both the e-commerce business and its customers. To protect
against these types of attacks, e-commerce businesses should implement robust security
measures, such as firewalls, intrusion detection systems, and encryption, and regularly test
their systems for vulnerabilities.

31. Differentiate between digital signature and digital certificate.

Here is a comparison between digital signatures and digital certificates:
Feature Digital Signature Digital Certificate
To verify the authenticity of a To verify the identity of a person,
Purpose
digital document or message organization, or device
Created using the private key of a Issued by a trusted third-party known as a
Creation
public/private key pair Certificate Authority (CA)
Verified using the corresponding Verified using the public key of the CA
Verification
public key of the sender and the certificate chain of trust
Provides data integrity and non-
Security Provides authentication and encryption
repudiation
Data A hash value of the original Information about the identity of the
Included document or message entity and the public key
In conclusion, digital signatures provide a means of verifying the authenticity of a digital
document or message, while digital certificates provide a means of verifying the identity of a
person, organization, or device. Both digital signatures and digital certificates play important
roles in ensuring the security of electronic transactions and communications.

17
 32. What is PKI? Explain the limitations of encryption.
PKI stands for Public Key Infrastructure and it refers to the set of policies, processes, server
platforms, software tools, and certification authority services needed to create, manage,
distribute, use, store, and revoke digital certificates and public-key cryptography.
The limitations of encryption include:
1. Computing resources: Encryption algorithms require significant computing power,
which can be a problem for devices with limited resources such as smartphones and
IoT devices.
2. Key management: Securely managing encryption keys can be difficult, as losing or
compromising a key can render encrypted data unreadable.
3. Implementation weaknesses: Improper implementation of encryption algorithms can
weaken the security of the encrypted data.
4. Key recovery: Encryption systems can be designed to allow for key recovery, but this
often requires a trusted third party and can result in a loss of privacy.
5. Quantum computers: The advent of quantum computers has the potential to break
many existing encryption algorithms, making it necessary to develop new encryption
methods that are quantum-resistant.
6. User error: Encryption systems are only as secure as the user practices that are
employed. Human error such as using weak passwords, neglecting software updates,
and falling for phishing attacks can all lead to the compromise of encrypted data.

33. What is VPN ? Write application of VPN.

VPN stands for Virtual Private Network, which is a technology used to create a secure
connection between two or more devices over the internet. VPNs use encryption to protect
the privacy and security of data transmitted over the network.
Applications of VPN include:
1. Remote Access: VPNs can be used to provide remote workers with secure access to a
company's internal network, allowing them to access resources and applications as if
they were in the office.
2. Online Privacy: VPNs can be used to protect a user's online activity from being
tracked or monitored by ISPs, government agencies, or malicious actors.
3. Bypassing Censorship: VPNs can be used to bypass censorship or geo-restrictions,
allowing users to access content that may be blocked in their location.
4. Secure Communications: VPNs can be used to encrypt sensitive communications,
such as financial transactions or confidential business information.
5. Protecting Public Wi-Fi: VPNs can be used to secure data transmitted over public Wi-
Fi networks, which are often unencrypted and vulnerable to eavesdropping.

34. What is digital signature? How does works.

A digital signature is a method used to authenticate the identity of the sender of an electronic
document and to ensure the integrity of the information being transmitted. It works by using
a combination of public key cryptography and hashing algorithms.
Here's how digital signatures work:

18
 1. Hashing: The sender first creates a hash of the original message, which is a unique
representation of the data.
2. Signing: The sender then uses their private key to encrypt the hash, creating a digital
signature.
3. Transmission: The original message and digital signature are transmitted to the
recipient.
4. Verification: The recipient uses the sender's public key to decrypt the digital signature
and compare the result with the hash of the received message.
5. Validation: If the hashes match, the recipient can be confident that the message has not
been altered in transit and that it came from the sender.

35. Differentiate between authorization and authentication.

Here's a table that summarizes the differences between authorization and
authentication:
Authorization Authentication
Determines what actions a user is
Verifies the identity of a user
allowed to perform
Addresses the question of "what a user
Addresses the question of "who is the user?"
is allowed to do?"
Typically based on a user's role, Typically based on a user's credentials, such as a
permissions, or entitlements username and password
Can be used to restrict access to
Can be used to grant access to resources or services
sensitive data or resources
Examples: deciding if a user can read, Examples: logging in to an account, entering a
write, or execute a file password to access a secure website
Enables enforcement of security Establishes the user's identity and the basis for
policies and compliance access control
36. What is MIS auditing? How it plays vital role in securing information
system.
MIS (Management Information System) auditing is the process of examining an
organization's information systems, technology infrastructure, and processes to assess the
effectiveness of internal controls, ensure compliance with regulations, and identify areas for
improvement.
MIS auditing plays a vital role in securing information systems because it:
1. Identifies Risks: MIS auditing helps identify security risks and vulnerabilities in an
organization's information systems, including areas where unauthorized access, data
theft, or other malicious activities could occur.
2. Improves Compliance: MIS auditing helps organizations ensure compliance with
regulations and industry standards, such as HIPAA, PCI DSS, and ISO 27001, which
establish security standards for protecting sensitive information.
3. Strengthens Internal Controls: MIS auditing helps organizations strengthen internal
controls and improve the reliability and accuracy of their information systems. This
helps to minimize the risk of errors, fraud, and data loss.
19
 4. Enhances Data Security: MIS auditing helps organizations implement security controls
and practices that protect sensitive data and information from unauthorized access,
theft, or loss.
5. Supports Continuous Improvement: MIS auditing helps organizations continuously
improve their information systems by identifying areas for improvement and making
recommendations for change.

Difference between e-commerce and m-commerce in table

Feature E-commerce M-commerce
E-commerce refers to buying and M-commerce refers to buying and selling
Definition selling of goods and services over of goods and services through mobile
the internet through a website. devices, such as smartphones or tablets.
Can be accessed through a
Can only be accessed through a mobile
Accessibility computer or other internet-
device.
connected device.
Generally requires a larger screen
Offers greater convenience, as people can
and keyboard, making it less
Convenience shop and pay for items using their mobile
convenient for on-the-go
devices while on the move.
transactions.
E-commerce sites can reach a
M-commerce is limited to people who
larger audience, including those
Reach own and use mobile devices, but this
who do not have access to or
market is rapidly growing.
prefer not to use mobile devices.
May offer fewer payment options due to
Typically offers multiple payment
Payment limitations of mobile devices, but this is
options, such as credit/debit cards,
options rapidly changing with the development
PayPal, and others.
of mobile payment technologies.
M-commerce sites may be limited by the
A well-designed e-commerce site
User smaller screens and slower processing
can provide a rich, engaging
experience power of mobile devices, but design and
experience for users.
functionality are improving.
37. What is IDS. Figure out different types of IDS.
IDS stands for Intrusion Detection System, which is a security system that monitors network
or system activities to detect potential threats and suspicious behavior. The purpose of an
IDS is to alert the administrators of a network or system to potential security breaches,
security violations, and malicious activity.
Different types of IDS include:
1. Signature-Based IDS: This type of IDS uses a database of known attack signatures to
detect intrusions. It compares incoming network traffic to the signatures in the
database and raises an alert if a match is found.
2. Anomaly-Based IDS: This type of IDS monitors network behavior and raises an alert
if any behavior deviates from a baseline or normal pattern. It identifies new or
unknown threats.
20
 3. Hybrid IDS: As the name suggests, this type of IDS combines the features of
signature-based and anomaly-based IDS to provide a more comprehensive approach to
intrusion detection.
4. Network-Based IDS (NIDS): This type of IDS is placed on a network and monitors
incoming and outgoing traffic to detect intrusions.
5. Host-Based IDS (HIDS): This type of IDS is installed on individual host computers
and monitors system logs, files, and processes for signs of intrusion.
6. Distributed IDS: This type of IDS is made up of multiple individual intrusion
detection systems that work together to provide a more comprehensive security
solution.

38. What is access control? Explain its components.

Access control refers to the process of granting or denying access to specific resources,
systems, or applications based on defined security policies. Access control is an essential
component of computer security and information security, as it ensures that only authorized
users can access sensitive information or systems.
There are three main components of access control:
1. Identification: This component involves the process of verifying the identity of a user.
The user must provide some form of identification, such as a username and password,
to gain access to a system or resource.
2. Authentication: This component involves the process of verifying that the user is who
they claim to be. This is usually done through the use of passwords, smart cards,
biometric authentication, or other security mechanisms.
3. Authorization: This component involves granting or denying access to specific
resources or systems based on the user's identity and the security policies defined by
the organization. This component determines what actions a user is allowed to perform
once they have been authenticated.
These components work together to ensure that only authorized users have access to
sensitive information and systems, and that their actions are limited to what they are
authorized to do. Access control can be applied at multiple levels, including the network,
operating system, and application levels, depending on the requirements of the organization.

39. Differences between Encryption and Decryption. Explain Different types of

cryptography with advantages and disadvantages
Encryption vs Decryption:
Encryption Decryption
The process of converting plaintext into The process of converting ciphertext into
ciphertext plaintext
Used to secure data from unauthorized
Used to access secured data
access
Uses algorithms and keys to convert Uses algorithms and keys to convert ciphertext
plaintext into ciphertext into plaintext

21
 Encryption Decryption
The original data is no longer accessible in The original data is accessible in its original
its original form form after decryption
Different Types of Cryptography:
1. Symmetric Key Cryptography:
• Advantages: Fast, efficient and cost-effective.
• Disadvantages: Key management and distribution can be a problem.
2. Asymmetric Key Cryptography:
• Advantages: The keys are public and private, making it more secure.
• Disadvantages: Slower and less efficient compared to symmetric key cryptography.
3. Hash Function Cryptography:
• Advantages: The message is hashed into a unique output and cannot be reversed.
• Disadvantages: The same input message will result in the same output message,
making it vulnerable to attacks.
4. Stream Cipher Cryptography:
• Advantages: Suitable for real-time encryption of data streams.
• Disadvantages: Can be vulnerable to attacks if the key is discovered.
5. Block Cipher Cryptography:
• Advantages: Data is encrypted in blocks, making it more secure.
• Disadvantages: Can be slower and less efficient compared to stream cipher
cryptography.
6. Elliptic Curve Cryptography:
• Advantages: More secure and efficient compared to traditional cryptography methods.
• Disadvantages: Complex to implement and requires more computational power.

40. Why systems are vulnerable? Figure out different basic principles of EC-
security(requirements).
Systems are vulnerable for various reasons such as outdated software, poor security
configurations, weak passwords, lack of patch management, social engineering attacks, and
more.
To enhance the security of electronic commerce (EC) systems, the following requirements
need to be met:
1. Confidentiality: Sensitive information must be protected from unauthorized access.
2. Integrity: Data and transactions must not be altered in transit.
3. Authentication: Parties involved in a transaction must be verified to prevent
impersonation.
4. Non-repudiation: Neither party should be able to deny their involvement in a
transaction.
5. Access control: Access to systems, devices, and data should be regulated and
restricted to authorized users.
6. Availability: Systems, devices, and data must be always accessible and functioning
properly.
41. Difference between technical attack and non technical attack in e-
commerce. Also explain different security controls.
22
Technical Attack vs Non-Technical Attack in E-Commerce:
Technical Attack Non-Technical Attack
Involves exploiting technical vulnerabilities in Relies on psychological manipulation or
a system social engineering tactics
Examples: SQL injection, cross-site scripting Examples: phishing, impersonation,
(XSS), network attacks, etc. baiting, etc.
Security Controls:
1. Encryption: Encrypts sensitive data to prevent unauthorized access.
2. Firewalls: Monitors and controls incoming and outgoing network traffic to prevent
unauthorized access.
3. Antivirus software: Detects and removes malicious software from a system.
4. Intrusion detection and prevention systems (IDS/IPS): Monitors network activity for
signs of intrusion and blocks malicious activity.
5. Access control: Regulates who can access a system, device, or data and what actions
they are allowed to perform.
6. Two-factor authentication (2FA): Adds an additional layer of security by requiring
two forms of authentication, such as a password and a security token.
7. Data backup and recovery: Regularly backs up important data and provides a means of
recovering it in case of failure or data loss.

42. What is bio-metric system? How does it works explain it with its figure of
process.
A biometric system is a technology that uses biological characteristics to verify the identity
of an individual. Some common examples of biometrics include fingerprints, facial
recognition, iris scans, and voice recognition.
The process of a biometric system typically works as follows:
1. Enrollment: The individual's biometric data is collected and stored in the system's
database.
2. Authentication: The individual provides their biometric information to the system,
which compares it to the stored data.
3. Verification: The system determines if the biometric information matches the stored
data.
4. Identification: If the biometric information matches, the individual is identified and
granted access to the system, device, or data.

43. What is (IPS) Intrusion prevention system> How does IPS work? Explain
its types
An Intrusion Prevention System (IPS) is a security device that monitors network traffic for
malicious activity and blocks it before it can cause harm to the network or its systems.
The IPS works by analyzing network traffic in real-time and identifying malicious traffic
based on a set of predefined security policies. It uses various methods such as signature-
based detection, anomaly-based detection, and reputation-based analysis to detect and
prevent attacks.
There are two types of IPS:
23
 1. Network-based IPS (NIPS): This type of IPS is placed inline with the network traffic
and monitors all traffic passing through it. It can detect and prevent attacks at the
network layer, such as denial-of-service (DoS) attacks, network scans, and other
malicious activities.
2. Host-based IPS (HIPS): This type of IPS is installed on individual systems or devices
and monitors activity on that device. It can detect and prevent attacks at the host layer,
such as malware infections, unauthorized access, and other malicious activities.
Note: IPS is different from an Intrusion Detection System (IDS), which only detects and
alerts on malicious activity, but does not block it.

44. Explain a process of developing a website.

The process of developing a website typically involves the following steps:
1. Requirements Gathering: Gather and analyze the client's requirements for the website,
including its purpose, target audience, and desired features and functionality.
2. Information Architecture: Plan and organize the website's structure and content,
including the page hierarchy and navigation.
3. Design: Create visual mockups or prototypes of the website's interface and layout,
including color schemes, fonts, images, and other design elements.
4. Content Creation: Develop the website's content, including text, images, and other
media, based on the information architecture and design.
5. Development: Build the website using a combination of HTML, CSS, JavaScript, and
a back-end programming language such as PHP, Ruby on Rails, or Python.
6. Testing: Test the website for functionality, performance, and compatibility with
different browsers and devices.
7. Deployment: Deploy the website to a web server or hosting platform and make it
accessible to the public.
8. Maintenance: Regularly update and maintain the website, including adding new
features and fixing bugs and security vulnerabilities.
Note: The development process may vary depending on the scope and complexity of the
project, as well as the skills and experience of the development team. Some steps may be
combined or omitted, and some projects may include additional steps such as market
research or user testing.

45. What is SEO? Explain the importance of SEO for the growth of a website.
SEO stands for Search Engine Optimization, which is the process of optimizing a website to
improve its visibility and ranking on search engines like Google, Bing, and Yahoo.
The importance of SEO for the growth of a website can be summarized as follows:
1. Increased Traffic: By optimizing a website for search engines, it can attract more
organic traffic from users searching for relevant keywords.
2. Improved User Experience: Good SEO practices improve the overall user experience
of a website, including faster page load times, mobile-friendliness, and clear
navigation.
3. Better Brand Visibility: Higher search engine rankings increase brand visibility and
credibility, helping to attract new customers and establish the brand as a leader in its
industry.
24
 4. Competitive Advantage: SEO can provide a competitive advantage over other
websites that are not optimized for search engines.
5. Long-Term Success: SEO is a long-term investment in the success and growth of a
website, as it can provide sustained organic traffic and lead generation over time.
In conclusion, SEO is a crucial factor in the success and growth of a website, as it helps to
attract more traffic, improve the user experience, establish the brand's visibility, and provide
a competitive advantage. By investing in SEO, websites can achieve long-term success and
growth in their respective industries.

46. What do you mean by website usability? Explain the usability factors.
Website usability refers to how easy it is for users to find what they need and interact with a
website. It encompasses various factors that contribute to the overall user experience,
including accessibility, navigation, readability, and functionality.
Here are some of the key usability factors that contribute to a good user experience:
1. Accessibility: The website should be accessible to all users, including those with
disabilities, by meeting accessibility standards and guidelines.
2. Navigation: The website should have a clear and intuitive navigation structure,
allowing users to easily find what they are looking for.
3. Readability: The website should have clear and concise content that is easy to read and
understand, using appropriate font sizes, colors, and styles.
4. Functionality: The website should be functional and responsive, with features that
work as expected and quickly load pages and content.
5. Design: The website should have a visually appealing design that is consistent across
all pages, making it easy for users to recognize and trust the brand.
6. User-centered design: The website should be designed with the user in mind, taking
into account their needs and goals, and providing relevant and useful content.
7. Search functionality: The website should have a search functionality that allows users
to easily find what they are looking for.
8. Mobile responsiveness: The website should be optimized for mobile devices, with a
responsive design that adjusts to different screen sizes.
By considering these usability factors, website owners can create a user-friendly and
accessible website that meets the needs of their target audience and provides a positive user
experience.

47. What is business plan? Explain the steps to carry while preparing a business
plan.
A business plan is a comprehensive document that outlines the goals, strategies, and
operations of a business. It is used to secure funding, attract investors, and provide a
roadmap for the growth and success of the business
Here are the steps to follow when preparing a business plan:
1. Research and Analysis: Conduct market research and analyze the industry,
competition, and target market to gather information and identify opportunities.
2. Define the business: Clearly define the purpose, goals, and objectives of the business,
including the products or services offered and the target market.

25
 3. Outline the products or services: Describe the products or services offered in detail,
including the unique selling proposition and target market.
4. Market analysis: Analyze the target market, including demographics, market size, and
trends, to understand the demand for the products or services.
5. Competitive analysis: Identify the competition and analyze their strengths,
weaknesses, and market position to understand how to compete effectively.
6. Marketing and Sales Strategy: Develop a marketing and sales strategy that outlines
how to reach and engage the target market and generate revenue.
7. Financial Projections: Create financial projections, including a sales forecast, income
statement, balance sheet, and cash flow statement, to provide a realistic picture of the
business's financial performance.
8. Operations Plan: Outline the business operations, including the production process,
supply chain, and distribution channels, to understand the resources and systems
needed to run the business.
9. Management and Organizational Structure: Define the management team, their roles
and responsibilities, and the organizational structure of the business.
10.Review and Revisions: Review and refine the business plan based on feedback from
others and make revisions as necessary.

48. Difference between site map and Menu? Explain.

A site map and a menu are two different navigational tools used on websites. While
they both help users navigate a website, they serve different purposes and have distinct
features.
Here's a comparison of site maps and menus:
Site Map Menu
A site map is a visual representation of all the A menu is a list of links to different pages
pages on a website, showing their hierarchy on a website, usually displayed in a
and relationships. horizontal or vertical bar on the page.
Site maps are usually designed for search Menus are designed for users, to help them
engines, to help them understand the structure quickly and easily access the pages they
and content of a website. need.
Site maps typically show a high-level view of Menus are usually more focused on a
the entire website, with a clear hierarchy of specific section of the website, such as the
pages and categories. main navigation or footer links.
Menus are typically displayed as a list of
Site maps can be in the form of a text-based
text-based links or buttons, often with sub-
list or a graphical representation.
menus or dropdown options.
In summary, a site map provides a broad overview of the entire website and is mainly
used by search engines, while a menu provides a more focused and user-friendly
navigation experience, allowing users to quickly access the pages they need. Both site
maps and menus are important tools for making a website easy to navigate and accessible
to users.

26
 49. What are the importance of color and graphics in website.
The importance of color and graphics in a website can be summarized as follows:
1. Aesthetic Appeal: Color and graphics play a crucial role in creating a visually
appealing website. The right color scheme and graphics can help create a professional
and attractive look, which is essential for attracting and retaining visitors.
2. Brand Identity: Color and graphics can help establish a brand identity. For example,
using a specific color scheme can help create brand recognition, while using specific
graphics can help reinforce the brand's values and personality.
3. User Experience: Color and graphics can help improve the user experience by making
the website more engaging and interactive. For example, the use of bright colors can
create a lively and energetic feel, while the use of darker colors can create a more
serious and professional tone.
4. Navigation: Color and graphics can help improve website navigation by creating
visual cues that guide visitors to important information. For example, the use of
contrasting colors can make important buttons and links stand out, making them easier
to find.
5. Emotional Connection: Color and graphics can help create an emotional connection
with visitors. For example, the use of warm and comforting colors can help create a
sense of security and trust, while the use of bright and cheerful colors can create a
happy and positive feel.
In conclusion, color and graphics are essential components of a website, as they play a
crucial role in creating a visually appealing, professional, and user-friendly experience.
When used effectively, they can help establish a brand identity, improve website navigation,
and create an emotional connection with visitors.

50. Explain the domain name registration and website hosting procedure.
Domain Name Registration:
Domain name registration is the process of reserving a domain name that represents a
website. The domain name is the address that people use to access a website, such as
www.example.com. To register a domain name, follow these steps:
1. Choose a domain name: Select a domain name that is short, memorable, and relevant
to your website. You can use online tools to check if the domain name you want is
available.
2. Find a domain registrar: A domain registrar is a company that sells domain names.
Some popular domain registrars include GoDaddy, Namecheap, and Network
Solutions.
3. Register the domain name: Register the domain name by providing personal
information, such as your name, address, and contact details. The domain registrar will
also ask you to select a pricing plan and a payment method.
4. Confirm the registration: Once the registration is complete, you will receive a
confirmation email with instructions on how to manage your domain name.
Website Hosting:
Website hosting is the process of storing a website on a server, so that it can be accessed on
the internet. To host a website, follow these steps:

27
 1. Choose a hosting provider: A hosting provider is a company that provides space on a
server for your website. Some popular hosting providers include Bluehost, HostGator,
and InMotion Hosting.
2. Select a hosting plan: Hosting providers offer different plans, such as shared hosting,
dedicated hosting, and cloud hosting. Choose the plan that best fits your needs and
budget.
3. Set up the hosting account: Set up a hosting account by providing personal
information, such as your name, address, and contact details. The hosting provider will
also ask you to select a pricing plan and a payment method.
4. Upload the website: Once the hosting account is set up, you can upload your website
files to the server. You can do this through a control panel provided by the hosting
provider, or using FTP software.
In conclusion, domain name registration and website hosting are essential steps for creating a
website.

51. Describe different structures of implementing navigation on the website

There are several different structures for implementing navigation on a website, including:
1. Top Navigation Bar: This is a horizontal bar that is placed at the top of the page and
contains the main categories of the website. The categories are usually displayed as
links, allowing visitors to easily access the different sections of the website.
2. Sidebar Navigation: This is a vertical bar that is placed on the side of the page and
contains links to the different sections of the website. The sidebar navigation is often
used in combination with the top navigation bar to provide additional navigation
options.
3. Drop-Down Navigation: This is a type of navigation where the main categories are
displayed in a menu that drops down when the user clicks on a link. Drop-down
navigation is often used in top navigation bars to provide a compact and efficient way
of accessing subcategories.
4. Breadcrumb Navigation: This is a type of navigation that displays the path that the
user has taken to reach the current page. The breadcrumb navigation is often displayed
at the top or bottom of the page and is helpful for allowing users to quickly navigate
back to previous pages.
5. Footer Navigation: This is a type of navigation that is placed at the bottom of the page
and contains links to important pages, such as the homepage, contact page, and
privacy policy. Footer navigation is useful for providing additional navigation options
for visitors who have reached the end of the page.

52. What is block chain? explain its importance.

Blockchain is a digital ledger that records transactions in a secure and transparent way. It is a
decentralized database that operates on a network of computers, and is maintained by a
network of nodes that verify and validate transactions.
The importance of blockchain technology is due to the following reasons:

28
 1. Decentralization: Blockchain eliminates the need for a central authority to manage
transactions and ensures that the data is distributed evenly among all the nodes on the
network.
2. Security: Blockchain uses cryptography to secure the data and prevent unauthorized
access. Transactions are verified by multiple nodes and are recorded in multiple
locations, making it difficult to alter or manipulate the data.
3. Transparency: Blockchain allows for transparent and public transactions, as every
node has a copy of the ledger and can view all transactions. This makes it possible to
track the flow of transactions and ensure that they are accurate and legitimate.
4. Immutable: Once a transaction is recorded on the blockchain, it cannot be altered or
deleted, making the ledger permanent and tamper-proof.
5. Efficiency: Blockchain eliminates the need for intermediaries, reducing the time and
cost associated with transactions. It also eliminates the need for manual reconciliation
and eliminates the risk of errors and fraud.
In conclusion, blockchain is a revolutionary technology that has the potential to transform
various industries, from finance and banking to supply chain management and voting
systems. Its decentralization, security, transparency, immutability, and efficiency make it an
important tool for creating a more secure and transparent world.

53. What is cryptocurrency? Explain any five cryptocurrencies currently available.

Cryptocurrency is a digital or virtual currency that uses cryptography for security and
operates independently of a central bank.
1. Bitcoin (BTC) - the first and largest cryptocurrency, created in 2009 by an unknown
person using the pseudonym Satoshi Nakamoto.
2. Ethereum (ETH) - a decentralized platform that enables the creation of smart contracts
and decentralized applications.
3. Binance Coin (BNB) - the native token of the Binance cryptocurrency exchange, used
to pay for trading fees and other exchange services.
4. Ripple (XRP) - a digital currency designed to facilitate cross-border payments for
financial institutions.
5. Cardano (ADA) - a smart contract platform that aims to provide more advanced
features than existing platforms like Ethereum.

54. What is eCheck? Explain the processing of eCheck.

An eCheck (electronic check) is a type of electronic payment that is similar to a traditional
paper check but is processed and cleared electronically.
The processing of an eCheck involves the following steps:
1. The payer provides their bank account information to the payee. This information
includes the bank routing number, account number, and the check number.
2. The payee initiates an electronic transfer of funds from the payer's bank account to
their own account.
3. The payer's bank receives the electronic request for payment and verifies that there are
sufficient funds in the payer's account to cover the payment.
4. The payer's bank debits the payer's account for the amount of the payment and sends a
confirmation of the transaction to both the payee and the payer.
29
 5. The payee's bank receives the payment and credits the payee's account.
6. The transaction is recorded in both the payer's and payee's bank records, and the
process is complete.
Overall, eChecks provide a faster and more convenient alternative to traditional paper
checks, while still providing the security and reliability of a traditional check.

55. What is virtual currency? Explain the various types of virtual currencies
popular in market.
Virtual currency is a digital or digital representation of value that can be traded and used as
a medium of exchange for goods and services. It operates independently of a central bank
and is not backed by any government or legal tender.
There are several types of virtual currencies popular in the market, including:
1. Cryptocurrencies - decentralized digital currencies, such as Bitcoin, Ethereum, and
Binance Coin, that use cryptography to secure transactions and control the creation of
new units.
2. Stablecoins - digital currencies that are pegged to the value of a real-world asset, such
as the US dollar, to reduce volatility. Examples include Tether and USDC.
3. Central Bank Digital Currencies (CBDCs) - digital currencies issued by central banks,
such as the People's Bank of China's Digital Currency Electronic Payment (DCEP).
4. Non-fungible tokens (NFTs) - unique digital assets that represent ownership of a
specific item or piece of content, such as a piece of artwork or a collectible.
5. Gaming currencies - virtual currencies used within online gaming platforms and
virtual worlds, such as World of Warcraft Gold.
It is important to note that while virtual currencies have gained popularity, they are still
highly speculative and come with significant risks, including regulatory uncertainty and price
volatility.

56. What is e-micropayments? Explain with the examples.

Micropayments refer to small, typically low-value transactions, often used for digital
content, online services, and other goods and services that are priced at a low cost. E-
micropayments are electronic micropayments that are made through the internet.
Examples of e-micropayments include:
1. Digital content purchases - buying a single song on an online music store, or
purchasing a single article from a digital news outlet.
2. Online service subscriptions - paying a monthly fee for access to an online service,
such as a cloud storage platform or an online game.
3. Mobile app purchases - paying for premium features or virtual goods within a mobile
app, such as unlocking additional levels in a game.
4. Digital currency transactions - making small payments using cryptocurrencies, such as
sending a few cents worth of Bitcoin to a friend.
E-micropayments offer a convenient and cost-effective way for consumers to purchase low-
cost goods and services online, and for merchants to offer these items for sale. The
widespread adoption of e-commerce and mobile devices has made e-micropayments more
accessible and widely used in recent years.
30
Describe the online processing of the credit card.
The online processing of a credit card involves the following steps:
1. Shopping Cart: The customer adds items to an online shopping cart and proceeds to
checkout.
2. Payment Information: The customer provides their credit card information, including
the card number, expiration date, and security code.
3. Authorization Request: The online merchant sends an authorization request to the card
issuer's processing network, which verifies that the card is valid and that there are
sufficient funds available to complete the transaction.
4. Authorization Response: The processing network responds with an authorization code,
indicating that the transaction is approved, or a decline message, indicating that the
transaction is not approved.
5. Settlement: If the transaction is approved, the funds are transferred from the
customer's credit card account to the merchant's account. This process typically takes a
few days.
6. Receipt: The customer receives a receipt for the transaction, either electronically or via
email.
7. Record Keeping: The transaction is recorded in the customer's and merchant's records,
and the process is complete.
Online credit card processing enables merchants to offer a convenient and secure payment
option for customers, as well as access to a wider customer base. It also offers customers the
ability to make purchases from the comfort of their own homes, without the need to carry
cash or visit a physical store.

57. Explain various cards which can be used for online payment.
There are several types of cards that can be used for online payment, including:
1. Credit Cards - The most commonly used cards for online payments, such as Visa,
Mastercard, and American Express. They allow customers to make purchases and pay
for them later, with the option to pay in full or carry a balance from month to month.
2. Debit Cards - Cards linked directly to a customer's checking account. They allow
customers to make purchases by withdrawing funds from their checking account in
real-time.
3. Prepaid Cards - Cards that are loaded with a set amount of funds, allowing customers
to make purchases up to the available balance.
4. E-wallets - Digital wallets that store card information, such as PayPal and Google Pay.
They allow customers to make purchases without having to enter their card
information each time.
5. Stored-Value Cards - Cards that are pre-loaded with a set amount of funds and can be
used for a specific purpose, such as gift cards or transit fare cards.
Each type of card offers different benefits and risks, and customers should carefully consider
the terms and conditions, fees, and security features before choosing a card for online
payments.

31
 58. What is bitcoin? Explain the advantages and disadvantages of using bitcoin
for payment.
Bitcoin is a decentralized digital currency that was created in 2009. It operates on a peer-to-
peer network, allowing users to make transactions directly with each other without the need
for a central authority. Transactions are recorded on a public ledger called the blockchain,
which ensures the integrity and security of the currency.
Advantages of using Bitcoin for payment:
1. Decentralized: As a decentralized currency, Bitcoin is not subject to government or
financial institution control, allowing for greater independence and security in
transactions.
2. Low fees: Bitcoin transactions typically have lower fees compared to traditional
payment methods, such as credit cards.
3. Fast: Transactions can be processed quickly and securely, without the need for
intermediaries such as banks.
4. Pseudonymous: Bitcoin transactions can be made without revealing the identity of the
buyer or seller, providing a higher level of privacy.
Disadvantages of using Bitcoin for payment:
1. Volatility: The value of Bitcoin can be highly volatile, making it a riskier form of
payment compared to traditional currencies.
2. Regulation: The regulatory landscape for Bitcoin is still uncertain, and the currency
may be subject to future restrictions or regulations.
3. Limited acceptance: Bitcoin is not widely accepted as a form of payment, and it may
be difficult to find merchants who accept it.
4. Technical knowledge: Using Bitcoin requires a certain level of technical knowledge
and understanding of the technology, making it less accessible to some users.
In conclusion, while Bitcoin offers several advantages as a form of payment, it also presents
a number of challenges and risks that should be carefully considered before using it. It is
important to thoroughly research and understand the technology and the risks involved
before using it for payments.

59. Explain the various wallets popular in Nepal.

As of my training data cut off in 2021, the following are some of the popular wallets in
Nepal:
1. eSewa: eSewa is a digital wallet and mobile payment service that allows users to make
payments for a variety of services, such as mobile top-up, bill payments, and online
shopping.
2. Khalti: Khalti is a digital wallet that provides a platform for mobile and online
payments, bill payments, and mobile top-up.
3. IME Pay: IME Pay is a mobile and online payment service offered by International
Money Express, which allows users to make payments, send money, and top-up their
mobile balance.
4. Prabhu Pay: Prabhu Pay is a digital wallet and mobile payment service that allows
users to make payments for a variety of services, such as bill payments and mobile
top-up.

32
5. Nepal Investment Bank Mobile Banking: Nepal Investment Bank Mobile Banking is a
mobile banking service that allows users to access their bank account, make payments,
and transfer money using their mobile devices.

Explain four Pillars of e-commerce infrastructures

The four pillars of e-commerce infrastructure are:

Technology: This includes the website platform, payment gateway, and other technical
components that support the e-commerce site's functionality.

Logistics: This includes the management of orders, shipping, returns, and customer
service.

Marketing: This includes the strategies and tactics used to attract and retain customers,
such as search engine optimization, pay-per-click advertising, email marketing, and
social media marketing.

Operations: This includes the management of inventory, financials, and other

operational processes that support the day-to-day running of the e-commerce business.

These four pillars work together to create a seamless and efficient e-commerce
infrastructure, allowing businesses to effectively reach, engage, and retain customers,
and grow their business.

Describe framework of m-commerce applications.

The framework of m-commerce applications consists of the following components:

User Interface: This includes the design and layout of the mobile application, as well
as its navigation, buttons, and other interactive elements. The user interface should be
optimized for mobile devices and provide a seamless user experience.

Mobile Payment System: This is a secure payment platform that enables customers to
make purchases through their mobile devices. It should support various payment
methods, including credit cards, mobile wallets, and online bank transfers.

Mobile Marketing: This involves the use of mobile-specific marketing techniques,

such as SMS, push notifications, and mobile-optimized email campaigns, to engage
with customers and drive sales.

Mobile Analytics: This involves tracking and analyzing customer behavior and data,
such as site traffic, conversion rates, and customer demographics, to improve the
overall m-commerce experience and inform marketing strategies.

Security and Privacy: This includes the implementation of secure protocols and
encryption methods to protect customer data and prevent fraud.
33
Discuss in details security defends strategies that you can implement while
securing e-commerce system from security attacks and threats.

Securing an e-commerce system is critical for protecting sensitive customer

information, such as credit card numbers, personal addresses, and login credentials.
Here are some of the key security defenses strategies that can be implemented to
secure e-commerce systems from security attacks and threats:

SSL/TLS Encryption: This encryption protocol ensures that all communication

between the customer and the e-commerce site is secure and protected from
eavesdropping and tampering.

Firewalls: A firewall is a network security system that monitors incoming and

outgoing network traffic and allows or blocks traffic based on predetermined security
rules.

Secure Payment Processing: Implementing secure payment processing systems, such

as PCI DSS (Payment Card Industry Data Security Standard), helps protect sensitive
payment information during transactions.

Strong Password Policy: Requiring strong passwords and regular password changes
can help prevent unauthorized access to customer accounts.

Regular Software Updates: Keeping all software, including the e-commerce platform,
web server, and payment processing systems, up-to-date with the latest security
patches can help prevent potential security vulnerabilities.

Monitoring and Logging: Regular monitoring and logging of e-commerce activity can
help identify and respond to potential security incidents.

Penetration Testing: Regular penetration testing can help identify potential security
vulnerabilities in the e-commerce system before they can be exploited by attackers.

Employee Training: Educating employees on security best practices and the

importance of security can help prevent security incidents caused by human error.

It is important to regularly review and update these strategies to ensure the ongoing
security of e-commerce systems.

Difference between Pure and Partial E-Commerce

34
35