- Information
- AI Chat
Chapter 5 - E-commerce
E-commerce
Girne Amerikan Üniversitesi
Preview text
2016: Business. Technology. Society., 12e (Laudon) Chapter 5 Security and Payment Systems 1) Confidentiality is sometimes confused with: A) privacy. B) authenticity. C) integrity. D) nonrepudiation. Answer: A Difficulty: Easy AACSB: Application of knowledge LO: 5: Understand the scope of crime and security problems, the key dimensions of security, and the tension between security and other values. 2) refers to the ability to ensure that participants do not deny their online actions. A) Nonrepudiation B) Authenticity C) Availability D) Integrity Answer: A Difficulty: Moderate AACSB: Information technology LO: 5: Understand the scope of crime and security problems, the key dimensions of security, and the tension between security and other values. !1 Copyright 2017 Pearson Education, Inc. 3) refers to the ability to identify the person or entity with whom you are dealing on the Internet. A) Nonrepudiation B) Authenticity C) Availability D) Integrity Answer: B Difficulty: Moderate AACSB: Information technology LO: 5: Understand the scope of crime and security problems, the key dimensions of security, and the tension between security and other values. !2 Copyright 2017 Pearson Education, Inc. C) your computer being used as part of a botnet D) your being altered a hacker Answer: B Difficulty: Moderate AACSB: Analytical thinking LO: 5: Understand the scope of crime and security problems, the key dimensions of security, and the tension between security and other values. 7) refers to the ability to ensure that messages and data are only available to those authorized to view them. A) Confidentiality B) Integrity C) Privacy D) Availability Answer: A Difficulty: Moderate AACSB: Information technology LO: 5: Understand the scope of crime and security problems, the key dimensions of security, and the tension between security and other values. !4 Copyright 2017 Pearson Education, Inc. 8) Typically, the more security measures added to an site, the faster and easier it becomes to use. Answer: FALSE Difficulty: Moderate AACSB: Information technology LO: 5: Understand the scope of crime and security problems, the key dimensions of security, and the tension between security and other values. 9) Why is it difficult to accurately estimate the actual amount of cybercrime? Answer: It is difficult to accurately estimate the actual amount of cybercrime in part because many companies are hesitant to report it due to the fear of losing the trust of their customers, and because even if crime is reported, it may be difficult to quantify the actual dollar amount of the loss. Difficulty: Moderate AACSB: Analytical Written and oral communication LO: 5: Understand the scope of crime and security problems, the key dimensions of security, and the tension between security and other values. 10) All of the following experienced data breaches in 2014 except: A) eBay. B) Home Depot. C) Amazon. D) Sony. Answer: C Difficulty: Moderate AACSB: Application of knowledge LO: 5: Identify the key security threats in the environment. !5 Copyright 2017 Pearson Education, Inc. C) Adobe Flash D) Adobe Acrobat Answer: C Difficulty: Moderate AACSB: Information technology LO: 5: Identify the key security threats in the environment. 14) Accessing data without authorization on Dropbox is an example of which of the following? A) social network security issue B) cloud security issue C) mobile platform security issue D) sniffing Answer: B Difficulty: Moderate AACSB: Information technology LO: 5: Identify the key security threats in the environment. 15) All of the following are prominent hacktivist groups except: A) Anonymous. B) LulzSec. C) Impact Team. D) Avid Life. Answer: D Difficulty: Moderate AACSB: Information technology !7 Copyright 2017 Pearson Education, Inc. LO: 5: Identify the key security threats in the environment. 16) Slammer is an example of which of the following? A) virus B) worm C) Trojan horse D) botnet Answer: B Difficulty: Moderate AACSB: Information technology LO: 5: Identify the key security threats in the environment. !8 Copyright 2017 Pearson Education, Inc. D) a browser parasite Answer: A Difficulty: Easy AACSB: Information technology LO: 5: Identify the key security threats in the environment. 20) What is the most frequent cause of stolen credit cards and card information today? A) lost cards B) the hacking and looting of corporate servers storing credit card information C) sniffing programs D) phishing attacks Answer: B Difficulty: Moderate AACSB: Information technology LO: 5: Identify the key security threats in the environment. !10 Copyright 2017 Pearson Education, Inc. 21) Which dimension(s) of security is spoofing a threat to? A) integrity B) availability C) integrity and authenticity D) availability and integrity Answer: C Difficulty: Difficult AACSB: Analytical thinking LO: 5: Identify the key security threats in the environment. 22) Which of the following is not an example of malicious code? A) scareware B) Trojan horse C) bot D) sniffer Answer: D Difficulty: Moderate AACSB: Information technology LO: 5: Identify the key security threats in the environment. 23) Zeus is an example of which of the following? A) SQL injection attack B) browser parasite C) DDoS attack !11 Copyright 2017 Pearson Education, Inc. 25) Malware that comes with a downloaded file that a user requests is called a: A) Trojan horse. B) backdoor. C) download. D) PUP. Answer: C Difficulty: Moderate AACSB: Information technology LO: 5: Identify the key security threats in the environment. 26) Which of the following is not an example of a PUP? A) adware B) browser parasite C) download D) spyware Answer: C Difficulty: Difficult AACSB: Information technology LO: 5: Identify the key security threats in the environment. 27) Which of the following was designed to cripple Iranian nuclear centrifuges? A) Stuxnet B) Flame C) Snake !13 Copyright 2017 Pearson Education, Inc. D) Storm Answer: A Difficulty: Moderate AACSB: Information technology LO: 5: Identify the key security threats in the environment. 28) Automatically redirecting a Web link to a different address is an example of which of the following? A) sniffing B) social engineering C) pharming D) DDoS attack Answer: C Difficulty: Moderate AACSB: Information technology LO: 5: Identify the key security threats in the environment. !14 Copyright 2017 Pearson Education, Inc. D) Hacktivists Answer: D Difficulty: Moderate AACSB: Information technology LO: 5: Identify the key security threats in the environment. 32) A worm does not need to be activated a user in order for it to replicate itself. Answer: TRUE Difficulty: Moderate AACSB: Information technology LO: 5: Identify the key security threats in the environment. 33) A Trojan horse appears to be benign, but then does something other than expected. Answer: TRUE Difficulty: Moderate AACSB: Information technology LO: 5: Identify the key security threats in the environment. !16 Copyright 2017 Pearson Education, Inc. 34) Phishing attacks rely on browser parasites. Answer: FALSE Difficulty: Moderate AACSB: Information technology LO: 5: Identify the key security threats in the environment. 35) CryptoLocker is an example of ransomware. Answer: TRUE Difficulty: Moderate AACSB: Information technology LO: 5: Identify the key security threats in the environment. 36) Spoofing a Web site is a threat to the integrity of the Web site. Answer: TRUE Difficulty: Difficult AACSB: Information technology LO: 5: Identify the key security threats in the environment. 37) Exploit kits are often rented or sold as a commercial product. Answer: TRUE Difficulty: Moderate AACSB: Information technology LO: 5: Identify the key security threats in the environment. 38) Vishing attacks exploit SMS messages. !17 Copyright 2017 Pearson Education, Inc. 40) What is the Internet of Things (IoT) and what security issues and challenges does it raise? Answer: The Internet of Things (IoT) involves the use of the Internet to connect a wide variety of sensors, devices, and machines, and is powering the development of a multitude of smart connected things, such as home electronics (smart TVs, thermostats, home security systems, and more), connected cars, medical devices and industrial equipment that supports manufacturing, energy, transportation, and other industrial sectors. IoT raises a host of security issues that are in some ways similar to existing security issues, but even more challenging, given the need to deal with a wider range of devices, operating in a less controlled, global environment, and with an expanded range of attack. In a world of connected things, the devices, the data produced and used the devices, and the systems and applications supported those devices, can all potentially be attacked. IoT poses a number of unique security challenges. For instance, many IoT devices, such as sensors, are intended to be deployed on a much greater scale than traditional devices, creating a vast quantity of interconnected links that can be exploited. Existing tools, methods, and strategies need to be developed to deal with this unprecedented scale. Many instances of IoT consist of collections of identical devices that all have the same characteristics, which magnifies the potential impact of security vulnerabilities. Many IoT devices are anticipated to have a much longer service life than typical equipment, which raises the possibility that devices may manufacturer, leaving them without support that creates persistent vulnerabilities. Many IoT devices are intentionally designed without the ability to be upgraded, or the upgrade process is difficult, which raises the possibility that vulnerable devices cannot or will not be fixed, leaving them perpetually vulnerable. Many IoT devices do not provide the user with visibility into the workings of the device or the data being produced, nor alert the user when a security problem arises, so users may believe an IoT device is functioning as intended when in fact, it may be performing in a malicious manner. Finally, some IoT devices, such as sensors, are unobtrusively embedded in the environment such that a user may not even be aware of the device, so a security breach might persist for a long time before being noticed. Difficulty: Moderate AACSB: Analytical Information Written and oral communication LO: 5: Identify the key security threats in the environment. 41) Discuss the Great Cannon. Who developed it, how has it been used, and how does it differ from the Great Firewall? Answer: The Great Cannon is the nickname given researchers to a tool believed to be developed China that was used to launch a major DDoS attack in March 2015 against the software development platform GitHub, aimed specifically at two Chinese !19 Copyright 2017 Pearson Education, Inc. projects hosted on the platform. Although originally thought to be part of the Great Firewall, which is a system developed China that allows it to censor Internet traffic, further investigation revealed that the Great Cannon appears to be a separate distinct offensive system that is with the Great Firewall. The Great Cannon enables hackers to hijack traffic to individual IP addresses and uses a attack to replace unencrypted content between a Web server and the user with malicious Javascript that would load the two GitHub project pages every two seconds. Difficulty: Moderate AACSB: Analytical Information Written and oral communication LO: 5: Identify the key security threats in the environment. 42) What is a sniffing attack and how does it differ from a MitM attack? Answer: A sniffer is a type of eavesdropping program that monitors information traveling over a network. When used legitimately in a sniffing attack, hackers use sniffers to steal proprietary information from a network, including passwords, messages, company files, and confidential reports. A (MitM) attack also involves eavesdropping but is more active than a sniffing attack, which typically involves passive monitoring. In a MitM attack, the attacker is able to intercept communications between two parties who believe they are directly communicating with one another, when in fact the attacker is controlling the communications. Difficulty: Moderate AACSB: Analytical Information Written and oral communication LO: 5: Identify the key security threats in the environment. 43) Discuss and explain the various types of malicious code and how they work. Include the different types of viruses. Answer: Malicious code includes a variety of threats such as viruses, worms, Trojan horses, ransomware, and bot programs. A virus is a computer program that can replicate or make copies of itself and spread to other files. Viruses can range in severity from simple programs that display a message or graphic as a to more malevolent code that will destroy files or reformat the hard drive of a computer, causing programs to run incorrectly. Worms are designed to spread not only from file to file but from computer to computer and do not necessarily need to be activated in order to replicate. A Trojan horse is not itself a virus because it does not replicate but it is a method which viruses or other malicious code can be introduced into a computer system. It !20 Copyright 2017 Pearson Education, Inc.
Chapter 5 - E-commerce
Course: E-commerce
University: Girne Amerikan Üniversitesi
- More from:E-commerceGirne Amerikan Üniversitesi17 Documents
