Deck 9: E-Commerce Security and Fraud Protection

A) Spamming
B) Pretexting
C) Social engineering
D) Phishing

A) information security.
B) security audit.
C) anti-virus protection.
D) incident management.

A) IPS
B) DOS
C) VPN
D) DNS

A) Internet underground economy
B) Denial of service
C) Cybercriminal
D) Virtual private network

A) Biometric
B) Keystroke logging
C) Access control
D) Intrusion detection

A) total cost of ownership.
B) present value of risk.
C) exposure.
D) risk feasibility assessment.

A) cyberspy.
B) cracker.
C) web surfer.
D) Internet commando.

A) electronic splogging.
B) cyberworming.
C) page hijacking.
D) spamming.

A) cyberraid.
B) denial-of-service attack.
C) cyberhijacking.
D) botnet infestation.

A) information assurance.
B) data integrity.
C) information integrity.
D) human firewall.

A) NOS.
B) ad-aware.
C) spynet.
D) malware.

A) virus.
B) worm.
C) Trojan horse.
D) botnet.

A) risk.
B) feasibility.
C) security fault.
D) splog point.

A) end-user training and security awareness.
B) lax security with mobile devices.
C) inappropriate use of business computers and network services.
D) closed systems not reacting quickly enough to security breaches.

A) integrity.
B) availability.
C) authentication.
D) nonrepudiation.

A) splog.
B) social engineering.
C) viral email.
D) identity theft.

A) fraud servers.
B) electronic defenders.
C) zombies.
D) cyber warriors.

A) security audit specifications.
B) business continuity plan.
C) vulnerability assessment plan.
D) project initiation plan.

A) vulnerability assessment.
B) security audit.
C) authentication.
D) authorization.

A) feasibility assessment.
B) EC security strategy.
C) information systems security plan.
D) disaster recovery plan.

A) integrity.
B) availability.
C) authorization.
D) nonrepudiation.

A) splog.
B) tidal wave.
C) Trojan horse.
D) worm.

A) human errors.
B) environmental hazards.
C) computer system malfunctions.
D) identity theft.

A) poor application security.
B) weak boundary security.
C) lack of environmental support.
D) unencrypted communications.

A) hacker.
B) network technician.
C) cyberwarrior.
D) cyberseeker.

A) collection of a few hundred hijacked Internet computers that have been set up to forward traffic, including spam and viruses, to other computers on the Internet.
B) piece of software code that inserts itself into a host or operating system to launch DoS attacks.
C) piece of code in a worm that spreads rapidly and exploits some known vulnerability.
D) coordinated network of computers that can scan and compromise other computers and launch DoS attacks.

A) sophisticated hackers use browsers to crack into Web sites.
B) strong EC security makes online shopping inconvenient and demanding on customers.
C) there is a lack of cooperation from credit card issuers and foreign ISPs.
D) online shoppers do not take necessary precautions to avoid becoming a victim.

A) biometric systems
B) human firewalls
C) intrusion detection systems
D) access control lists

A) data wrapping.
B) message envelope.
C) protocol tunneling.
D) Trojan horse.

A) a digital signature is the electronic equivalent of a personal signature, which can be forged.
B) digital signatures are based on public keys for authenticating the identity of the sender of a message or document.
C) digital signatures ensure that the original content of an electronic message or document is unchanged.
D) digital signatures are portable.

A) Trojan page.
B) spam site.
C) zombie.
D) search engine imposter.

A) spontaneity
B) confidentiality
C) integrity
D) availability

A) business continuity plan.
B) business impact analysis.
C) vulnerability assessment.
D) computer security incident management.

A) locking code.
B) Sharpe ratio.
C) hash.
D) standard deviation.

A) they are less expensive than private leased lines because they use the public Internet to carry information.
B) they ensure the confidentiality and integrity of the data transmitted over the Internet without requiring encryption.
C) they can reduce communication costs dramatically because VPN equipment is cheaper than other remote solutions.
D) remote users can use broadband connections rather than make long distance calls to access an organization's private network.

A) integrity
B) availability
C) confidentiality
D) security

A) spyware.
B) Trojan horse.
C) zombie.
D) search engine spam.

A) the commitment and involvement of executive management.
B) layers of hardware and software defenses.
C) information security policies and training.
D) secure design of EC applications.

A) key space.
B) encryption algorithm.
C) locking algorithm.
D) public key infrastructure.

A) vulnerability assessment.
B) penetration test.
C) security breach.
D) cyber audit.

A) determinate.
B) encryption code.
C) encryption lock.
D) key space.

A) encryption, functionality, and privacy.
B) quality, reliability, and speed.
C) authentication, authorization, and nonrepudiation.
D) confidentiality, integrity, and availability.

A) vulnerability assessment
B) feasibility assessment
C) initial security report
D) certification audit

A) reference rate.
B) message digest.
C) digital certificate.
D) key code.

A) access control determines which persons, programs, or machines can legitimately use a network resource and which resources he, she, or it can use.
B) access control lists (ACLs) define users' rights, such as what they are allowed to read, view, write, print, copy, delete, execute, modify, or move.
C) all resources need to be considered together to identify the rights of users or categories of users.
D) after a user has been identified, the user must be authenticated.