Deck 5: E-Commerce Security and Payment Systems

A) Ethereum.
B) Ripple.
C) Zelle.
D) Monero.

A) HTML
B) HTML5
C) Adobe Flash
D) Adobe Acrobat

A) your e-mail being read by a hacker
B) your online purchasing history being sold to other merchants without your consent
C) your computer being used as part of a botnet
D) your e-mail being altered by a hacker

A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity

A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity

A) theft of a computer
B) accidental disclosures
C) hackers
D) DDoS attacks

A) A website is not actually operated by the entity the customer believes it to be.
B) A merchant uses customer information in a manner not intended by the customer.
C) A customer denies that he is the person who placed the order.
D) An unauthorized person intercepts an online communication and changes its contents.

A) less than 1%
B) around 5%
C) around 10%
D) around 15%

A) Confidentiality
B) Integrity
C) Privacy
D) Availability

A) spyware.
B) a backdoor.
C) browser parasite.
D) adware.

A) privacy.
B) authenticity.
C) integrity.
D) nonrepudiation.

A) lost cards
B) the hacking and looting of corporate servers storing credit card information
C) sniffing programs
D) phishing attacks

A) According to the Identity Theft Resource Center, the number of breaches in 2017 increased by almost 45% from 2016.
B) According to the Identity Theft Resource Center, over 50% of data breaches involved social security numbers.
C) According to the Identity Theft Resource Center, employee error was the leading cause of data breaches.
D) According to the Identity Theft Resource Center, data breaches involving the business sector represented over 55% of all breaches.

A) data integrity
B) technology
C) organizational policies
D) laws and industry standards

A) virus.
B) worm.
C) Trojan horse.
D) botnet.

A) social network security issue.
B) cloud security issue.
C) mobile platform security issue.
D) sniffing issue.

A) China.
B) Russia.
C) Nigeria.
D) North Korea.

A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity

A) Stuxnet
B) Shamoon
C) Snake
D) Storm

A) Trojan horse.
B) backdoor.
C) drive-by download.
D) PUP.

A) Crackers
B) White hats
C) Grey hats
D) Hacktivists

A) malicious insiders
B) malicious code
C) denial of service
D) botnets

A) scareware
B) Trojan horse
C) bot
D) sniffer

A) worm
B) botnet
C) phishing
D) hacktivism

A) integrity
B) availability
C) integrity and authenticity
D) availability and integrity

A) 15%
B) 45%
C) 55%
D) 75%

A) sniffing
B) social engineering
C) pharming
D) DDoS attack

A) SQL injection attack
B) browser parasite
C) DDoS attack
D) MitM attack

A) adware
B) browser parasite
C) drive-by download
D) spyware

A) public key cryptography.
B) secret key cryptography.
C) PGP.
D) PKI.

A) an application-centric approach to firewall control.
B) the ability to identify applications regardless of the port, protocol, or security evasion tools used.
C) the ability to automatically update applications with security patches.
D) the ability to identify users regardless of the device or IP address.

A) it implements a more robust key exchange protocol.
B) it enables the creation of a VPN.
C) it provides a more secure way to connect IoT devices.
D) it features expanded encryption for public networks.

A) Apple's Touch ID stores a digital replica of a user's actual fingerprint in Apple's iCloud.
B) Biometric devices reduce the opportunity for spoofing.
C) A retina scan is an example of a biometric device.
D) Biometric data stored on an iPhone is encrypted.

A) SSL/TLS.
B) digital certificates.
C) VPN.
D) FTP.

A) public key cryptography uses two mathematically related digital keys.
B) public key cryptography ensures authentication of the sender.
C) public key cryptography does not ensure message integrity.
D) public key cryptography is based on the idea of irreversible mathematical functions.

A) firewalls.
B) application gateways.
C) dual home systems.
D) packet filters.

A) firewalls
B) proxy servers
C) digital signatures
D) login passwords

A) 8
B) 56
C) 256
D) 512

A) firewall
B) virtual private network
C) proxy server
D) PPTP

A) the term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties.
B) PKI is not effective against insiders who have a legitimate access to corporate systems including customer information.
C) PKI guarantees that the verifying computer of the merchant is secure.
D) the acronym PKI stands for public key infrastructure.

A) examining network traffic.
B) setting off an alarm when suspicious activity is detected.
C) checking network traffic to see if it matches certain patterns or preconfigured rules.
D) blocking suspicious activity.

A) A VPN provides both confidentiality and integrity.
B) A VPN uses both authentication and encryption.
C) A VPN uses a dedicated secure line.
D) The primary use of VPNs is to establish secure communications among business partners.

A) in symmetric key cryptography, both the sender and the receiver use the same key to encrypt and decrypt a message.
B) the Data Encryption Standard is a symmetric key encryption system.
C) symmetric key cryptography is computationally slower.
D) symmetric key cryptography is a key element in digital envelopes.

A) digital signatures.
B) certificates of authority.
C) biometric devices.
D) packet filters.

A) confidentiality
B) availability
C) message integrity
D) nonrepudiation

A) subject's private key.
B) subject's public key.
C) digital signature of the certification authority.
D) digital certificate serial number.

A) biometrics
B) encryption
C) IDS
D) firewall

A) DES
B) NFC
C) IM
D) text messaging

A) The computational power required to mine Bitcoins has increased over time.
B) Bitcoins are completely secure.
C) Bitcoins are illegal in some countries.
D) In 2018, Bitcoin reprsented just under 40% of the full market for cryptocurrencies.

A) poor security.
B) cost to consumers.
C) cost to merchant.
D) social equity.

A) the banking industry
B) the credit card industry
C) the federal government
D) the retail industry

A) Mobile retail payment volume decreases.
B) PayPal remains the most popular alternative payment method.
C) Large banks enter the mobile wallet and P2P payments market.
D) Payment by credit and/or debit card remains the dominant form of online payment.

A) A majority of states require companies that maintain personal data on their residents to publicly disclose when a security breach affecting those residents has occurred.
B) The USA Patriot Act broadly expanded law enforcement's investigative and surveillance powers.
C) The Cybersecurity Information Sharing Act was strongly supported by most large technology companies and privacy advocates.
D) The Federal Trade Commission has asserted that it has authority over corporations' data security practices.

A) A blockchain system is composed of a distributed network of computers.
B) A blockchain system is inherently centralized.
C) A blockchain system is a transaction processing system.
D) Cryptocurrencies are based on blockchain technology.

A) online stored value payment system
B) digital checking system
C) accumulating balance system
D) digital credit card system

A) a firewall.
B) an authorization management system.
C) security tokens.
D) an authorization policy.

A) Apple Pay is the most popular alternative payment method in the United States.
B) Apple Pay is an example of a universal proximity mobile wallet.
C) Apple Pay can be used for mobile payments at the point of sale at a physical store.
D) Apple Pay has more users than either Google Pay or Samsung Pay.

A) Create a security organization.
B) Develop a security policy.
C) Perform a risk assessment.
D) Perform a security audit.

A) DES
B) SSL/TLS
C) VPN
D) HTTP