The easiest and least expensive way to prevent threats to system integrity is to install anti-virus software (T/F)
Digital cash is legal tender that is instantly convertible into other forms of value without the intermediation of any third parties
Phishing attacks rely on browser parasites
The U.S. federal government has historically not been in favor of the development and export of strong encryption systems.
In order to accept payments by credit card, online merchants typically must have a merchant account established with a bank or financial institution
________ refers to the ability to ensure that messages and data are only available to those authorized to view them
All of the following statements about public key encryption are true except:
. public key encryption uses two mathematically related digital keys.
. public key encryption ensures authentication of the sender.
. public key encryption does not ensure message integrity.
. public key encryption is based on the idea of irreversible mathematical functions.
public key encryption does not ensure message integrity.
Which of the following countries has been found to have engaged in cyberespionage against Google?
An intrusion detection system can perform all of the following functions except:
Blocking suspicious activity
Which of the following is not an example of a PUP?
. browser parasite
. drive-by download
Which of the following did Dropbox implement after a series of security snafus in 2011 and 2012?
c. two-factor authentication
We Will Write a Custom Essay Specifically
For You For Only $13.90/page!
d. anti-virus software
Proxy servers are also known as
Online bill payments are believed to cost ________ to process compared to ________ for paper bills.
20 to 30 cents, $3 to $7
All the following statements about symmetric key encryption are true except:
. in symmetric key encryption, both the sender and the receiver use the same key to encrypt and decrypt a message.
. the Data Encryption Standard is a symmetric key encryption system.
. symmetric key encryption is computationally slower.
. symmetric key encryption is a key element in digital envelopes.
symmetric key encryption is computationally slower.
P2P payment systems are a variation on what type of payment system?
stored value payment system
Which of the following is not an example of an access control?
. proxy servers
. digital signatures
. login passwords
None of the following payment systems offers immediate monetary value except:
A) personal checks.
B) credit cards.
C) stored value/debit card.
D) accumulating balance.
stored value/debit card.
Reventon is an example of:
Which of the following dimensions of e-commerce security is not provided for by encryption?
. message integrity
Spoofing involves attempting to hide a true identity by using someone else’s e-mail or IP address
TLS does not guarantee server-side authentication
A worm does not need to be activated by a user in order for it to replicate itself
Smishing attacks exploit SMS messages
Rustock is an example of which of the following?
An example of a privacy violation of e-commerce security is:
your online purchasing history being sold to other merchants without your consent.
Which of the following is an example of an integrity violation of e-commerce security?
A) A Web site is not actually operated by the entity the customer believes it to be.
B) A merchant uses customer information in a manner not intended by the customer.
C) A customer denies that he or she is the person who placed the order.
D) An unauthorized person intercepts an online communication and changes its contents.
. An unauthorized person intercepts an online communication and changes its contents.
Which of the following is the current standard used to protect Wi-Fi networks?
The overall rate of online credit card fraud is ________ % of all online card transactions.
Less than 1%
All of the following are limitations of the existing online credit card payment system except:
. poor security.
. cost to consumers.
. cost to merchant.
. social equity.
Cost to consumers
A digital certificate contains all of the following except the:
. subject’s private key.
. subject’s public key.
. digital signature of the certification authority.
. digital certificate serial number.
Subject’s private key
Which of the following is a set of short-range wireless technologies used to share information among devices within about 2 inches of each other?
All of the following statements about PKI are true except
. The term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties.
. PKI is not effective against insiders who have a legitimate access to corporate systems including customer information.
. PKI guarantees that the verifying computer of the merchant is secure.
. The acronym PKI stands for public key infrastructure.
. PKI guarantees that the verifying computer of the merchant is secure.
All of the following are factors in contributing to the increase in cybercrime except:
. the ability to remotely access the Internet.
. the Internet’s similarity to telephone networks.
. the ability to anonymously access the Internet.
. the Internet is an open, vulnerable design.
The Internet’s similarity to telephone networks
Linden Dollars, created for use in Second Life, are an example of:
. Insiders present a greater security threat to e-commerce sites than outsiders
. Most of the world’s spam is delivered via which of the following?
The research firm Cybersource estimated that online credit card fraud in the United States amounted to about ________ in 2012.
The Data Encryption Standard uses a(n) _____ bit key.
Symmetric key encryption is also known as:
Secret Key Encryption
Which dimension(s) of security is spoofing a threat to?
Integrity and Authenticity
Software that is used to obtain private user information such as a user’s keystrokes or copies of e-mail is referred to as:
All of the following are methods of securing channels of communication except:
Prior to the development of e-commerce, Web sites primarily delivered static content. T/F
Upgrading a server from a single processor to multiple processors is an example of scaling a site horizontally. T/F
Mobile Web apps are typically built using HTML5 and Java.
Apache Web server software is based on Microsoft’s Windows operating system.
The annual maintenance cost for a Web site is likely to be as high as its development cost.
4 kinds of e-commerce presence
Which of the following typically includes a data flow diagram to describe the flow of information for an e-commerce site?
. physical design
. logical design
. testing plan
. co-location plan
A system design has two main components:
a logical design and a physical design
All of the following are basic functionality provided by Web servers except:
A) a product catalog.
B) marketing software
C) a shopping cart.
D) credit card processing.
A shopping cart
All of the following are simple steps for optimizing Web page content that can reduce response times except:
reducing unnecessary HTML comments.
Using more efficient graphics.
Avoiding unnecessary links to other pages on the site.
Segmenting computer servers to perform dedicated functions.
– segmenting computer servers to perform dedicated functions
Offline media is typically used for all of the following marketing activities except:
All of the following are methods of improving the processing architecture of a Web site except:
a) separating static content from dynamic content
b) optimizing ASP code
c) optimizing database schema
d) adding web servers
Adding web servers
Which of the following technologies could you use to place the content of your Web site in a database so that you can then dynamically generate requests for pages?
-Apache web server
Which of the following is not a main factor in determining overall demand for an e-commerce site?
-static file sizes
-number of items in inventory
-type of content
Static File Size
________ verifies that the business objectives of the system as originally conceived are in fact working.
In order from beginning to end, the major steps in the SDLC, are:
building the system;
Which of the following is an example of a CMS?
What are the two most important management challenges in building a successful e-commerce presence?
-developing a clear understanding of business objectives -knowing how to choose the right technology to achieve those objectives
Which of the following details the actual hardware components to be used in a system?
One of the most important challenges in developing an e-commerce presence is understanding that the technology must drive the business. T/F
The systems development life cycle methodology is useful when creating an e-commerce Web site.
Storing HTML pages in RAM rather than on a server’s hard drive is an inexpensive way to fine-tune the processing architecture of a Web site. T/F
All of the following are basic information requirements for a product database except:
.customer ID numbers
Customer ID number
Which of the following is the least expensive path to creating a mobile Internet presence?
Resizing a website for mobile use
The term stateless refers to the fact that:
the server does not have to maintain an ongoing dedicated interaction with the client computer.
Most of the time required to maintain an e-commerce site is spent on:
general administration and making changes and enhancements to the system.
The cost of hardware, software, and telecommunications services needed to build a Web site have ________ over the last decade.
Advantages of dynamic page generation include all of the following except:
a) lowered menu costs
c) nearly cost-free price discrimination
d) client-side execution of programming
Client-side execution of programming
Which of the following is used to process certificates and private/public key information?
D) data capture tools
An e-commerce Web site that processes orders requires, at minimum, a ________ system architecture.
The leading Web server software is
All of the following are important factors in Web site optimization except:
.selecting keywords and page titles
.identifying market niches for your services or products
.buying search engine ads
.adhering to accessibility guidelines.
Adhering to accessibility guidelines
Using prebuilt templates is typically one of the most cost-effective choices when building a Web
The Web server software used does not significantly impact how a Web site’s Web pages look on users’:
________ involves testing a site program’s modules one at a time.
All of the following might be part of a Web site’s middle-tier layer except:
.a database server
.an ad server
.legacy corporate applications
.a mail server.
Legacy corporate applications
The structure of a market is described in terms of:
Direct competition, suppliers and substitute products
Which system functionality must your Web site have in order to be able to personalize or customize a product for a client?
an ad server
a site tracking and reporting system
an inventory management system
customer on-site tracking
customer on-site tracking
The primary way a Web site is able to personalize the content presented to a visitor is through the use of:
Which of the following helps you understand the marketing effectiveness of your e-commerce site?
site tracking and reporting system
inventory management system
Site tracking and reporting system
Organized collection of logically related data;
self-describing collection of integrated tables
Group of records of same type
Group of related fields
Group of characters as word(s) or umber
Hierarchy in Database
Field, Record, File, Database
Stored representations of meaningful objects and events
Numbers, text, dates
Images, video, documents
Data processed to increase knowledge in the person using the data
descriptions of the properties or characteristics of the data, including data types, field sizes, allowable values and data context (limit of what data can be..gpa can be 0-4 and 3 number places)
Helps us understand the data
Problems with traditional file environment (maintained separately by different departments)
Program-data dependence (change program requires change in data)
Lack of flexibility
Lack of data sharing and availability
Database Management System (DBMS)
Interfaces between applications and physical data files
Separates logical and physical views of data
Solves problems of traditional file environment
Components of DBMS
Users > Database application > SQL > DBMS > Database UASMD
What is the Dominant Database System?
Sequential Query Language
JET (joint engine technology)
Joint Engine Technology
Database that is used as underlying database engine for Access
Components of Databases
Person, place, thing that we identify (people, cars)
Can be tangible or abstract
Each characteristic, or quality, describing the entity
(name, address, DL number)
Exist between entities
Occurrence of an entity (Human is entity, Spencer is instance)
Efficient way to capture data, imply entities, attributes and relationships
Data Definition Capability
Specifies structure of database content, used to create tables and define characteristics of fields
Automated or manual file storing definitions of data elements and their characteristics
Data Manipulation Language
Used to add, change, delete, retrieve data from database (SQL)
Entity Relationship Diaram
Used by database designers to document the data model and illustrate relationships between entities
Storing database in more than one place
Separate locations store different parts of database
Central database duplicated in entirety at different locations
3 Key techniques Database Approach
1. Data warehousing
2. Data mining (looking for relationships)
3. Tools for accessing internal databases throughout the web
Tools for consolidating, analyzing and providing access to vast amounts of data to help users make better business decisions
Principle tools of business intelligence include:
Software for database query and reporting
Online analytical processing (OLAP)
Online Analytical Processing (OLAP)
Supports multidimensional data analysis (each aspect of info is different dimension) and enables rapid, online answers to ad hoc queries
Finds hidden patterns, relationships in large databases and infers rules to predict future behavior (discovery driven)
Uses data mining techniques, historical data and assumptions about future conditions to predict outcomes of events (prob customer will respond to offer)
Extracts key elements from large, unstructured data sets (stored e-mails)
Advantages of using web for database access
Ease of use of browser software
Web interface requires few or no changes to database
Inexpensive to add web interface to system
Firm’s rules, procedures, roles for sharing, managing, standardizing data
Firm function responsible for specific policies and procedures to manage data
Policies and processes for managing availability, usability, integrity and security of enterprise data, especially as it relates to gov regulations
Defining, organizing, implementing, maintaining database; performed by database design and management group
Before new database is in place, need to:
Identify and correct faulty data
Est. better routines for editing data once database in operation
Data Quality Audit
Structured survey of the accuracy and level of completeness of the data in an info system
Software to detect and correct data that are incorrect, incomplete, improperly formatted or redundant
Types of info systems capabilities you will need to achieve your business objectives
Info elements that they system must produce in order to achier the business objectives
System Design Specification
Description of the main components in a system and relationship to one another
Organizes, stores and processes web site content
When a firm purchases or leases a web server (and has total control over its operation) but locates it in a vendor’s physical facility. Vendor maintains the facility, communications lines and machinery
Testing site as a whole, in way typical user will use it
Arrangement of software, machinery and tasks in an info system needed to achieve a specific functionality
E-commerce system in which a web server responds to requests for web pages and a database server provides backend data storage
Web server is linked to a middle-tier layer that includes series of application servers that perform specific tasks as well as a backend layer of existing corporate systems
Site management tools
Verify that links on pages are still valid and also identify orphan files
Dynamic Page generation
Contents of page are stored as objects in a database, rather than being hard coded in HTML. When user requests a web page, contents for that peg are fetched from database
Web application Server
Software program that provide specific business functionality required of a web site
E-commerce merchant server software
Software that provides the basic functionality needed for online sales, including catalog, order taking, shopping cart and credit card processing
Merchant Server Softwarer Package
Offers integrated environment that provides most or all of functionality and capabilities needed to develop a sophisticated customer-centric site
Open Source Software
Developed by community of programmers and designers and free to use and modify
All underlying computing equipment that the system uses to achieve its functionality
Requires input/output operations rather than heavy-duty processing power
Increasing processing power of individual components
Employing multiple computers to share the workload
CGI (common gateway interface)
set of standards for communication between a browser and program running on a server that allows for interaction between user and server
Active Server Pages
Software development tool that enables programmers using Microsoft’s IIS package to build dynamic pages
Programming language that allows programmers to create interactivity and active content on client computer, saving considerable load on the server
Java Server Pages
Web page coding standard that allows developers to dynamically generate web pages in response to user requests
programming language invented by Netscape that is used to control the objects on an HTML page and handle interactions with the browser
Small, prebuilt chunk of code that executes automatically in your html web page
A set of public statements declaring to your customers how you treat their personal info
Set of design objectives that ensure disabled users can effectively access your sight (handicapped)
Mobile Web Site
Version of a regular desktop web site that is scaled down in content and navigation (most basic)
Responsive Web design
Tools and design principles that automatically adjust the layout of a web site depending on user screen resolution
Mobile Web App
App built to run on the mobile web browser built into a smartphone or tablet computer
App designed specifically to operate using the mobile devices hardware and operating system
Ability to ensure that info being displayed on a website or transmitted or received over the Internet has not been altered in any way by an unauthorized party
Ability to ensure that e-commerce participants do not deny their online actions
Ability to identify the identify of a person or entity with whom you are dealing on the internet
Ability to ensure that messages and data are available only to those who are authorized to view them
Ability to control the use of info about oneself
Ability to ensure that an e-commerce site continues to function as intended
Viruses, worms, ransomware, Trojan horses and bots
Malware that comes with a downloaded file that a user requests
Computer program that has the ability to replicate itself and spread to other files
Designed to spread from computer to computer
Prevents you from accessing your computer or files and demands you pay a fine
Appears to be benign, but then does something other than expected
Feature of malware that allows attacker to remotely access a comprised computer
type of malicious code that can be covertly installed on a computer when connected to the internet, then responds to external commands sent by attacker
PUP (potentially unwanted program)
Installs itself on computer without user’s informed consent
PUP that serves pop-up ads to your computer
program that can monitor and change the settings of a user’s browser
Type of phishing that relies on human curiosity, greed, gullibility in order to trick into taking action that will result in downloading malware
Good hackers who help orbs locate and fix security flaws
Hackers who believe they are pursuing good by breaking in and revealing system flaws
Automatically redirecting a web link to an address different than the intended one, with a site masquerading as the intended desination
Spam (junk) web sites
Link fams, promise to offer products or services, but really just collections of ads
DoS (denial of service)
flooding web site with useless traffic to inundate and overwhelm the network
DDoS (distributed denial of serve)
Using numerous computers to attack the target network from numerous launch points
type of eavesdropping program that monitors info traveling over anetwork
takes advantage of poorly coded web app software that fails to properly validate or filter data entered by a user on a web page
software vulnerability that has been previously unreported and for which no patch yet exists
process of transforming plain text or data into cipher text that can’t be read by anyone other than the sender and receiver
any method for transforming plain text to cipher text
Symmetric Key Encryption
Both sender and receiver use same key to encrypt and decrypt the message
Public Key Cryptography
2 mathematically related digital keys are used; a public key and a private key.
Private is kept secret by owner and public is widely disseminated. Both can be used to encrypt and decrypt, however once key is used to encrypt message, same key can’t be used to unencrypted message
Algorithm that produces a fixed-length number called a has or message digest
Technique that uses symmetric encryption for large documents but public key encryption to encrypt and send the symmetric key
PKI (public key infrastructure)
CAs and digital certificate procedures that are accepted by all parties
PGP (pretty good privacy)
widely used email public key encryption software program
Secure negotiated session
Client-server session in which URL of the requested doc, along with contents, contents of forms and cookies exchanged are encrypted
Hardware or software that filters communication packets and prevents some packets from entering the network based on a security policy
Software server that handles all communications originating from or vein sent to the Internet, acting as a spokesperson or bodyguard for the org
physical device or software that generates an identifier that can be used in addition to or in place of a password
CERT coordination center
monitors and tracks online criminal activity reported to it by private corporations and gov agencies that seek out it is help
period of time between purchase and actual payment
Stored Value Payment System
Account created by depositing funds into an account and from which funds are paid out or withdrawn as needed (Starbucks)