Chapter 10 Web Site Original When Really Fake a Hash

Chapter 10: Electronic Commerce Security

1. Threats that are unlikely to occur can be ignored when the cost to protect against the threat exceeds the value of the

protected asset.

a.

True

b.

False

True

1

Easy

10.01

United States – BUSPROG: Technology

Bloom’s: Knowledge

2. In the context of the elements of computer security, necessity refers to preventing data delays or denials.

a.

True

b.

False

True

1

Easy

10.01

United States – BUSPROG: Technology

Bloom’s: Knowledge

3. Networks outside a firewall are referred to as trusted networks.

a.

True

b.

False

1

Easy

10.05

United States – BUSPROG: Technology

Bloom’s: Knowledge

4. The most complete way for Web site visitors to protect themselves from revealing private information or being tracked

by cookies is to disable cookies entirely.

a.

True

b.

False

True

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

5. Active content elements are programs that run on the server.

a.

True

b.

False

Chapter 10: Electronic Commerce Security

False

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

6. Active content can pose a threat to the security of client devices.

a.

True

b.

False

True

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

7. People who write programs or manipulate technologies to obtain unauthorized access to computers and networks

are called crackers.

a.

True

b.

False

True

1

Easy

10.01

United States – BUSPROG: Technology

Bloom’s: Knowledge

8. Active content is launched in a Web browser automatically prior to the browser loading the Web page containing active

content.

a.

True

b.

False

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

9. Applets typically run within the Web browser and are most often written in the Java programming language.

a.

True

b.

False

True

1

Easy

10. Java applets operating in a sandbox can perform file input, output, or delete operations.

a.

True

b.

False

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

11. Active content can be delivered as an e-mail attachment.

a.

True

b.

False

True

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

12. A Trojan horse erasing or altering information in a client computer is said to be a secrecy violation.

a.

True

b.

False

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

13. Persistent cookies refer to the category of cookies which exist until the Web client ends the connection.

a.

True

b.

False

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

14. Worms can spread quickly through the Internet.

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

Chapter 10: Electronic Commerce Security

a.

True

b.

False

True

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

15. Signed code or messages serve the same function as a photo on a driver’s license or passport.

a.

True

b.

False

True

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

16. A digital certificate contains a means to send an encrypted message to the entity that sent the original Web page or e-

mail message.

a.

True

b.

False

True

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

17. Message packets on the Internet travel a planned path from a source node to a destination node.

a.

True

b.

False

1

Easy

10.07

United States – BUSPROG: Technology

Bloom’s: Knowledge

18. Any message traveling on the Internet is subject to secrecy, integrity, and necessity threats.

a.

True

b.

False

True

1

19. One significant threat to electronic commerce is theft of sensitive or personal information.

a.

True

b.

False

True

1

Easy

10.07

United States – BUSPROG: Technology

20. The path taken by a message packet from a source node to a destination node can be controlled by Internet users.

a.

True

b.

False

1

Easy

10.07

United States – BUSPROG: Technology

21. Backdoor is a program that protects information from unauthorized access.

a.

True

b.

False

1

Easy

10.07

Bloom’s: Knowledge

22. The Computer Emergency Response Team (CERT) is the most prominent organization that promotes computer

security.

a.

True

b.

False

True

1

Easy

10.06

Bloom’s: Knowledge

Easy

10.07

Bloom’s: Knowledge

23. One disadvantage of private-key systems is that encryption and decryption are significantly slower than public-key

systems.

a.

True

b.

False

1

Moderate

10.07

United States – BUSPROG: Technology

Bloom’s: Knowledge

24. In the context of encryption, shorter keys usually provide significantly better protection than longer keys.

a.

True

b.

False

1

Moderate

10.03

United States – BUSPROG: Technology

Bloom’s: Comprehension

25. A Web browser that has entered into a Secure Socket Layer session indicates that it is in an encrypted session.

a.

True

b.

False

True

1

Easy

10.07

United States – BUSPROG: Technology

Bloom’s: Knowledge

26. _____ is the protection of computer assets from unauthorized access, use, alteration, or destruction.

a.

Computer security

b.

Computer risk

c.

Spamming

d.

Phishing

1

Easy

10.01

United States – BUSPROG: Technology

Bloom’s: Knowledge

27. Any act or object that poses a danger to computer assets is known as a _____.

a.

countermeasure

b.

bug

c.

threat

d.

code

Chapter 10: Electronic Commerce Security

1

Easy

10.01

United States – BUSPROG: Technology

Bloom’s: Knowledge

28. In the context of computer security, the protection of assets using nonphysical means is called _____.

a.

eavesdropping

b.

logical security

c.

tangible security

d.

phishing

b

1

Easy

10.01

United States – BUSPROG: Technology

Bloom’s: Knowledge

29. A(n) _____ is a person or device that is able to listen in on and copy Internet transmissions.

a.

eavesdropper

b.

white hat hacker

c.

black hat hacker

d.

cracker

1

Easy

United States – BUSPROG: Technology

Bloom’s: Knowledge

30. _____ are computer sleuths who are hired to probe PCs and locate information that can be used in legal proceedings.

a.

Wardrivers

b.

Computer forensics experts

c.

Crackers

d.

Hackers

b

1

Easy

10.06

Bloom’s: Knowledge

31. _____ refers to protecting against unauthorized data disclosure and ensuring the authenticity of the data source.

a.

Necessity

b.

Secrecy

c.

Integrity

d.

Encryption

b

1

Easy

10.01

32. _____ refers to preventing unauthorized data modification.

a.

Integrity

b.

Secrecy

c.

Necessity

d.

Completeness

1

Easy

10.01

United States – BUSPROG: Technology

Bloom’s: Knowledge

33. A _____ is a written statement describing which assets to protect and why they are being protected, who is responsible

for that protection, and which behaviors are acceptable and which are not.

a.

plain text

b.

cypher text

c.

security policy

d.

digital signature

1

Easy

10.04

United States – BUSPROG: Technology

Bloom’s: Knowledge

34. The purpose of a _____ is to provide a way for a third-party Web site to place cookies from that third-party site on a

visitor’s computer.

a.

personal firewall

b.

digital certificate

c.

Web bug

d.

gateway server

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

35. JavaScript and VBScript are _____, which provide commands that are executed on the client.

a.

plug-ins

b.

scripting languages

c.

Web bugs

d.

session cookies

b

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

United States – BUSPROG: Technology

Bloom’s: Knowledge

36. A(n) _____ is a small application program that typically runs within a Web browser.

a.

applet

b.

buffer

c.

white hat hacker

d.

black hat hacker

1

Easy

10.01

United States – BUSPROG: Technology

Bloom’s: Knowledge

37. A _____ is a program hidden inside another program or Web page that masks its true purpose.

a.

remote wipe

b.

Trojan horse

c.

digital certificate

d.

wardriver

b

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

38. In the context of categorizing cookies in terms of their time duration, _____ are cookies which exist until the Web

client ends the connection.

a.

first-party cookies

b.

persistent cookies

c.

third-party cookies

d.

session cookies

d

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

39. A(n) _____ is an object that contains programs and properties that Web designers place on Web pages to perform

particular tasks.

a.

persistent cookie

b.

dead link

c.

ActiveX control

d.

session cookie

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

40. ActiveX controls run only on computers with _____ operating systems.

a.

Windows

b.

Linux

c.

UNIX

d.

Mac

Chapter 10: Electronic Commerce Security

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

41. A(n) _____ is a software that attaches itself to another program and can cause damage when the host program is

activated.

a.

applet

b.

browser plug-in

c.

virus

d.

message digest

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

42. The term _____ describes the process of hiding information within another piece of information.

a.

wiretapping

b.

steganography

c.

authentication

d.

decryption

b

1

Easy

10.03

United States – BUSPROG: Technology

Bloom’s: Knowledge

43. _____ is the protection of individual rights to nondisclosure.

a.

Secrecy

b.

Privacy

c.

Necessity

d.

Sensitivity

b

1

Easy

10.07

United States – BUSPROG: Technology

Bloom’s: Knowledge

44. Software applications called _____ provide the means to record information that passes through a computer or router

that is handling Internet traffic.

a.

remote wipes

b.

digital certificates

c.

sniffer programs

d.

plug-ins

1

Easy

45. A _____ is an element of a program that allows users to run the program without going through the normal

authentication procedure for access to the program.

a.

rogue app

b.

backdoor

c.

worm

d.

remote wipe

b

1

Easy

10.07

United States – BUSPROG: Technology

Bloom’s: Knowledge

46. _____ is the electronic defacing of an existing Web site’s page.

a.

Spamming

b.

Masquerading

c.

Phishing

d.

Cybervandalism

d

1

Easy

10.07

United States – BUSPROG: Technology

Bloom’s: Knowledge

47. _____ is pretending to be someone you are not or representing a Web site as an original when it is really a fake.

a.

Hash coding

b.

Spoofing

c.

Warchalking

d.

Cybervandalism

b

1

Easy

10.07

United States – BUSPROG: Technology

Bloom’s: Knowledge

48. _____ encodes a message with an algorithm that uses a single numeric key to encode and decode data.

a.

Hash coding

b.

Symmetric encryption

c.

Public-key encryption

d.

Decrypting

b

1

Easy

10.07

United States – BUSPROG: Technology

Bloom’s: Knowledge

10.07

United States – BUSPROG: Technology

Bloom’s: Knowledge

49. A _____ is a number that summarizes an encrypted information.

a.

digital certificate

b.

hash function

c.

message digest

d.

hash algorithm

Easy

10.07

United States – BUSPROG: Technology

Bloom’s: Knowledge

50. A _____ is an area of memory set aside to hold data read from a file or database.

a.

firewall

b.

cookie

c.

buffer

d.

worm

1

10.05

United States – BUSPROG: Technology

Bloom’s: Knowledge

51. A(n) _____ is a procedure that recognizes, reduces, or eliminates a threat.

1

Easy

United States – BUSPROG: Technology

Bloom’s: Knowledge

52. A(n) _____ occurs when an Internet e-mail message is intercepted and its contents are changed before it is forwarded

to its original destination.

integrity violation

1

10.01

United States – BUSPROG: Technology

Bloom’s: Knowledge

53. The purpose of a(n) _____ is to disrupt normal computer processing, or deny processing entirely.

denial-of-service

1

54. In the context of elements of a security policy, _____ refers to the secure identification of clients and servers with

digital signatures and certificates.

55. Cookies placed on a client computer by a Web server site are called _____.

56. Cookies are categorized as session or persistent based on _____.

57. First-party cookies and third-party cookies represent classification of cookies by their _____.

58. A(n) _____ cookie originates from a Web site other than the site being visited.

59. When a Trojan horse has taken over a large number of computers, the person who planted the virus can take control

of all the computers and form a(n) _____.

60. Most browsers allow users to limit the actions taken by Java applets and scripting languages by running them in a(n)

_____, which is a functional subset of the full browser.

61. A(n) _____ is a Trojan horse that secretly takes over another computer for the purpose of launching attacks on other

computers.

62. A(n) _____ is a type of virus that replicates itself on the computers that it infects.

63. Browser _____ are programs that enhance the capabilities of browsers, handle Web content that a browser cannot

handle.

64. A(n) _____ is an attachment to an e-mail message or program embedded in a Web page that verifies that the sender or

Web site is who it claims to be.

65. A(n) _____ is usually a long binary number that is used with the encryption algorithm to “lock” the characters of the

message being protected so that they are undecipherable without the number.

66. A(n) _____ security device is one that uses an element of a person’s biological makeup to perform identification.

67. Apps that contain malware or that collect information from a mobile device and forward it to perpetrators are called

_____.

68. An integrity threat, also known as _____, exists when an unauthorized party can alter a message stream of

information.

69. _____ are the computers on the Internet that maintain directories that link domain names to IP addresses.

United States – BUSPROG: Technology

70. In some cities that have large concentrations of wireless networks, attackers, called _____, drive around in cars using

their wireless-equipped laptop computers to search for accessible networks.

United States – BUSPROG: Technology

71. _____ is the coding of information by using a mathematically based program and a secret key to produce a string of

characters that is unintelligible.

Bloom’s: Knowledge

72. The science that studies encryption is called _____.

United States – BUSPROG: Technology

73. The program that transforms normal text into cipher text is called a(n) _____.

encryption program

United States – BUSPROG: Technology

74. _____ encryption encodes messages by using two mathematically related numeric keys.

Chapter 10: Electronic Commerce Security

75. The process of proposing and accepting various transmission conditions is called _____.

76. Briefly describe the requirements for secure electronic commerce.

77. Describe the security dangers inherent in ActiveX controls.

78. What is the difference between a virus and a worm?

79. What are the six main elements included on a digital certificate?

80. How is a buffer vulnerable to security threats?