Chapter 9 Questions.docx
《Chapter 9 Questions.docx》由会员分享,可在线阅读,更多相关《Chapter 9 Questions.docx(10页珍藏版)》请在冰豆网上搜索。
Chapter9Questions
IntroductiontoElectronicCommerce,3e(Turban)
Chapter9ElectronicCommerceSecurityandFraudProtection
9.1True/False–13Q
1)AccordingtotheCSIComputerCrimeandSecuritySurvey,firewallswerethemostcommonlyuseddefensetechnologiesin2008.
Answer:
FALSE
Diff:
1PageRef:
332
2)AccordingtotheCSIComputerCrimeSecuritySurvey,themostfrequentlyoccurringcomputerattackswerefromvirusesin2008.
Answer:
TRUE
Diff:
1PageRef:
333
3)TheInternetanditsnetworkprotocolswereneverintendedforusebyuntrustworthypeopleorcriminals.
Answer:
TRUE
Diff:
1PageRef:
334
6)Keystrokeloggingcapturesandrecordsuserkeystrokes.
Answer:
TRUE
Diff:
1PageRef:
335
9)CybercrimesareintentionalcrimescarriedoutontheInternet.
Answer:
TRUE
Diff:
1PageRef:
339
11)AnECsecuritystrategyrequiresmultiplelayersofdefenseagainstrisksfrommalware,fraudsters,customers,andemployees.
Answer:
TRUE
Diff:
1PageRef:
341
12)Detectionmeasuresareactionsthatwillmakecriminalsabandontheirideaofattackingaspecificsystem.
Answer:
FALSE
Diff:
2PageRef:
341
15)InternetfraudhasgrownevenfasterthantheInternetitself.
Answer:
TRUE
Diff:
2PageRef:
348
17)Confidentiality,integrity,andawarenessarethethreecomponentsoftheCIAsecuritytriad.
Answer:
FALSE
Diff:
3PageRef:
353
19)Encryptionalgorithmisthemathematicalformulausedtoencryptplaintextintociphertext,andviceversa.
Answer:
TRUE
Diff:
2PageRef:
357
21)StrongECsecuritymakesonlineshoppingmoreconvenientforcustomers.
Answer:
FALSE
Diff:
2PageRef:
374
22)Shopperscanrelyonfraudprotectionprovidedbycreditcardissuerstoprotectthemfromidentitytheft.
Answer:
FALSE
Diff:
2PageRef:
374
23)Phishingisrampantbecausesomepeoplerespondtoitandmakeitprofitable.
Answer:
TRUE
Diff:
1PageRef:
374
9.2MultipleChoice–8Q
1)WhichofthefollowingistheunderlyingreasonwhycomprehensiveECsecurityisnecessary?
A)TheInternetwasdesignedformaximumefficiencywithoutregardforitssecurityoruserswithmaliciousintent.
B)Theshifttowardprofit-motivatedcrimes
C)SecuritycostsandeffortsfromreactingtoonlineattacksandpayingfordamagesaregreaterthanifanECsecuritystrategyisinplace.
D)ManycompaniesfailtoimplementbasicITsecuritymanagementbestpractices,businesscontinuityplans,anddisasterrecoveryplans.
Answer:
C
Diff:
3PageRef:
336
3)Theprocessofverifyingtherealidentityofanindividual,computer,computerprogram,orECWebsitebestdescribes
A)integrity.
B)availability.
C)authentication.
D)nonrepudiation.
Answer:
C
Diff:
2PageRef:
340
4)Theassurancethatanonlinecustomerortradingpartnercannotfalselydenytheirpurchaseortransactionisreferredtoas
A)integrity.
B)availability.
C)authentication.
D)nonrepudiation.
Answer:
D
Diff:
2PageRef:
340
7)________isthecriminal,fraudulentprocessofattemptingtoacquireconfidentialinformationbymasqueradingasatrustworthyentity.
A)Spamming
B)Pretexting
C)Socialengineering
D)Phishing
Answer:
D
Diff:
2PageRef:
346
8)Assurancethatstoreddatahasnotbeenmodifiedwithoutauthorizationandamessagethatwassentisthesamemessagethatwasreceivedisreferredtoas
A)integrity.
B)availability.
C)authentication.
D)nonrepudiation.
Answer:
A
Diff:
2PageRef:
353
9)ThesuccessandsecurityofECismeasuredby
A)encryption,functionality,andprivacy.
B)quality,reliability,andspeed.
C)authentication,authorization,andnonrepudiation.
D)confidentiality,integrity,andavailability.
Answer:
D
Diff:
3PageRef:
353
12)Fingerprintscanners,facialrecognitionsystems,andvoicerecognitionareexamplesof________thatrecognizeapersonbysomephysicaltrait.
A)biometricsystems
B)humanfirewalls
C)intrusiondetectionsystems
D)accesscontrollists
Answer:
A
Diff:
2PageRef:
356
28)AccordingtoanInformationWeeksurvey,themajorityofsecuritychallengesforcorporationsinclude
A)managingthecomplexityofsecurity.
B)preventingdatabreachesfromoutsideattackers.
C)enforcingsecuritypolicies.
D)alloftheabove.
Answer:
D
Diff:
1PageRef:
372
9.3FillintheBlank–10Q
3)________istheestimatedcost,loss,ordamagethatcanresultifathreatexploitsavulnerability.
Answer:
Exposure
Diff:
1PageRef:
337
4)Anybusinessactivitythatusesdeceitfulpracticesordevicestodepriveanotherofpropertyorotherrightsisknownas________.
Answer:
fraud
Diff:
1PageRef:
337
5)________isacrimewaretechniquetostealtheidentityofatargetcompanytogettheidentitiesofitscustomers.
Answer:
Phishing
Diff:
2PageRef:
337
10)________isaprocesstoverifytherealidentityofanentity,whichcouldbeanindividual,computer,computerprogram,orECWebsite.
Answer:
Authentication
Diff:
2PageRef:
340
11)________istheprocessofdeterminingwhattheauthenticatedentityisallowedtoaccessandwhatoperationsitisallowedtoperform.
Answer:
Authorization
Diff:
2PageRef:
340
12)________istheassurancethatonlinecustomersortradingpartnerscannotfalselydenytheirpurchaseortransaction.
Answer:
Nonrepudiation
Diff:
3PageRef:
340
17)________istheassurancethatdataareaccurateorthatamessagehasnotbeenaltered.
Answer:
Integrity
Diff:
2PageRef:
353
18)________istheassuranceofdataprivacy.
Answer:
Confidentiality
Diff:
2PageRef:
20)________istheprocessofscramblingamessageinsuchawaythatitisdifficult,expensive,ortime-consumingforanunauthorizedpersontounscrambleit.
Answer:
Encryption
Diff:
2PageRef:
357
22)________arebarriersbetweenatrustednetworkorPCandtheuntrustworthyInternet.
Answer:
Firewalls
Diff:
1PageRef:
361
END
9.4Essay
1)Comparecurrentmotivesofhackerstothoseofthepast.
Answer:
IntheearlydaysofEC,manyhackerssimplywantedtogainfameornotorietybydefacingWebsitesorgainingroot,whichmeansgainingunrestrictedaccesstoanetwork.Criminalsandcriminalgangsarenowprofitoriented,andtheirtacticsarenotlimitedtotheonlineworld.
Diff:
1PageRef:
334
2)ListandbrieflydescribethethreecomponentsoftheCIAsecuritytriad.
Answer:
TheCIAtriadincludesconfidentiality,integrity,andavailability.Confidentialityistheassuranceofdataprivacy.Thedataortransmittedmessageisencryptedsothatitisreadableonlybythepersonforwhomitisintended.Theconfidentialityfunctionpreventsunauthorizeddisclosureofinformation.Integrityistheassurancethatdataareaccurateorthatamessagehasnotbeenaltered.Itmeansthatstoreddatahasnotbeenmodifiedwithoutauthorization;amessagethatwassentisthesamemessagethatwasreceived.Availabilityistheassurancethataccesstodata,theWebsite,orotherECdataserviceistimely,available,reliable,andrestrictedtoauthorizedusers.
Diff:
2PageRef:
352-353
3)ListthesixmajorobjectivesofECdefensestrategies.
Answer:
Preventionanddeterrence,detection,containment,recovery,correction,andawarenessandcompliancearethesixobjectives.
Diff:
2PageRef:
354-355
4)Brieflydiscussthefiveencryptioncomponents.
Answer:
Thefivecomponentsareplaintext,encryptionalgorithm,keyorkeyvalue,keyspace,andciphertext.Plaintextistheoriginalmessageordocumentthatiscreatedbytheuserandisinhuman-readableform.Theencryptionalgorithmisthesetofproceduresormathematicalfunctionsusedtoencryptordecryptamessage.Thekeyorkeyvalueisthesecretvalueusedwiththealgorithmtotransformthemessage.Keyspacereferstothelargenumberofpossiblekeyvaluescreatedbythealgorithmtousewhentransformingthemessage.Ciphertextisthemessageordocumentthathasbeenencryptedintounreadableform.
Diff:
2PageRef:
357
5)Brieflydescribefourmajorcomponentsforprotectinginternalinformationflowinsideanorganization.
Answer:
Firewall,virtualprivatenetwork,intrusiondetectionsystem,andhoneynetandhoneypotarefourcomponents.Afirewallisasinglepointbetweentwoormorenetworkswherealltrafficmustpass;thedeviceauthenticates,controls,andlogsalltraffic.AvirtualprivatenetworkisanetworkthatusesthepublicInternettocarryinformationbutremainsprivatebyusingencryptiontoscramblethecommunications,authenticationtoensurethatinformationhasnotbeentamperedwith,andaccesscontroltoverifytheidentityofanyoneusingthenetwork.Intrusiondetectionsystemsareaspecialcategoryofsoftwarethatmonitoractivityacrossanetworkoronahostcomputer,watchforsuspiciousactivity,andtakeautomatedactionbasedonwhatitsees.Ahoneynetisanetworkofhoneypots,andhoneypotsactasdecoysandarewatchedtostudyhownetworkintrusionsoccur.
Diff:
3PageRef:
361-363
升级会员 