电子商务导论英文版2版PPT、教师手册、试题库turban_iec3_tif__6.pdf

1 Introduction to Electronic Commerce,3e(Turban)Chapter 9 Electronic Commerce Security and Fraud Protection 9.1 True/False 1)According to the CSI Computer Crime and Security Survey,firewalls were the most commonly used defense technologies in 2008.Answer:FALSE Diff:1 Page Ref:332 2)According to the CSI Computer Crime Security Survey,the most frequently occurring computer attacks were from viruses in 2008.Answer:TRUE Diff:1 Page Ref:333 3)The Internet and its network protocols were never intended for use by untrustworthy people or criminals.Answer:TRUE Diff:1 Page Ref:334 4)The Internet was designed for maximum efficiency and security by providing for error checking to ensure that the message was sent and received correctly.Answer:FALSE Diff:2 Page Ref:334 5)The motives of hackers have shifted from the desire for fame and notoriety to advancing personal and political agendas.Answer:FALSE Diff:2 Page Ref:334 6)Keystroke logging captures and records user keystrokes.Answer:TRUE Diff:1 Page Ref:335 7)Information security departments with huge workloads and limited budgets optimize their EC security programs for efficiency and tend to work strategically.Answer:FALSE Diff:2 Page Ref:336 8)Social engineering is an example of an unintentional threat.Answer:FALSE Diff:2 Page Ref:337 2 9)Cybercrimes are intentional crimes carried out on the Internet.Answer:TRUE Diff:1 Page Ref:339 10)Authentication provides the means to reconstruct what specific actions have occurred and may help EC security investigators identify the person or program that performed unauthorized actions.Answer:FALSE Diff:2 Page Ref:340 11)An EC security strategy requires multiple layers of defense against risks from malware,fraudsters,customers,and employees.Answer:TRUE Diff:1 Page Ref:341 12)Detection measures are actions that will make criminals abandon their idea of attacking a specific system.Answer:FALSE Diff:2 Page Ref:341 13)Propagation method and payload are the two components of a virus.Answer:TRUE Diff:1 Page Ref:342 14)Worms cannot spread via instant messages.Answer:FALSE Diff:2 Page Ref:343 15)Internet fraud has grown even faster than the Internet itself.Answer:TRUE Diff:2 Page Ref:348 16)Honeypots are blogs created solely for marketing purposes.Answer:FALSE Diff:2 Page Ref:351 17)Confidentiality,integrity,and awareness are the three components of the CIA security triad.Answer:FALSE Diff:3 Page Ref:353 18)Access control involves authorization and authentication.Answer:TRUE Diff:2 Page Ref:355 3 19)Encryption algorithm is the mathematical formula used to encrypt plaintext into ciphertext,and vice versa.Answer:TRUE Diff:2 Page Ref:357 20)An intrusion detection system uses the public Internet to carry information but remains private by using encryption,authentication,and access control to verify the identity of anyone using the network.Answer:FALSE Diff:3 Page Ref:363 21)Strong EC security makes online shopping more convenient for customers.Answer:FALSE Diff:2 Page Ref:374 22)Shoppers can rely on fraud protection provided by credit card issuers to protect them from identity theft.Answer:FALSE Diff:2 Page Ref:374 23)Phishing is rampant because some people respond to it and make it profitable.Answer:TRUE Diff:1 Page Ref:374 24)Preventing vulnerability during the EC design and pre-implementation stage is far more expensive than mitigating problems later.Answer:FALSE Diff:2 Page Ref:374 25)Due care in EC is those actions that a company is reasonably expected to take based on the risks affecting its business and transactions.Answer:TRUE Diff:2 Page Ref:375 9.2 Multiple Choice 1)Which of the following is the underlying reason why comprehensive EC security is necessary?A)The Internet was designed for maximum efficiency without regard for its security or users with malicious intent.B)The shift toward profit-motivated crimes C)Security costs and efforts from reacting to crises and paying for damages are greater than if an EC strategy is in place.D)Many companies fail to implement basic IT security management best practices,business continuity plans,and disaster recovery plans.Answer:C Diff:3 Page Ref:336 4 2)The probability that a vulnerability will be known and used best describes A)risk.B)security breach.C)exposure.D)access point.Answer:A Diff:2 Page Ref:337 3)The process of verifying the real identity of an individual,computer,computer program,or EC Web site best describes A)integrity.B)availability.C)authentication.D)nonrepudiation.Answer:C Diff:2 Page Ref:340 4)The assurance that an online customer or trading partner cannot falsely deny their purchase or transaction is referred to as A)integrity.B)availability.C)authentication.D)nonrepudiation.Answer:D Diff:2 Page Ref:340 5)The protection of information systems against unauthorized access to or modification of information that is stored,processed,or being sent over a network is referred to as A)information assurance.B)data integrity.C)information integrity.D)packet protection.Answer:A Diff:2 Page Ref:341 6)A botnet is A)a huge number of hijacked Internet computers that have been set up to forward traffic,including spam and viruses,to other computers on the Internet.B)a piece of software code that inserts itself into a host or operating system to launch DOS attacks.C)a piece of code in a worm that spreads rapidly and exploits some known vulnerability.D)a production system that looks like it does real work,but that acts as a decoy and is watched to study how network intrusions occur.Answer:A Diff:2 Page Ref:345 5 7)_ is the criminal,fraudulent process of attempting to acquire confidential information by masquerading as a trustworthy entity.A)Spamming B)Pretexting C)Social engineering D)Phishing Answer:D Diff:2 Page Ref:346 8)Assurance that stored data has not been modified without authorization and a message that was sent is the same message that was received is referred to as A)integrity.B)availability.C)authentication.D)nonrepudiation.Answer:A Diff:2 Page Ref:353 9)The success and security of EC is measured by A)encryption,functionality,and privacy.B)quality,reliability,and speed.C)authentication,authorization,and nonrepudiation.D)confidentiality,integrity,and availability.Answer:D Diff:3 Page Ref:353 10)The mechanism that determines who can legitimately use a network resource best describes A)access control.B)confidentiality.C)key encryption.D)digital envelope.Answer:A Diff:1 Page Ref:355 11)Each of the following is a true statement about access control except:A)Access control determines which persons,programs,or machines can legitimately use a network resource and which resources he,she,or it can use.B)Access control lists(ACLs)define users rights,such as what they are allowed to read,view,write,print,copy,delete,execute,modify,or move.C)All resources need to be considered together to identify the rights of users or categories of users.D)After a user has been identified,the user must be authenticated.Answer:C Diff:2 Page Ref:355-356 6 12)Fingerprint scanners,facial recognition systems,and voice recognition are examples of _ that recognize a person by some physical trait.A)biometric systems B)human firewalls C)intrusion detection systems D)access control lists Answer:A Diff:2 Page Ref:356 13)Encryption components include each of the following except A)encryption algorithm.B)key value.C)ciphertext.D)internal control environment.Answer:D Diff:2 Page Ref:357 14)A scheme for securing e-payments using public key encryption and various technical components best describes A)message digesting.B)Data Encryption Standard.C)public key infrastructure.D)key space.Answer:C Diff:2 Page Ref:358 15)A method of encryption that uses a pair of matched keys,including a public key to encrypt a message and a private key to decrypt it,describes A)data encryption standard.B)public asymmetric key encryption.C)symmetric private key encryption.D)paired key encryption.Answer:B Diff:2 Page Ref:358 16)Security functions or characteristics of digital signatures include each of the following except:A)A digital signature is the electronic equivalent of a personal signature,which can be forged.B)Digital signatures are based on public keys for authenticating the identity of the sender of a message or document.C)Digital signatures ensure that the original content of an electronic message or document is unchanged.D)Digital signatures are portable.Answer:A Diff:3 Page Ref:359 7 17)A summary of a message,converted into a string of digits after the hash has been applied,best describes A)digital signature.B)hash.C)message digest.D)digital envelope.Answer:C Diff:2 Page Ref:359 18)The combination of the encrypted original message and the digital signature,using the recipients public key,best describes A)digital envelope.B)message digest.C)hash.D)digital signature.Answer:A Diff:2 Page Ref:359 19)The _ was invented by Netscape to use standard certificates for authentication and data encryption to ensure privacy or confidentiality.A)certificate authority B)public key infrastructure C)secure socket layer D)digital envelope Answer:C Diff:2 Page Ref:361 20)Which of the following is not an advantage of virtual private networks(VPN)for data communications?A)They are less expensive than private leased lines because they use the public Internet to carry information.B)They ensure the confidentiality and integrity of the data transmitted over the Internet without requiring encryption.C)They can reduce communication costs dramatically because VPN equipment is cheaper than other remote solutions.D)Remote users can use broadband connections rather than make long distance calls to access an organizations private network.Answer:B Diff:3 Page Ref:362 8 21)A method used to ensure confidentiality and integrity of data transmitted over the Internet by encrypting data packets,sending them in packets across the Internet,and decrypting them at the destination address best describes A)packet control.B)transport layer security.C)protocol tunneling.D)packet segmentation.Answer:C Diff:2 Page Ref:362 22)A special category of software that can monitor activity across a network or on a host computer,watch for suspicious activity,and take automated action based on what it sees best describes A)honeynet.B)intrusion detection system.C)firewall.D)virtual private network.Answer:B Diff:2 Page Ref:363 23)Which of the following are controls established to protect the system regardless of the application?A)general controls B)application controls C)broad controls D)systems controls Answer:A Diff:2 Page Ref:364 24)A method of evaluating the security of a computer system or a network by simulating an attack from a malicious source best describes A)beta test.B)stress test.C)penetration test.D)intrusion test.Answer:C Diff:2 Page Ref:364 25)Software applications that have some degree of reactivity,autonomy,and adaptability best describes A)EC avatars.B)EC bots.C)worms.D)intelligent agents.Answer:D Diff:2 Page Ref:365 26)The work atmosphere that a company sets for its employees describes 9 A)acceptable use policy.B)internal control environment.C)internal politics.D)standard of due care.Answer:B Diff:2 Page Ref:366 27)A law that makes it a crime to send commercial e-mail messages with false or misleading message headers or misleading subject lines is A)EEA.B)DCMA.C)SSL.D)CAN-SPAM.Answer:D Diff:2 Page Ref:367 28)According to an InformationWeek survey,the majority of security challenges for corporations include A)managing the complexity of security.B)preventing data breaches from outside attackers.C)enforcing security policies.D)all of the above.Answer:D Diff:1 Page Ref:372 29)Which of the following is a policy that informs users of their responsibilities when using company networks,wireless devices,and customer data?A)business impact analysis B)business plan C)acceptable use policy D)EC security program Answer:C Diff:2 Page Ref:373 30)The key reasons why EC criminals cannot be stopped include each of the following except:A)Sophisticated hackers use browsers to crack into Web sites.B)Strong EC security makes online shopping inconvenient and demanding on customers.C)There is lack of cooperation from credit card issuers and foreign ISPs.D)Online shoppers do not take necessary precautions to avoid becoming a victim.Answer:A Diff:2 Page Ref:374 10 9.3 Fill in the Blank 1)Computer security categories include _,_,and _.Answer:threats,defenses,management Diff:3 Page Ref:336 2)A _ is a plan that keeps the business running after a disaster occurs.Answer:business continuity plan Diff:2 Page Ref:337 3)_ is the estimated cost,loss,or damage that can result if a threat exploits a vulnerability.Answer:Exposure Diff:1 Page Ref:337 4)Any business activity that uses deceitful practices or devices to deprive another of property or other rights is known as _.Answer:fraud Diff:1 Page Ref:337 5)_ is a crimeware technique to steal the identity of a target company to get the identities of its customers.Answer:Phishing Diff:2 Page Ref:337 6)_ is a nontechnical attack that uses a ruse to trick users into revealing information or performing an action that compromises a computer or network.Answer:Social engineering Diff:2 Page Ref:337 7)_ are computers infected with malware that are under the control of a spammer,hacker,or other criminal.Answer:Zombies Diff:2 Page Ref:338 8)_ are weaknesses in software or other mechanisms that threaten the confidentiality,integrity,or availability of an asset.Answer:Vulnerabilities Diff:2 Page Ref:338 9)A _ is a malicious hacker who may represent a serious problem for a corporation.Answer:cracker Diff:2 Page Ref:339 11 10)_ is a process to verify the real identity of an entity,which could be an individual,computer,computer program,or EC Web site.Answer:Authentication Diff:2 Page Ref:340 11)_ is the process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform.Answer:Authorization Diff:2 Page Ref:340 12)_ is the assurance that online customers or trading partners cannot falsely deny their purchase or transaction.Answer:Nonrepudiation Diff:3 Page Ref:340 13)_ is the protection of information systems against unauthorized access to or modification of information whether in storage,processing,or in transit,and against the denial of service to authorized users,including those measures necessary to detect,document,and counter such threats.Answer:Information assurance Diff:2 Page Ref:341 14)A _ attack is an attack on a Web site in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources.Answer:denial of service Diff:2 Page Ref:344 15)A _ is a program that appears to have a useful function but contains a hidden function that presents a security risk.Answer:Trojan horse Diff:2 Page Ref:344 16)A _ is a huge number of hijacked Internet computers that have been set up to forward traffic,including spam and viruses,to other computers on the Internet.Answer:bo