e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the context of computer security. 2. JavaScript and VBScript are examples of active content forms. 3. When Java applets are run within the constraints of the sandbox, they have full access to the client system. 4. Zombie attacks can be traced back to their creators very easily. 5. Message packets on the Internet travel a planned path from a source node to a destination node. 6. One significant threat to electronic commerce is theft of sensitive or personal information. 7. JavaScript programs, like Java applets, operate under the restrictions of the Java sandbox security model. 8. Any message traveling on the Internet is subject to secrecy, integrity, and necessity threats. 9. Cryptography can be used to hide text. 10. Threats that are deemed low risk and unlikely to occur can be ignored when the cost to protect against the threat exceeds the value of the protected asset. 11. Absolute security is relatively easy to achieve. 12. JavaScript cannot be used to record the URLs of Web pages a user visits. 13. Java is a programming language used widely in Web pages to provide active content. 14. When a Windows-based Web browser downloads a Web page containing an embedded ActiveX control, the control is executed on the client computer. 15. A hash algorithm uses a secret key. 16. Worms can spread quickly through the Internet. 17. Applets typically run within the Web browser. 18. A digital certificate for software can attest to the quality of the software. 19. Digital certificates can be forged very easily. 20. Digital certificates never expire. 21. Active content is launched in a Web browser automatically when that browser loads a Web page containing active content. 22. The most complete way for Web site visitors to protect themselves from revealing private information or being tracked by cookies is to disable cookies entirely. 23. Secrecy protection is a legal matter. 24. E-mail secrecy issues address whether company supervisors should be permitted to read employees messages randomly. 25. A computer that has experienced a necessity threat slows processing to an intolerably slow speed. 26. The shorter the session key, the more resistant the encryption is to attack.
27. A Web browser that has entered into an SSL session indicates that it is in an encrypted session. 28. Developers use active content because it extends the functionality of HTML and moves some data processing chores from the busy server machine to the user s client computer. 29. Backdoor programs can read e-mail messages and unencrypted Web client-server message traffic such as user logins, passwords, and credit card numbers. 30. Both Code Red and Nimda are examples of a multi-vector worm. Multiple Choice Identify the letter of the choice that best completes the statement or answers the question. 31. is the protection of computer assets from unauthorized access, use, alteration, or destruction. a. Computer security c. Computer damage b. Computer risk d. Digital signature 32. security includes tangible protection devices, such as alarms, guards, fireproof doors, security fences, safes or vaults, and bombproof buildings. a. Logical c. General b. Physical d. Standard 33. Any act or object that poses a danger to computer assets is known as a(n). a. damage c. threat b. risk d. accident 34. Which of the following is a person or device that is able to listen in on and copy Internet transmissions? a. eavesdropper c. dropper b. controller d. listener 35. refers to protecting against unauthorized data disclosure and ensuring the authenticity of the data source. a. Necessity c. Integrity b. Secrecy d. Harmony 36. Which of the following refers to preventing unauthorized data modification? a. integrity c. necessity b. secrecy d. completeness 37. Which of the following refers to preventing data delays or denials? a. integrity c. necessity b. secrecy d. readiness 38. A(n) is a written statement describing which assets to protect and why they are being protected, who is responsible for that protection, and which behaviors are acceptable and which are not. a. risk management outline c. security policy b. security mission d. security subject 39. refers to programs that are embedded transparently in Web pages and that cause action to occur. a. Action page c. Home page b. Active content d. Activity control 40. A(n) is a small application program. a. applet c. cipher b. buffer d. procedure 41. A(n) is a program hidden inside another program or Web page that masks its true purpose. a. mask program c. hidden route b. Trojan horse d. insider program 42. Java is a programming language developed by.
a. Microsoft c. Oracle b. IBM d. Sun Microsystems 43. The is a special security model that confines Java applet actions to a set of rules defined by the security model. a. security box c. Java sandbox b. Java model d. Java++ 44. Which of the following is an object that contains programs and properties that Web designers place on Web pages to perform particular tasks? a. objective c. ActiveX control b. Java++ d. plug-in 45. ActiveX controls can run on computers running the operating system. a. Windows c. UNIX b. Linux d. Mac 46. A(n) is software that attaches itself to another program and can cause damage when the host program is activated. a. applet c. virus b. cookie d. message digest 47. A(n) is a type of virus that replicates itself on computers that it infects. a. worm c. session b. cookie d. message digest 48. The term describes the process of hiding information within another piece of information. a. ACL c. firewall b. steganography d. decryption 49. provides a way of hiding an encrypted file within another file so that a casual observer cannot detect that there is anything of importance in the container file. a. ACL c. Steganography b. Decryption d. Firewall 50. is the protection of individual rights to nondisclosure. a. Secrecy c. Security b. Privacy d. Sensitivity 51. Special software applications called provide the means to record information that passes through a computer or router that is handling Internet traffic. a. intruder programs c. sniffer programs b. copier programs d. backdoor programs 52. A(n) allows anyone with knowledge of its existence to cause damage by observing transactions, deleting data, or stealing data. a. sniffer c. auditor b. backdoor d. opener 53. The Web site provides a measure of secrecy to Web surfers who use the site as a portal. a. Anonymizer c. Amazon b. Yahoo! d. CNN 54. A(n) exists when an unauthorized party can alter a message stream of information. a. secrecy threat c. integrity threat b. privacy threat d. necessity threat 55. Which of the following is the electronic defacing of an existing Web site s page? a. encryption c. cybersquatting b. steganography d. cybervandalism 56. is pretending to be someone you are not or representing a Web site as an original when it is really a fake.
a. Hash coding c. Cybersquatting b. Spoofing d. Warchalking 57. A Web server can compromise if it allows automatic directory listings. a. necessity c. secrecy b. integrity d. wardrivers 58. A(n) is an area of memory set aside to hold data read from a file or database. a. RAM c. buffer b. cookie d. main memory 59. A(n) attack occurs when hundreds or even thousands of people each send a message to a particular address. a. mail bomb c. nuisance b. mass mail d. e-mail 60. Protection of assets using nonphysical means is called. a. countermeasure c. secrecy policy b. logical security d. continuity plan 61. People who write programs or manipulate technologies to obtain unauthorized access to computers and networks are called. a. eavesdropper c. white hat hackers b. crackers d. wardrivers 62. Originally, the term was used to describe a dedicated programmer who enjoyed writing complex code that tested the limits of technology. a. eavesdropper c. cracker b. hacker d. wardriver 63. A(n) only purpose is to provide a way for a Web site to place cookies on a visitor s computer. a. ACL s c. Web bug s b. digital ID s d. gateway server s 64. Exploits that capture confidential customer information are called. a. PGP c. warchalking b. eavesdropping expeditions d. phishing expeditions 65. The purpose of a(n) threat is to disrupt normal computer processing. a. privacy c. secrecy b. necessity d. integrity 66. What kind of attack removes information altogether, or deletes information from a transmission or file? a. backdoor c. DoS b. spoof d. zombie 67. encryption encodes messages by using two mathematically related numeric keys. a. Physical c. Symmetric b. Asymmetric d. Logical 68. One of the most popular technologies used to implement public-key encryption today is called. a. AES c. PGP b. VeriSign d. ACL 69. was invented in 1991 by Phil Zimmerman. a. PGP c. ACL b. AES d. VeriSign 70. encryption encodes a message with one of several available algorithms that use a single numeric key to encode and decode data. a. PGP c. Asymmetric b. Symmetric d. AEC