e-commerce Study Guide Test 2. Security Chapter 10

Similar documents
CHAPTER 8 SECURING INFORMATION SYSTEMS

Chapter 19 Security. Chapter 19 Security

The Tension. Security vs. ease of use: the more security measures added, the more difficult a site is to use, and the slower it becomes

Most Common Security Threats (cont.)

19.1. Security must consider external environment of the system, and protect it from:

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

Hacking Terminology. Mark R. Adams, CISSP KPMG LLP

Securing Information Systems

Securing Information Systems

Chapter 10: Security and Ethical Challenges of E-Business

CTS2134 Introduction to Networking. Module 08: Network Security

Securing Information Systems

E-Commerce/Web Security

Introduction and Overview. Why CSCI 454/554?

Security and Authentication

Network Security Issues and Cryptography

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Guide to Network Security First Edition. Chapter One Introduction to Information Security

Distributed Systems. Lecture 14: Security. Distributed Systems 1

itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공

Online Threats. This include human using them!

Distributed Systems. Lecture 14: Security. 5 March,

The Security Problem

2. INTRUDER DETECTION SYSTEMS

Introduction to Computing

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

Protection and Security. Sarah Diesburg Operating Systems CS 3430

Chapter 15: Security. Operating System Concepts 8 th Edition,

Verteilte Systeme (Distributed Systems)

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

KALASALINGAM UNIVERSITY

Linux Network Administration

Introduction to SSL. Copyright 2005 by Sericon Technology Inc.

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Security and Privacy

Computers and Security

4 Information Security

Chapter 15: Security. Chapter 15: Security

Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright Chapter 12 1

Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Malware, , Database Security

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

Protection and Security

SE420 Software Quality Assurance

Chapter 4. Network Security. Part I

Overview. SSL Cryptography Overview CHAPTER 1

Security: Focus of Control. Authentication

E-Commerce Security Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al.

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

BEST PRACTICES FOR PERSONAL Security

Module 20: Security. The Security Problem Authentication Program Threats System Threats Threat Monitoring Encryption. Operating System Concepts 20.

Firewalls 1. Firewalls. Alexander Khodenko

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Cryptographic Concepts

Technology in Action

Discovering Computers Living in a Digital World

Define information security Define security as process, not point product.

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Authenticating on a Ham Internet

14. Internet Security (J. Kurose)

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Ethical Hacking and Prevention

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

WHITE PAPER. Secure communication. - Security functions of i-pro system s

Lecture 12. Application Layer. Application Layer 1

(2½ hours) Total Marks: 75

Network Fundamentals. Chapter 7: Networking and Security 4. Network Fundamentals. Network Architecture

CS Final Exam

Network Integration Guide Planning

COMPUTER NETWORK SECURITY

Application Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations

MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.

Authentication CHAPTER 17

Wireless Attacks and Countermeasures


key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Security: Focus of Control

A policy that the user agrees to follow before being allowed to access a network.

How Secured2 Uses Beyond Encryption Security to Protect Your Data

CERT-In. Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES

CS Paul Krzyzanowski

Computer Security Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2018

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

INF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Wireless LAN Security (RM12/2002)

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Ethical Hacking and Countermeasures V7

SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

NETWORK SECURITY & CRYPTOGRAPHY

Elementary Computing CSC 100. M. Cheng, Computer Science

Transcription:

e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the context of computer security. 2. JavaScript and VBScript are examples of active content forms. 3. When Java applets are run within the constraints of the sandbox, they have full access to the client system. 4. Zombie attacks can be traced back to their creators very easily. 5. Message packets on the Internet travel a planned path from a source node to a destination node. 6. One significant threat to electronic commerce is theft of sensitive or personal information. 7. JavaScript programs, like Java applets, operate under the restrictions of the Java sandbox security model. 8. Any message traveling on the Internet is subject to secrecy, integrity, and necessity threats. 9. Cryptography can be used to hide text. 10. Threats that are deemed low risk and unlikely to occur can be ignored when the cost to protect against the threat exceeds the value of the protected asset. 11. Absolute security is relatively easy to achieve. 12. JavaScript cannot be used to record the URLs of Web pages a user visits. 13. Java is a programming language used widely in Web pages to provide active content. 14. When a Windows-based Web browser downloads a Web page containing an embedded ActiveX control, the control is executed on the client computer. 15. A hash algorithm uses a secret key. 16. Worms can spread quickly through the Internet. 17. Applets typically run within the Web browser. 18. A digital certificate for software can attest to the quality of the software. 19. Digital certificates can be forged very easily. 20. Digital certificates never expire. 21. Active content is launched in a Web browser automatically when that browser loads a Web page containing active content. 22. The most complete way for Web site visitors to protect themselves from revealing private information or being tracked by cookies is to disable cookies entirely. 23. Secrecy protection is a legal matter. 24. E-mail secrecy issues address whether company supervisors should be permitted to read employees messages randomly. 25. A computer that has experienced a necessity threat slows processing to an intolerably slow speed. 26. The shorter the session key, the more resistant the encryption is to attack.

27. A Web browser that has entered into an SSL session indicates that it is in an encrypted session. 28. Developers use active content because it extends the functionality of HTML and moves some data processing chores from the busy server machine to the user s client computer. 29. Backdoor programs can read e-mail messages and unencrypted Web client-server message traffic such as user logins, passwords, and credit card numbers. 30. Both Code Red and Nimda are examples of a multi-vector worm. Multiple Choice Identify the letter of the choice that best completes the statement or answers the question. 31. is the protection of computer assets from unauthorized access, use, alteration, or destruction. a. Computer security c. Computer damage b. Computer risk d. Digital signature 32. security includes tangible protection devices, such as alarms, guards, fireproof doors, security fences, safes or vaults, and bombproof buildings. a. Logical c. General b. Physical d. Standard 33. Any act or object that poses a danger to computer assets is known as a(n). a. damage c. threat b. risk d. accident 34. Which of the following is a person or device that is able to listen in on and copy Internet transmissions? a. eavesdropper c. dropper b. controller d. listener 35. refers to protecting against unauthorized data disclosure and ensuring the authenticity of the data source. a. Necessity c. Integrity b. Secrecy d. Harmony 36. Which of the following refers to preventing unauthorized data modification? a. integrity c. necessity b. secrecy d. completeness 37. Which of the following refers to preventing data delays or denials? a. integrity c. necessity b. secrecy d. readiness 38. A(n) is a written statement describing which assets to protect and why they are being protected, who is responsible for that protection, and which behaviors are acceptable and which are not. a. risk management outline c. security policy b. security mission d. security subject 39. refers to programs that are embedded transparently in Web pages and that cause action to occur. a. Action page c. Home page b. Active content d. Activity control 40. A(n) is a small application program. a. applet c. cipher b. buffer d. procedure 41. A(n) is a program hidden inside another program or Web page that masks its true purpose. a. mask program c. hidden route b. Trojan horse d. insider program 42. Java is a programming language developed by.

a. Microsoft c. Oracle b. IBM d. Sun Microsystems 43. The is a special security model that confines Java applet actions to a set of rules defined by the security model. a. security box c. Java sandbox b. Java model d. Java++ 44. Which of the following is an object that contains programs and properties that Web designers place on Web pages to perform particular tasks? a. objective c. ActiveX control b. Java++ d. plug-in 45. ActiveX controls can run on computers running the operating system. a. Windows c. UNIX b. Linux d. Mac 46. A(n) is software that attaches itself to another program and can cause damage when the host program is activated. a. applet c. virus b. cookie d. message digest 47. A(n) is a type of virus that replicates itself on computers that it infects. a. worm c. session b. cookie d. message digest 48. The term describes the process of hiding information within another piece of information. a. ACL c. firewall b. steganography d. decryption 49. provides a way of hiding an encrypted file within another file so that a casual observer cannot detect that there is anything of importance in the container file. a. ACL c. Steganography b. Decryption d. Firewall 50. is the protection of individual rights to nondisclosure. a. Secrecy c. Security b. Privacy d. Sensitivity 51. Special software applications called provide the means to record information that passes through a computer or router that is handling Internet traffic. a. intruder programs c. sniffer programs b. copier programs d. backdoor programs 52. A(n) allows anyone with knowledge of its existence to cause damage by observing transactions, deleting data, or stealing data. a. sniffer c. auditor b. backdoor d. opener 53. The Web site provides a measure of secrecy to Web surfers who use the site as a portal. a. Anonymizer c. Amazon b. Yahoo! d. CNN 54. A(n) exists when an unauthorized party can alter a message stream of information. a. secrecy threat c. integrity threat b. privacy threat d. necessity threat 55. Which of the following is the electronic defacing of an existing Web site s page? a. encryption c. cybersquatting b. steganography d. cybervandalism 56. is pretending to be someone you are not or representing a Web site as an original when it is really a fake.

a. Hash coding c. Cybersquatting b. Spoofing d. Warchalking 57. A Web server can compromise if it allows automatic directory listings. a. necessity c. secrecy b. integrity d. wardrivers 58. A(n) is an area of memory set aside to hold data read from a file or database. a. RAM c. buffer b. cookie d. main memory 59. A(n) attack occurs when hundreds or even thousands of people each send a message to a particular address. a. mail bomb c. nuisance b. mass mail d. e-mail 60. Protection of assets using nonphysical means is called. a. countermeasure c. secrecy policy b. logical security d. continuity plan 61. People who write programs or manipulate technologies to obtain unauthorized access to computers and networks are called. a. eavesdropper c. white hat hackers b. crackers d. wardrivers 62. Originally, the term was used to describe a dedicated programmer who enjoyed writing complex code that tested the limits of technology. a. eavesdropper c. cracker b. hacker d. wardriver 63. A(n) only purpose is to provide a way for a Web site to place cookies on a visitor s computer. a. ACL s c. Web bug s b. digital ID s d. gateway server s 64. Exploits that capture confidential customer information are called. a. PGP c. warchalking b. eavesdropping expeditions d. phishing expeditions 65. The purpose of a(n) threat is to disrupt normal computer processing. a. privacy c. secrecy b. necessity d. integrity 66. What kind of attack removes information altogether, or deletes information from a transmission or file? a. backdoor c. DoS b. spoof d. zombie 67. encryption encodes messages by using two mathematically related numeric keys. a. Physical c. Symmetric b. Asymmetric d. Logical 68. One of the most popular technologies used to implement public-key encryption today is called. a. AES c. PGP b. VeriSign d. ACL 69. was invented in 1991 by Phil Zimmerman. a. PGP c. ACL b. AES d. VeriSign 70. encryption encodes a message with one of several available algorithms that use a single numeric key to encode and decode data. a. PGP c. Asymmetric b. Symmetric d. AEC

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback