Information Technology For Managers 2nd Edition By by George Reynolds – Test Bank

$25.00

Category:

Description

INSTANT DOWNLOAD WITH ANSWERS
Information Technology For Managers 2nd Edition By by George Reynolds – Test Bank

CHAPTER 7— E-COMMERCE

 

MULTIPLE CHOICE

 

  1. _____ involves the exchange of money for goods and services over electronic networks.
  2. E-mail
  3. E-meeting
  4. E-commerce
  5. E-governance

 

ANS: C

RATIONALE: E-commerce involves the exchange of money for goods and services over electronic networks.

 

  1. Which of the following was a reason for the failure of dot-com companies during the late 1990s?
  2. Generating revenues in excess of costs
  3. Increasing the market share with equal importance given for bottom-line profits
  4. Too much focus on bottom-line profits with little regard for market share
  5. Increasing the market share with little regard for bottom-line profits

 

ANS: D

RATIONALE: During the late 1990s, many poor ideas for Web-related businesses were proposed and funded in a wave of “irrational exuberance” for all things associated with the dot-com economy. In many cases, these new businesses ignored traditional business models built on delivering fundamental value for customers, achieving operational excellence, and generating revenues in excess of costs. Instead many companies placed an unhealthy emphasis on increasing market share with little regard for bottom-line profits. With their focus on the wrong things, it really was not a surprise when hundreds of the dot-com companies failed.

 

  1. _____ are private stores that offer additional customer services beyond simply placing an order.
  2. Customer portals
  3. Private company marketplaces
  4. Industry consortia-sponsored marketplaces
  5. Omnichannel portals

 

ANS: A
RATIONALE: Customer portals are private stores that offer additional customer services beyond simply placing an order.

 

  1. Which of the following is a type of Business-to-business (B2B) Web site?
  2. Omnichannel retailing
  3. The long tail
  4. A private company marketplace
  5. Multichannel retailing

 

ANS: C

RATIONALE: Business-to-business (B2B) Web sites in operation today take a variety of forms, including private stores, customer portals, private company marketplaces, and industry consortia–sponsored marketplaces.

 

  1. Buyers need to enter a company’s identification code and password to make a purchase from a selection of products at a prenegotiated price in:
  2. private stores.
  3. omnichannel retailing.
  4. e-governance.
  5. e-procurement software.

 

ANS: A

RATIONALE: Access to a private store requires that the buyer enter a company identification code and password to make a purchase from a selection of products at prenegotiated prices typically based on an established annual minimum purchase quantity.

 

  1. A high percentage of Business-to-business (B2B) transactions take place between companies called:
  2. original equipment buyers.
  3. original equipment suppliers.
  4. original equipment manufacturers.
  5. original equipment dealers.

 

ANS: C

RATIONALE: A high percentage of B2B transactions take place between companies called original equipment manufacturers (OEMs) that supply parts and components and the companies that sell the final product.

 

  1. Often, large manufacturers manage their purchasing functions using a(n):
  2. omnichannel portal.
  3. customer portal.
  4. industry consortia–sponsored marketplace.
  5. private company marketplace.

 

ANS: D

RATIONALE: Often, large manufacturers that purchase goods and services from many small suppliers build a private company marketplace to manage their purchasing functions through a Web site.

 

  1. When companies do not have sufficient purchasing power, they create a(n):
  2. private company marketplace.
  3. industry consortia–sponsored marketplace.
  4. customer portal.
  5. private store.

 

ANS: B

RATIONALE: In many cases, companies are not large enough or do not have sufficient purchasing power to require suppliers to deal with them through a private company marketplace. In such a situation, several companies in a particular industry may join forces to create an industry consortia–sponsored marketplace to gain the advantages of the private company marketplace for all members of the consortia.

 

  1. Which of the following allows a company to create an electronic catalog with search capability?
  2. Omnichannel software
  3. Private company marketplace software
  4. Industry consortia–sponsored marketplace software
  5. E-procurement software

 

ANS: D
RATIONALE: E-procurement software allows a company to create an electronic catalog with search capability.

 

  1. Creating, reviewing, and approving purchase orders are features of:
  2. private company market places.
  3. e-procurement softwares.
  4. customer portals.
  5. private stores.

 

ANS: B

RATIONALE: E-procurement software can automate key functions of the purchasing process, including creating, reviewing, and approving purchase orders and transmitting these purchase orders electronically to the supplier.

 

  1. Which of the following models of e-commerce should focus on retaining the customers to capture additional future sales?
  2. Business-to-consumer (B2C)
  3. Business-to-business (B2B)
  4. Consumer-to-consumer (C2C)
  5. Government-to-consumer (G2C)

 

ANS: A

RATIONALE: Business-to-consumer (B2C) Web sites must focus on attracting prospects, converting them into customers, and retaining them to capture additional future sales.

 

  1. _____ retailing is the application of the same business strategy across all marketing channels.
  2. Multichannel
  3. Long tail
  4. Omnichannel
  5. Convenience

 

ANS: C

RATIONALE: Omnichannel retailing is the application of the same business strategy cross all marketing channels (e.g., mobile Internet devices, computers, brick-and-mortar stores, television, radio, direct mail, and catalog), with each channel using the same database of customer information, products, prices, promotions, and so on.

 

  1. Consumer-to-consumer (C2C) e-commerce is the exchange of goods and services between:
  2. business organizations and individual consumers.
  3. individuals facilitated by a third party.
  4. businesses via computer networks.
  5. the government and businesses.

 

ANS: B
RATIONALE: Consumer-to-consumer (C2C) e-commerce is the exchange of goods and services among individuals, typically facilitated by a third party.

 

  1. Which of the following technologies is used by e-government (e-gov) commerce?
  2. Assistive technology
  3. Banking technology
  4. Nanotechnology
  5. Information technology

 

ANS: D

RATIONALE: E-government (e-gov) commerce involves the use of information technology (such as Wide Area Networks, the Internet, and mobile computing) by government agencies to transform relations between the government and citizens (G2C), the government and businesses (G2B), and among various branches of the government (G2G).

 

  1. An online shopping and ordering system that provides access to thousands of contractors and millions of products and services is called:
  2. eBuy.
  3. GSA Advantage.
  4. GSA eLibrary.
  5. eMod.

 

ANS: B

RATIONALE: GSA Advantage! is an online shopping and ordering system that provides access to thousands of contractors and millions of products and services.

 

  1. An online tool designed to facilitate the submission of requests for quotations for a wide range of commercial products and services is _____.
  2. eMod
  3. GSA Advantage!
  4. GSA eLibrary
  5. eBuy

 

ANS: D

RATIONALE: eBuy is an online Request for Quotation (RFQ) tool designed to facilitate the submission of requests for quotations for a wide range of commercial products and services.

 

  1. Which of the following is an online source that contains the latest contract award information?
  2. GSA eLibrary
  3. GSA eOffer
  4. GSA eMod
  5. GSA eBuy

 

ANS: A

RATIONALE: GSA eLibrary is an online source for the latest contract award information.

 

  1. _____ is a Web-based application that allows vendors to prepare and submit their GSA contract offers and contract modification requests electronically.
  2. GSA Advantage!
  3. GSA eLibrary
  4. eOffer
  5. eBuy

 

ANS: C

RATIONALE: eOffer/eMod is a Web-based application that allows vendors to prepare and submit their GSA contract offers and contract modification requests electronically.

 

  1. The buying and selling of goods and services using a mobile device is called:
  2. mobile computing.
  3. m-commerce.
  4. e-commerce.
  5. cloud computing.

 

ANS: B

RATIONALE: Mobile commerce (m-commerce) is the buying and selling of goods and/or services using a mobile device, such as a tablet, smartphone, or other portable devices.

 

  1. Which of the following is a top-level domain that provides fast and efficient internet access to mobile devices?
  2. .Link
  3. .Net
  4. .Info
  5. .Mobi

 

ANS: D

RATIONALE: .Mobi is a top-level domain approved by the International Corporation of Assigned Names and Numbers (ICANN) and managed by the mTLD global registry. Its goal is to deliver the Internet to mobile devices.

 

  1. Identify a major drawback of browsing Web pages on mobile devices.
  2. Size of the screen
  3. Speed of the internet
  4. Bandwidth of the internet
  5. Voice quality of the network

 

ANS: A

RATIONALE: Worldwide, there are more digital mobile phones than personal computers and TVs combined. Most mobile phones now have full Internet capabilities. However, these mobile phones have a number of limitations that make it difficult to view standard Web pages. The main limitation of course, is the size of the viewing screen.

 

  1. The technology to obtain and validate tickets from mobile devices is called:
  2. eTicketing.
  3. iTicketing.
  4. mobile ticketing.
  5. integrated ticketing.

 

ANS: C

RATIONALE: Mobile ticketing is a means to order, pay for, obtain, and validate tickets from mobile devices. The tickets are sent to the mobile device as a text message with a special bar code or alphanumeric code, and users present their phones to ticket collectors at the venue to gain entrance.

 

  1. In mobile ticketing, the tickets are sent to mobile devices as a text message with a(n):
  2. morse code.
  3. alphanumeric code.
  4. genetic code.
  5. cipher code.

 

ANS: B

RATIONALE: The tickets are sent to the mobile device as a text message with a special bar code or alphanumeric code, and users present their phones to ticket collectors at the venue to gain entrance.

 

  1. Which of the following services is used to track the whereabouts of an individual?
  2. Location-based service
  3. Card-based service
  4. Long tail
  5. Web 2.0

 

ANS: A

RATIONALE: A location-based service is a computer program that uses location data to control its features and the information it provides. Some location-based services are query based, allowing a user to request local maps and directions to points of interest, local traffic and weather information, or even information on the whereabouts of a friend or coworker.

 

  1. Which of the following is a technology through which customers use a mobile device to perform banking operations?
  2. Net banking
  3. Mobile banking
  4. Branch banking
  5. E-mail banking

 

ANS: B

RATIONALE: With mobile banking, customers can use a mobile device to access balance information, pay bills, transfer funds, and find nearby ATMs or banking centers.

 

  1. Identify the term that describes the change in technology and Web site design to enhance information sharing, collaboration, and functionality on the Web.
  2. Podcast
  3. Mashup
  4. Forum
  5. Web 2.0

 

ANS: D

RATIONALE: Web 2.0 is a term describing changes in technology and Web site design to enhance information sharing, collaboration, and functionality on the Web.

 

  1. One of the key decisions in running an e-commerce Web site is to decide:
  2. who will operate the host site.
  3. where to create a backup.
  4. how to make it user-friendly.
  5. how to allow guest users to buy a product.

 

ANS: A

RATIONALE: Two key decisions that must be made in establishing and running an e-commerce Web site are who will build the site and who will operate (host) the site.

 

  1. Identify the feature that involves the storing, serving, and creating backup of files for one or more Web sites.
  2. Web server hosting
  3. Web site hosting
  4. Web browser hosting
  5. Proxy server hosting

 

ANS: B

RATIONALE: Web site hosting involves the storing, serving, and creating backup of files for one or more Web sites.

 

  1. Dedicated hardware and virtual private servers are the services that are offered by:
  2. cloud computing.
  3. Web 2.0.
  4. mobile commerce.
  5. Web hosting.

 

ANS: D

RATIONALE: Web hosting services may offer dedicated hardware or virtual private servers in which multiple organizations share hardware and Internet connections but otherwise have isolated, virtualized software.

 

  1. Which of the following is an advantage of a shared server environment over dedicated servers?
  2. Security
  3. Performance
  4. Cost effectiveness
  5. Reliability

 

ANS: C

RATIONALE: A shared server environment is less expensive than dedicated servers.

 

  1. Identify the drawback of a dedicated server when compared to a shared server environment.
  2. Expensive
  3. Reduced performance
  4. Low reliability
  5. Insecure

 

ANS: A

RATIONALE: A shared server environment is less expensive than dedicated servers; however, it may not provide the desired level of security, performance, and reliability.

 

  1. The effective use of a _____ is critical to attracting prospects to a Web site.
  2. newsletter
  3. forum
  4. browser cookie
  5. search engine

 

ANS: D

RATIONALE: The effective use of a search engine is critical to attracting prospects to a Web site.

 

  1. A search engine uses the _____ of Web pages to quickly display the URLs of those pages that “best match” the user’s search term.
  2. contents
  3. popularity
  4. index
  5. bandwidth

 

ANS: C

RATIONALE: A search engine is a software that maintains an index of billions of Web pages and uses that index to quickly display the URLs of those pages that “best match” the user’s search term.

 

  1. Which of the following is a tool used by search engines to score Web sites?
  2. Parser
  3. Crawler
  4. Cookie
  5. Sticker

 

ANS: B

RATIONALE: To perform the matching process, many search engines such as Google, Yahoo!, and Bing use software called crawlers to score Web sites.

 

  1. The _____ of a Web site depends on link popularity, density, and frequency of keywords in the page content.
  2. score
  3. rank
  4. average
  5. median

 

ANS: A

RATIONALE: The score of a site is based on how relevant the site is to the search term, based on criteria such as link popularity, density, frequency of keywords in the page content, number of other Web sites referencing the site, and numerous other factors.

 

  1. Which of the following is a type of search engine result that provides users with a list of potential Web sites based on the keyword relevancy?
  2. Paid list
  3. Organic list
  4. Social list
  5. Local list

 

ANS: B

RATIONALE: An organic list is a type of search engine result in which users are given a listing of potential Web sites based on their content and keyword relevancy.

 

  1. Identify the technique that uses graphics with a hyperlink to direct customers to a Web site.
  2. Search engine optimization
  3. Paid listings
  4. Banner advertising
  5. Organic list

 

ANS: C

RATIONALE: An organization can attract potential customers to its site through the use of Web page banner ads that display a graphic and include a hyperlink to the advertisers’ Web site.

 

  1. The _____ network acts as a broker between Web sites and advertisers.
  2. paid listing
  3. banner advertising
  4. organic listing
  5. search engine optimization

 

ANS: B

RATIONALE: The banner advertising network acts as a broker between Web sites and advertisers.

 

  1. Web sites provide a simple search tool that returns search results with thumbnails of actual products. This is a strategy to provide a(n):
  2. easy and safe payment method.
  3. efficient order fulfillment.
  4. smooth return policy.
  5. good customer online experience.

 

ANS: D

RATIONALE: The ultimate goals of most Web sites are to increase sales as well as to improve customer satisfaction and loyalty to an organization. To accomplish these goals, a company must create a Web site that will compel customers to return repeatedly. A few of the key steps include designing the home page to be informative and visually appealing to your target customer, ensuring that the navigation is highly intuitive, and providing a simple search tool that returns search results with thumbnails of actual products.

 

  1. Identify a feature that makes an e-commerce Web site successful.
  2. Selling products at a lower price
  3. Getting back old customers
  4. Special focus on the Web site design
  5. Popularity of the Web site

 

ANS: B

RATIONALE: Successful e-commerce Web sites are able to get their customers to return time and time again. Indeed getting customers to come back is what separates a prosperous business from a failed one.

 

  1. Which of the following features of a website ensures that visitors return to the site?
  2. Sticky
  3. Navigation
  4. Bookmark
  5. Cookie

 

ANS: A

RATIONALE: A key tactic to make visitors return to your Web site is to design it to be a sticky Web site, so that visitors engage with your site and want to spend time there.

 

  1. A way of drawing customers to a Web site is by:
  2. generating a referral link for them.
  3. making the return process easier.
  4. asking them to review a recently purchased item.
  5. thanking them for the recently purchased item.

 

ANS: C

RATIONALE: Asking customers to review a recently purchased item can also draw customers back to your site and provides another opportunity to show related products or other items in which the customer may be interested.

 

  1. Which of the following steps needs to be considered to ensure efficient order fulfillment?
  2. Send a confirmation mail following the placement of an order.
  3. Ask the customers to review a recently purchased item.
  4. Allow the usage of credit cards and debit cards for payment.
  5. Secure adequate storage for inventory.

 

ANS: D

RATIONALE: A number of components and processes must be considered when designing a timely, efficient order-fulfillment system. Adequate storage must be secured for inventory. Items must be stored safely and accessed easily for fast order fulfillment. Systems and processes must be capable of receiving fast and accurate deliveries from suppliers.

 

  1. Identify a factor that enables management to minimize inventory levels and provide a high rate of order fulfillment.
  2. Sales forecasting
  3. Customer review
  4. Web site popularity
  5. Easy payment method

 

ANS: A

RATIONALE: Accurate inventory counts and the ability to do sales forecasting with some degree of accuracy are also critical. This enables management to minimize inventory levels (and the associated costs) while still providing a high rate of order fulfillment.

 

  1. Distribution processes must be capable of meeting customer expectations for a product’s:
  2. quality.
  3. cost.
  4. popularity.
  5. availability.

 

ANS: B

RATIONALE: Distribution processes must be capable of meeting customer expectations for delivery times and costs.

 

  1. Which of the following is a strategy that should be adopted by Web sites to increase sales and repeat business?
  2. A variety of easy and secure payment modes should be offered.
  3. Systems and processes must be capable of receiving fast and accurate deliveries from suppliers.
  4. Incentives should be provided for cash payments.
  5. Only one type of payment mode must be accepted.

 

ANS: A

RATIONALE: Web sites need to accept a variety of easy and secure payment methods to increase sales and encourage repeat business.

 

  1. Identify the technique used by secure Web sites to protect the confidentiality of online transactions.
  2. Encryption and authorization
  3. Decryption and authentication
  4. Encryption and authentication
  5. Decryption and authorization

 

ANS: C

RATIONALE: A secure Web site uses encryption and authentication to protect the confidentiality of online transactions.

 

  1. Which of the following computer applications alert users while entering or leaving a secure site?
  2. Web server
  3. Antivirus
  4. Operating system
  5. Web browser

 

ANS: D

RATIONALE: By default, the most commonly used computer Web browsers (including Chrome, Internet Explorer, Firefox, Safari, and Opera) will inform you when you are entering or leaving a secure site.

 

  1. Which of the following protocols verifies the Web site to which a user is connected?
  2. Inter-Switch Link
  3. Internet Protocol Control Protocol
  4. Tool Command Language
  5. Secure Sockets Layer

 

ANS: D

RATIONALE: The most commonly used protocol for Web security is the Secure Sockets Layer (SSL), which can be used to verify that the Web site to which a user is connected is what it purports to be.

 

  1. Which of the following is a multifaceted security standard that requires retailers to implement a set of security management policies, network architecture, and other critical protective measures to safeguard cardholder data?
  2. PDI Data Security Standard
  3. PCI Data Security Standard
  4. PDA Data Security Standard
  5. PCA Data Security Standard

 

ANS: B

RATIONALE: Payment Card Industry (PCI) Data Security Standard is a multifaceted security standard that requires retailers to implement a set of security management policies, procedures, network architecture, software design, and other critical protective measures to safeguard cardholder data.

 

  1. Identify the duration set by the Payment Card Industry (PCI) Data Security Standard to store a user’s card data in the event of dispute with the card holder.
  2. 6 months
  3. 12 months
  4. 18 months
  5. 24 months

 

ANS: C

RATIONALE: Payment Card Industry (PCI) Data Security Standard is a multifaceted security standard that requires retailers to implement a set of security management policies, procedures, network architecture, software design, and other critical protective measures to safeguard cardholder data. It also requires retailers to store certain card data for up to 18 months in the event of a dispute with the cardholder.

 

  1. Identify the component present in a smart card that can process instructions and store data for use in various applications.
  2. Macrochip
  3. Microchip
  4. Magnetic tape
  5. Magnetic stripe

 

ANS: B

RATIONALE: A smart card resembles a credit card in size and shape, but it contains an embedded microchip that can process instructions and store data for use in various applications such as electronic cash payments, storage of patient information, and providing access to secure areas.

 

  1. A microchip in a smart card stores the same data as the _____ on a payment card.
  2. magnetic tape
  3. magnetic recorder
  4. magnetic coil
  5. magnetic stripe

 

ANS: D

RATIONALE: The microchip can store the same data as the magnetic stripe on a payment card and more.

 

  1. Which of the following components enables a contactless card to connect wirelessly with a contactless card reader?
  2. Microchip
  3. Macrochip
  4. Embedded circuit
  5. Embedded magnetic stripe

 

ANS: C

RATIONALE: Contactless smart cards do not have a contact area, but rather have an embedded circuit, which allows them to connect with a contactless card reader wirelessly.

 

  1. Which of the following methods of financial transactions is considered the most secure?
  2. Europay MasterCard Visa transaction
  3. Magnetic stripe transaction
  4. Near Field Communication transaction
  5. payWave transaction

 

ANS: A

RATIONALE: Europay MasterCard Visa (EMV) financial transactions are considered more secure than traditional credit card payments due to the use of advanced encryption algorithms to provide authentication of the card. Unfortunately, smart card processing takes longer than an equivalent magnetic stripe transaction, partly due to the additional processing to decrypt messages.

 

  1. Which of the following is used by Europay MasterCard Visa (EMV) transactions to confirm the identity of a card holder?
  2. Signature
  3. Photo
  4. Telephone number
  5. Personal identification number

 

ANS: D

RATIONALE: Europay MasterCard Visa (EMV) financial transactions are considered more secure than traditional credit card payments due to the use of advanced encryption algorithms to provide authentication of the card. Unfortunately, smart card processing takes longer than an equivalent magnetic stripe transaction, partly due to the additional processing to decrypt messages. Furthermore, many implementations of EMV cards and terminals confirm the identity of the cardholder by requiring the entry of a Personal Identification Number (PIN) rather than signing a paper receipt.

 

  1. Identify the technology that measures and analyzes human physical characteristics such as eye retinas, fingerprints, or voice patterns for security purposes.
  2. Cryptography
  3. Biometrics
  4. Phishing
  5. Steganography

 

ANS: B

RATIONALE: In the United States, many banks and financial services companies have been reluctant to impose additional requirements for authentication because they don’t want to add additional steps (and time) to the checkout process. In the future, systems may be upgraded to use biometrics (technology that measures and analyzes human physical characteristics such as eye retinas, fingerprints, or voice patterns for security purposes).

 

  1. Identify a drawback of biometrics.
  2. Requires a very high initial investment.
  3. Does not provide a high degree of confidence in user identity.
  4. Requires the user to remember complex numeric passwords.
  5. Increases password administration costs.

 

ANS: A

RATIONALE: In the United States, many banks and financial services companies have been reluctant to impose additional requirements for authentication because they don’t want to add additional steps (and time) to the checkout process. In the future, systems may be upgraded to use biometrics (technology that measures and analyzes human physical characteristics such as eye retinas, fingerprints, or voice patterns for security purposes); however, this approach is not currently considered economical for retail applications.

 

  1. Each time a payment is made through a credit card, the retailer has to pay a certain amount called _____ to the card company.
  2. one time fees
  3. value added tax
  4. swipe fees
  5. additional tax

 

ANS: C

RATIONALE: A coalition of retailers known as the Merchant Customer Exchange (MCX) and including retailers such as Best Buy, CVS, Dunkin’ Donuts, Lowe’s, Rite-Aid, and Walmart plan to launch a competing payment network called CurrentC, which will draw money directly from a consumer’s bank account or store-funded credit card instead of charging a bank credit card like Apple Pay does. This would allow retailers to avoid payments to credit card companies—called “swipe fees”—each time a consumer pays with a credit card.

 

  1. Which of the following strategies contributes to the increase in product sales and eliminates returns?
  2. Giving a short description of the products
  3. Highlighting only the advantages of the products
  4. Displaying low resolution snapshots or small photos of the products
  5. Displaying customer-written product reviews

 

ANS: D

RATIONALE: Well-written product descriptions, thumbnail (or larger) photos, and customer-written product reviews can not only increase product sales but can also go a long way toward eliminating returns.

 

  1. Strict handling of returns results in:
  2. permanent savings.
  3. short-term customer loyalty.
  4. the expansion of future sales.
  5. high product quality.

 

ANS: B

RATIONALE: Strict handling of returns can result in temporary savings but at the expense of long-term customer loyalty and future sales.

 

  1. Companies that sell products from both physical locations and e-commerce Web sites are known as:
  2. click-and-mortar retailers.
  3. brick-and-mortar retailers.
  4. click-and-pack retailers.
  5. brick-and-pack retailers.

 

ANS: A

RATIONALE: Click-and-mortar retailers are those who sell products from both physical locations and e-commerce Web sites.

 

  1. The benefits of e-commerce are due to the:
  2. excess time and cost associated with selling.
  3. excess time and cost associated with purchasing.
  4. global exposure of products sold on the Web.
  5. global exposure of products sold offline.

 

ANS: C

RATIONALE: Many advantages result from the use of e-commerce. Interestingly, these advantages are not one-sided; some advantages accrue to the seller, some to the buyer, and some to society as a whole. Most of these benefits are possible because of the global exposure of products sold on the Web and the ability of e-commerce to reduce the time and costs associated with both selling and purchasing.

 

  1. Customers fear the misuse of their personal data due to the:
  2. nature of the payment gateway.
  3. sticky Web site.
  4. global exposure of products sold on the web.
  5. publicity of consumer data breaches.

 

ANS: D

RATIONALE: Consumers have long had concerns about whether online data is secured from access by unauthorized users or hackers. These concerns are rising based on the widespread publicity of recent consumer data breaches.

 

  1. Which of the following is an approach followed by Web sites to overcome cultural and linguistic obstacles?
  2. Think globally, act locally
  3. Think locally, act globally
  4. Think locally, act locally
  5. Think globally, act globally

 

ANS: A

RATIONALE: Web site designers must avoid creating cultural and linguistic obstacles that make a site less attractive or effective for any subgroup of potential users. Potential customers will feel more comfortable buying your products and services if you speak to them in their own language. Thus, Web sites increasingly offer visitors the option to select their home country on an initial home page; this choice prompts the site to display a version designed to accommodate people from that country, with correct language or regional dialect, print characters, and culture-appropriate graphics and photos. This design approach is often called “think globally, act locally.”

 

TRUE/FALSE

 

  1. E-commerce reduces operating efficiencies.

 

ANS: False

RATIONALE: E-commerce enables organizations and individuals to build new revenue streams, to create and enhance relationships with customers and business partners, and to improve operating efficiencies.

 

  1. Dot-com companies failed due to the emphasis on bottom-line profits.

 

ANS: False

RATIONALE: During the late 1990s, many poor ideas for Web-related businesses were proposed and funded in a wave of “irrational exuberance” for all things associated with the dot-com economy. In many cases, these new businesses ignored traditional business models built on delivering fundamental value for customers, achieving operational excellence, and generating revenues in excess of costs. Instead many companies placed an unhealthy emphasis on increasing market share with little regard for bottom-line profits. With their focus on the wrong things, it really was not a surprise when hundreds of the dot-com companies failed.

 

  1. Multichannel retailing is the application of different strategies for an individual channel.

 

ANS: False

RATIONALE: Multichannel retailing is the application of different strategies for different channels.

 

  1. Mobile ticketing helps to reduce the number of unsold tickets.

 

ANS: True

RATIONALE: Mobile ticketing increases the revenue for event promoters and ticket vendors who can sell tickets up until the last minute—they can even sell unclaimed tickets at the last second.

 

  1. Web 2.0 allows visitors to share their opinions about a retail organization and its products and services.

 

ANS: True

RATIONALE: Web 2.0 capabilities require a retailer to relinquish control and allow visitors to have their say—good, bad, or indifferent—about the retail organization and its products and services.

 

  1. Visitors will return to a Web site if its contents are always static.

 

ANS: False

RATIONALE: Visitors will want to return to a Web site if it always includes fresh, interesting, and useful content such as that provided by an effective blog or a forum, which can build up a community around your brand and encourage positive feelings from your visitors for your product.

 

  1. Creating a social networking profile will hamper the popularity of a Web site.

 

ANS: False

RATIONALE: Creating a Facebook page for your Web site enables customers who are engaged with your brand to like your page and encourages people to return to your Web site.

 

  1. Hackers find it tougher to intrude a smart card than a credit card.

 

ANS: True

RATIONALE: A smart card resembles a credit card in size and shape, but it contains an embedded microchip that can process instructions and store data for use in various applications such as electronic cash payments, storage of patient information, and providing access to secure areas. The microchip can store the same data as the magnetic stripe on a payment card and more. Thus, no name or card number need appear on the smart card, making it more difficult for thieves to use.

 

  1. Contact smart cards have a contact area on the rear side of the card to interface with a payment terminal.

 

ANS: False

RATIONALE: Contact smart cards have a contact area on the front face of the card to interface with a payment terminal.

 

  1. A successful business organization should provide customer service for a fixed duration in a day.

 

ANS: False

RATIONALE: Because a Web site is open 24 hours a day, many online customers expect to be able to receive customer service at any time of the day or night. If an organization cannot provide some level of customer service 24 hours a day, it may lose business to competitors.

 

ESSAY

 

  1. List out the E-commerce initiatives that are considered risky and challenging.

 

Answer: E-commerce initiatives can be risky and extremely challenging due to a variety of factors, including an organization’s lack of e-business skills, uncertainty in regard to how business processes and policies must be changed to facilitate e-commerce, and the need to make new investments in IT-related hardware and software. Before embarking on such a risky journey, an organization must consider carefully how each potential e-commerce initiative fits into its overall business strategy.

 

  1. A police officer who went on a rescue operation in a village is missing. How would you find the whereabouts of the policeman using the technological advances in mobile commerce?

 

Answer: The location of the policeman is tracked by a location-based service. A location-based service is a computer program that uses location data to control its features and the information it provides. Some location-based services are query based, allowing a user to request local maps and directions to points of interest, local traffic and weather information, or even information on the whereabouts of a friend or coworker.

 

  1. Describe the process of Web site hosting.

 

Answer: Web site hosting involves the storing, serving, and creating backup of files for one or more Web sites. Web hosting services store an organization’s Web site files on Internet-connected Web server computers. When users type in the URL, they are connected to the Web server holding the files for the site; the server then transfers that data back to the user’s computer, allowing the user to view the pages of the site. Web site hosting responsibilities typically include anything related to managing the Web servers and Internet connections—their software, security, support, reliability, speed, maintenance, and disaster recovery.

 

  1. Describe the structure and working of a smart card.

 

Answer: A smart card resembles a credit card in size and shape, but it contains an embedded microchip that can process instructions and store data for use in various applications such as electronic cash payments, storage of patient information, and providing access to secure areas. The microchip can store the same data as the magnetic stripe on a payment card and more. Thus, no name or card number need appear on the smart card, making it more difficult for thieves to use.

 

CHAPTER 11CYBERCRIME AND IT SECURITY

 

MULTIPLE CHOICE

 

  1. Identify a true statement about the bring your own device (BYOD) business policy.
  2. It can improve employee productivity.
  3. It can provide data security.
  4. It creates a bug-free environment.
  5. It enhances employee interaction.

 

ANS: A

RATIONALE: Bring your own device (BYOD) is a business policy that permits, and in some cases encourages, employees to use their own mobile devices to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet. Proponents of BYOD say it improves employee productivity by allowing workers to use devices with which they are already familiar—while also helping to create an image of a company as a flexible and progressive employer.

 

  1. Which of the following is a drawback of the bring your own device (BYOD) business policy?
  2. It affects the productivity of the employees of a company.
  3. It inhibits the privacy of the employees of a company.
  4. It exposes a company’s data to malware.
  5. It creates the image of a company as not being flexible.

 

ANS: C

RATIONALE: Most companies have found they cannot entirely prevent employees from using their own devices to perform work functions. However, this practice raises many potential security issues as it is highly likely that such devices are also used for nonwork activity (browsing Web sites, blogging, shopping, visiting social networks, etc.) that exposes them to malware much more frequently than a device used strictly for business purposes.

 

  1. In computing, a(n) _____ is an attack on an information system that takes advantage of a particular system vulnerability.
  2. exit door
  3. glitch
  4. bot
  5. exploit

 

ANS: D

RATIONALE: In computing, an exploit is an attack on an information system that takes advantage of a particular system vulnerability. Often this attack is due to poor system design or implementation. Once the vulnerability is discovered, software developers create and issue a “fix,” or patch, to eliminate the problem.

 

  1. Which of the following is created and issued by software engineers to remove a system vulnerability?
  2. A patch
  3. A key
  4. A license
  5. A constraint

 

ANS: A

RATIONALE: Once a vulnerability is discovered, software developers create and issue a “fix,” or patch, to eliminate the problem. Users of the system or application are responsible for obtaining and installing the patch, which they can usually download from the Web.

 

  1. The attack that takes place before a software developer knows about the vulnerability is known as a(n) _____.
  2. unidentified attack
  3. zero-day attack
  4. exploit
  5. threat

 

ANS: B

RATIONALE: It is difficult to keep up with all the required patches to fix vulnerabilities. Of special concern is a zero-day attack that takes place before the security community or software developer knows about the vulnerability or has been able to repair it.

 

  1. Which perpetrator violates computer or Internet security maliciously for illegal personal gain?
  2. A red hat hacker
  3. A gray hat hacker
  4. A white hat hacker
  5. A black hat hacker

 

ANS: D

RATIONALE: A black hat hacker is someone who violates computer or Internet security maliciously or for illegal personal gain (in contrast to a white hat hacker who is someone who has been hired by an organization to test the security of its information systems). He breaks into secure networks to destroy, modify, or steal data.

 

  1. Which of the following best describes malicious insiders?
  2. They hack computers in an attempt to promote a political ideology.
  3. They disrupt a company’s information systems and business operations.
  4. They are hired by an organization to test the security of its information systems.
  5. They are hired by an organization to test the security of another organization’s information systems.

 

ANS: B

RATIONALE: A malicious insider is an employee or contractor who attempts to gain financially and/or disrupt a company’s information systems and business operations. He or she has inside information concerning the organization’s security practices, data, or computer systems.

 

  1. Those who capture trade secrets and attempt to gain an unfair competitive advantage are known as _____.
  2. white hat hackers
  3. hacktivists
  4. industrial spies
  5. black hat hackers

 

ANS: C

RATIONALE: Industrial spies are individuals who capture trade secrets and attempt to gain an unfair competitive advantage. They are usually hired by organizations or individuals to illegally gain data and access to other organization’s trade secrets.

 

  1. Which of the following is true of white hat hackers?
  2. They are hired by an organization to test the security of its information systems.
  3. They disrupt a company’s information systems and business operations.
  4. They capture trade secrets and attempt to gain an unfair competitive advantage in a company.
  5. They destroy the infrastructure components of governments, financial institutions, and emergency response units.

 

ANS: A

RATIONALE: White hat hackers are people who have been hired by an organization to test the security of its information systems. They use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them.

 

  1. In the context of computer crimes, those who cause problems, steal data, and corrupt systems are known as _____.
  2. black hat hackers
  3. white hat hackers
  4. hacktivists
  5. crackers

 

ANS: D

RATIONALE: A cracker is an individual who causes problems, steals data, and corrupts systems. He or she possesses a high level of skill and knowledge with computers that enables him or her to interfere with the confidentiality of any information or security system.

 

  1. Which of the following best describes a cybercriminal?
  2. An individual who attacks a computer system or network for financial gain
  3. An individual who hacks computers or Web sites in an attempt to promote a political ideology
  4. An individual who attempts to destroy the infrastructure components of governments and financial institutions
  5. An individual who is hired by an organization to test the security of its information systems

 

ANS: A

RATIONALE: A cybercriminal is someone who attacks a computer system or network for financial gain. He or she attacks other people’s computers to perform malicious activities, such as spreading viruses, data theft, identity theft, etc.

 

  1. Which of the following best describes a hacktivist?
  2. An individual who attempts to destroy the infrastructure components of governments, financial institutions, utilities, and emergency response units
  3. An individual who hacks computers or Web sites in an attempt to promote a political ideology
  4. An employee or contractor who attempts to gain financially and/or disrupt a company’s information systems and business operations
  5. An individual who captures trade secrets and attempts to gain an unfair competitive advantage

 

ANS: B

RATIONALE: A hacktivist is an individual who hacks computers or Web sites in an attempt to promote a political ideology. Hacktivism is defined as hacking or breaking into an information or security system for a political or socially motivated purpose. The tools used by a hacktivist are similar to the ones used by a hacker, only the purpose and agenda vary.

 

  1. In the context of computer crimes, those who attempt to destroy the infrastructure components of governments and financial institutions are known as _____.
  2. hacktivists
  3. white hat hackers
  4. black hat hackers
  5. cyberterrorists

 

ANS: D

RATIONALE: A cyberterrorist is someone who attempts to destroy the infrastructure components of governments, financial institutions, utilities, and emergency response units. Cyberterrorism uses the Internet to spread terrorist activities, which generally revolve around political, social or religious agendas.

 

  1. Which of the following exploits when downloaded onto a smartphone takes control of the device and its data until the owner agrees to pay a sum of money to the attacker?
  2. Camware
  3. Spyware
  4. Scareware
  5. Ransomware

 

ANS: D

RATIONALE: Ransomware is a malware, which when downloaded onto a smartphone (or another device), takes control of the device and its data until the owner agrees to pay a ransom to the attacker. The users get limited or no access to their devices once a ransomware is uploaded. It is not guaranteed that paying the ransom will grant users uninterrupted access to their device.

 

  1. Which of the following is a technical description of a virus?
  2. It is a harmful program that involves the use of Short Message Service to get personal details from victims.
  3. It is the act of fraudulently using email to try to get the recipient to reveal personal data.
  4. It is a piece of code that causes a computer to behave in an unexpected and usually undesirable manner.
  5. It is the abuse of email systems to send unsolicited email to large numbers of people.

 

ANS: C

RATIONALE: Computer virus has become an umbrella term for many types of malicious code. Technically, a virus is a piece of programming code, usually disguised as something else that causes a computer to behave in an unexpected and usually undesirable manner.

 

  1. Which of the following is true of a macro virus?
  2. It propagates without human intervention, often sending copies of itself to other computers by email.
  3. It allows hackers to destroy hard drives, corrupt files, and steal passwords by recording keystrokes and transmitting them to a server operated by a third party.
  4. It inserts unwanted words, numbers, or phrases into documents or alters command functions in an infected document.
  5. It abuses email systems to send unsolicited email to large numbers of people.

 

ANS: C

RATIONALE: Macro viruses can insert unwanted words, numbers, or phrases into documents or alter command functions in an infected document. After a macro virus infects a user’s application, it can embed itself in all future documents created with the application.

 

  1. A _____ is a harmful program that resides in the active memory of a computer and duplicates itself.
  2. scareware
  3. worm
  4. virus
  5. logic bomb

 

ANS: B

RATIONALE: Unlike a computer virus, which requires users to spread infected files to other users, a worm is a harmful program that resides in the active memory of the computer and duplicates itself. A worm can propagate without human intervention, often sending copies of themselves to other computers by email.

 

  1. Which of the following statements is true about worms?
  2. They abuse email systems to send unsolicited email to large numbers of people.
  3. They allow hackers to destroy hard drives, corrupt files, and steal passwords by recording keystrokes and transmitting them to a server operated by a third party.
  4. They insert unwanted words, numbers, or phrases into documents or alter command functions in an infected document.
  5. They propagate without human intervention, often sending copies of themselves to other computers by email.

 

ANS: D

RATIONALE: Unlike a computer virus, which requires users to spread infected files to other users, a worm is a harmful program that resides in the active memory of the computer and duplicates itself. Worms differ from viruses in that they can propagate without human intervention, often sending copies of themselves to other computers by email.

 

  1. How does a worm negatively impact an organization?
  2. It steals passwords and Social Security numbers.
  3. It generates and grades tests that humans can pass but all but the most sophisticated computer programs cannot.
  4. It causes productivity losses due to workers being unable to use their computers.
  5. It fraudulently uses third-party emails to try to get the recipient to reveal personal data.

 

ANS: C

RATIONALE: The negative impact of a worm attack on an organization’s computers can be considerable—lost data and programs, lost productivity due to workers being unable to use their computers, additional lost productivity as workers attempt to recover data and programs, and lots of effort for IT workers to clean up the mess and restore everything to as close to normal as possible.

 

  1. _____ is a program in which malicious code is hidden inside a seemingly harmless program.
  2. A Trojan horse
  3. A distributed denial-of-service attack
  4. A spam
  5. A smish

 

ANS: A

RATIONALE: A Trojan horse is a program in which malicious code is hidden inside a seemingly harmless program. The program’s harmful payload might be designed to enable the hacker to destroy hard drives, corrupt files, control the computer remotely, launch attacks against other computers, steal passwords or Social Security numbers, or spy on users by recording keystrokes and transmitting them to a server operated by a third party.

 

  1. Identify a true statement about Trojan horses.
  2. They lead consumers to counterfeit Web sites designed to trick them into divulging personal data.
  3. They are used by organizations to test the security of information systems.
  4. They involve the use of Short Message Service (SMS) texting for phishing.
  5. They spy on users by recording keystrokes and transmitting them to a server operated by a third party.

 

ANS: D

RATIONALE: A Trojan horse is a program in which malicious code is hidden inside a seemingly harmless program. The program’s harmful payload might be designed to enable the hacker to destroy hard drives, corrupt files, control the computer remotely, launch attacks against other computers, steal passwords or Social Security numbers, or spy on users by recording keystrokes and transmitting them to a server operated by a third party.

 

  1. David, a software engineer, was creating a report using Microsoft Word. After completing 15 pages in the file, he noticed that whenever he copied something using the keyboard, the contents were modified with unwanted numbers and phrases. Which of the following could have caused this problem?
  2. A worm
  3. Smishing
  4. A logic bomb
  5. Phishing

 

ANS: C

RATIONALE: Another type of Trojan horse is a logic bomb, which executes when it is triggered by a specific event. For example, logic bombs can be triggered by a change in a particular file, by typing a specific series of keystrokes, or at a specific time or date.

 

  1. _____ is the abuse of email systems to send unsolicited email to large numbers of people.
  2. Cyberespionage
  3. Spam
  4. Phishing
  5. Smishing

 

ANS: B

RATIONALE: Email spam is the abuse of email systems to send unsolicited email to large numbers of people. Most spam is a form of low-cost commercial advertising, sometimes for questionable products such as pornography, phony get-rich-quick schemes, and worthless stock.

 

  1. Which of the following is true of spam?
  2. Spam is a type of attack with which a hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.
  3. Spam is a program in which malicious code is hidden inside a seemingly harmless program.
  4. Spam is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge.
  5. Spam is an extremely inexpensive method of marketing used by many legitimate organizations.

 

ANS: D

RATIONALE: Most spam is a form of low-cost commercial advertising, sometimes for questionable products such as pornography, phony get-rich-quick schemes, and worthless stock. Spam is also an extremely inexpensive method of marketing used by many legitimate organizations.

 

  1. Which of the following statements is true of the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act?
  2. It legalizes spamming with certain restrictions.
  3. It provides a solution to tackle a Trojan horse.
  4. It identifies distributed denial-of-service attacks.
  5. It prevents worms by eliminating their ability to replicate.

 

ANS: A

RATIONALE: The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act went into effect in January 2004. The act says that it is legal to spam, provided the messages meet a few basic requirements—spammers cannot disguise their identity by using a false return address, the email must include a label specifying that it is an ad or a solicitation, and the email must include a way for recipients to indicate that they do not want future mass mailings.

 

  1. Which of the following is used to ensure that only humans obtain free email accounts?
  2. Atomicity, consistency, isolation, and durability (ACID)
  3. Microprocessor without Interlocked Pipeline Stages (MIPS)
  4. Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA)
  5. Document Style Semantics and Specification Language (DSSSL)

 

ANS: C

RATIONALE: Spammers can defeat the registration process of free email services by launching a coordinated bot attack that can sign up for thousands of email accounts. These accounts are then used by the spammers to send thousands of untraceable email messages for free. A partial solution to this problem is the use of CAPTCHA to ensure that only humans obtain free accounts. CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) software generates and grades tests that humans can pass but all but the most sophisticated computer programs cannot.

 

  1. Identify the attack in which a malicious hacker floods a target site with demands for data and other small tasks.
  2. Distributed denial-of-service
  3. Smishing
  4. Logic bomb
  5. Phishing

 

ANS: A

RATIONALE: In a distributed denial-of-service (DDoS) attack, a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks. A distributed denial-of-service attack does not involve infiltration of the targeted system. Instead, it keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in.

 

  1. Which of the following terms is used to describe a large group of computers controlled from one or more remote locations by hackers without the knowledge of their owners?
  2. Spear-phishing
  3. Botnet
  4. Cyberespionage
  5. Smishing

 

ANS: B

RATIONALE: In a distributed denial-of-service (DDoS) attack, a tiny program is downloaded surreptitiously from the attacker’s computer to dozens, hundreds, or even thousands of computers all over the world. The term botnet is used to describe a large group of such computers, which are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners.

 

  1. Botnet computers are also called _____.
  2. zombies
  3. daemons
  4. narutus
  5. konohas

 

ANS: A

RATIONALE: The term botnet is used to describe a large group of computers, which are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners. Based on a command by the attacker or at a preset time, the botnet computers (also called zombies) go into action, each sending a simple request for access to the target site again and again—dozens of times per second.

 

  1. Which of the following defines a rootkit?
  2. It is the act of fraudulently using email to try to get the recipient to reveal personal data by sending legitimate-looking emails urging the recipient to take action to avoid a negative consequence or to receive a reward.
  3. It is the unintended release of sensitive data by unauthorized individuals.
  4. It is the abuse of email systems to send unsolicited email to large numbers of people.
  5. It is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge.

 

ANS: D

RATIONALE: A rootkit is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge. Once installed, the attacker can gain full control of the system and even obscure the presence of the rootkit from legitimate system administrators.

 

  1. A _____ is used by attackers to execute files, access logs, monitor user activity, and change a computer’s configuration.
  2. scareware
  3. patch
  4. rootkit
  5. worm

 

ANS: C

RATIONALE: A rootkit is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge. Once installed, the attacker can gain full control of the system and even obscure the presence of the rootkit from legitimate system administrators. Attackers can use the rootkit to execute files, access logs, monitor user activity, and change the computer’s configuration.

 

  1. Andrew, a writer, noticed that his blog was filled with repetitive advertisements and surveys that prevented him from accessing his blog and editing an article. Which of the following has caused this problem?
  2. A rootkit
  3. A distributed denial-of-service attack
  4. A logic bomb attack
  5. A cyberespionage incident

 

ANS: B

RATIONALE: A distributed denial-of-service (DDoS) attack is one in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks. A distributed denial-of-service attack does not involve infiltration of the targeted system. Instead, it keeps the target so busy responding to a stream of automated requests that legitimate users cannot get through to the target computer.

 

  1. The _____ code of a rootkit gets the rootkit installation started and can be activated by clicking on a link to a malicious Web site in an email or opening an infected PDF file.
  2. dropper
  3. loader
  4. linker
  5. adapter

 

ANS: A

RATIONALE: Rootkits are one part of a blended threat, consisting of a dropper, a loader, and a rootkit. The dropper code gets the rootkit installation started and can be activated by clicking on a link to a malicious Web site in an email or opening an infected PDF file. The dropper launches the loader program and then deletes itself.

 

  1. Jack was shocked to witness the sudden drop in performance of his laptop. He also found that the screen saver constant changed and that the taskbar had disappeared. The given problems are symptoms of _____ infections.
  2. rootkit
  3. smishing
  4. phishing
  5. bootkit

 

ANS: A

RATIONALE: A rootkit is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge. The following are some symptoms of rootkit infections:

  • The computer locks up or fails to respond to input from the keyboard or mouse.
  • The screen saver changes without any action on the part of the user.
  • The taskbar disappears.
  • Network activities function extremely slowly.

 

  1. _____ is the act of fraudulently using email to try to get the recipient to reveal personal data.
  2. Spoofing
  3. Vishing
  4. Phishing
  5. Smishing

 

ANS: C

RATIONALE: Phishing is the act of fraudulently using email to try to get the recipient to reveal personal data. In a phishing scam, con artists send legitimate-looking emails urging the recipient to take action to avoid a negative consequence or to receive a reward. The requested action may involve clicking on a link to a Web site or opening an email attachment.

 

  1. Which of the following best describes spear-phishing?
  2. The phisher sends a survey to the employees of several organizations to obtain details of the configuration of their computing devices.
  3. The phisher sends a voice mail message to a number of people to call a phone number or access a Web site.
  4. The phisher sends legitimate-looking text messages through his or her phone to advertise a certain organization.
  5. The phisher sends fraudulent emails to a certain organization’s employees disguising them as mails from high-level executives from within the organization.

 

ANS: D

RATIONALE: Spear-phishing is a variation of phishing in which the phisher sends fraudulent emails to a certain organization’s employees. It is known as spear-phishing because the attack is much more precise and narrow, like the tip of a spear.

 

  1. Identify the mode of message transmission used in smishing.
  2. Multimedia Messaging Service
  3. Short Message Service
  4. Email
  5. Voice mail

 

ANS: B

RATIONALE: Smishing (also called SMS phishing and SMiShing) is another variation of phishing that involves the use of Short Message Service (SMS) texting. In a smishing scam, people receive a legitimate-looking text message on their phone telling them to call a specific phone number or to log on to a Web site. This is often done under the guise that there is a problem with their bank account or credit card that requires immediate attention.

 

  1. Identify a true statement about smishing.
  2. The phisher sends legitimate-looking messages through phone to acquire personal information.
  3. The phisher sends a survey email to obtain the configuration of an unsuspecting user’s computing device.
  4. The phisher sends a voice mail message to an unsuspecting user to call a phone number or access a Web site.
  5. The phisher sends fraudulent emails to a certain organization’s employees.

 

ANS: A

RATIONALE: In a smishing scam, people receive a legitimate-looking text message on their phone telling them to call a specific phone number or to log on to a Web site. This is often done under the guise that there is a problem with their bank account or credit card that requires immediate attention.

 

  1. Identify the mode of message transmission used in vishing.
  2. Multimedia Messaging Service
  3. Short Message Service
  4. Email
  5. Voice mail

 

ANS: D

RATIONALE: Vishing is similar to smishing except that the victims receive a voice mail message telling them to call a phone number or access a Web site. Financial institutions, credit card companies, and other organizations whose customers may be targeted by criminals in this manner should be on the alert for phishing, smishing, and vishing scams. They must be prepared to act quickly and decisively without alarming their customers if such a scam is detected.

 

  1. A(n) _____ is a network attack in which an intruder gains access to a network and stays undetected with the intention of stealing data.
  2. advanced persistent threat
  3. vishing scam
  4. identity threat
  5. data breach

 

ANS: A

RATIONALE: An advanced persistent threat (APT) is a network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time. Attackers in an APT must continuously rewrite code and employ sophisticated evasion techniques to avoid discovery. APT attacks target organizations with high-value information, such as banks and financial institutions, government agencies, and insurance companies.

 

  1. Which phase of an advanced persistent threat enables an intruder to gain useful information about the target?
  2. The discovery phase
  3. The capture phase
  4. The reconnaissance phase
  5. The incursion phase

 

ANS: C

RATIONALE: An advanced persistent threat (APT) is a network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time. The intruder begins by conducting reconnaissance on the network to gain useful information about the target (security software installed, computing resources connected to the network, number of users, etc.).

 

  1. Identify a true statement about the incursion phase in an advanced persistent threat.
  2. An intruder gains useful information about the target.
  3. An intruder establishes a means of accessing a computer program that bypasses security mechanisms.
  4. An intruder gathers valid user credentials and installs backdoors for distributing malware.
  5. An intruder is ready to access compromised systems and capture information.

 

ANS: B

RATIONALE: In the incursion phase of an advanced persistent threat, an attacker gains incursion to the network at a low level to avoid setting off any alarms or suspicion. Some form of spear-fishing may be employed in this phase. Once incursion to the target has been gained, the attacker establishes a back door, or a means of accessing a computer program that bypasses security mechanisms.

 

  1. Which of the following statements is true of the discovery phase of an advanced persistent threat?
  2. An intruder gains useful information about the target.
  3. An intruder establishes a computer program that bypasses security mechanisms.
  4. An intruder is ready to access compromised systems and capture information.
  5. An intruder gathers valid user credentials and installs backdoors for distributing malware.

 

ANS: D

RATIONALE: In the discovery phase of an advanced persistent threat, an intruder begins a discovery process to gather valid user credentials (especially administrative ones) and move laterally across the network, installing more back doors. These back doors enable the attacker to install bogus utilities for distributing malware that remains hidden in plain sight.

 

  1. In the context of an advanced persistent threat, identify the phase during which an intruder is ready to access unprotected or compromised systems.
  2. The reconnaissance phase
  3. The discovery phase
  4. The capture phase
  5. The export phase

 

ANS: C

RATIONALE: An advanced persistent threat (APT) is a network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time. In the capture phase of the advanced persistent threat, the attacker is ready to access unprotected or compromised systems and capture information over a long period of time.

 

  1. Which of the following statements best describes the export phase of an advanced persistent threat?
  2. The data captured by an attacker is sent to the attacker’s home base for analysis.
  3. An attacker establishes a computer program that bypasses security mechanisms.
  4. An attacker is ready to access compromised systems and capture information.
  5. The valid user credentials gathered by an attacker is used to install backdoors for distributing malware.

 

ANS: A

RATIONALE: An advanced persistent threat (APT) is a network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time. In the export phase, the captured data is exported back to the attacker’s home base for analysis and/or used to commit fraud and other crimes.

 

  1. _____ occurs when the personal information of an individual is stolen and used.
  2. Trustworthy computing
  3. Cyberespionage
  4. Cyberterrorism
  5. Identity theft

 

ANS: D

RATIONALE: Identity theft occurs when someone steals a person’s personal information and uses it without his or her permission. Often, stolen personal identification information, such as names, Social Security numbers, or credit card numbers, are used to commit fraud or other crimes.

 

  1. _____ is the unintended access of sensitive data by unauthorized individuals.
  2. A risk exportation
  3. A data breach
  4. Cyberterrorism
  5. Rifting

 

ANS: B

RATIONALE: A data breach is the unintended release of sensitive data or the access of sensitive data by unauthorized individuals. An unauthorized individual can get access to sensitive, protected, or confidential data that can be copied, transmitted, viewed, or stolen.

 

  1. Ricky, an employee of Gycl Inc., has unknowingly shared his company’s tender details and appraisal structure with the market competitor. This is an example of _____.
  2. smishing
  3. phishing
  4. data breach
  5. identity theft

 

ANS: C

RATIONALE: A data breach is the unintended release of sensitive data or the access of sensitive data by unauthorized individuals. An unauthorized individual can get access to sensitive, protected, or confidential data that can be copied, transmitted, viewed, or stolen.

 

  1. To reduce the potential for online credit card fraud, most e-commerce Web sites use some form of _____ technology to protect information as it comes in from the consumer.
  2. encryption
  3. authentication
  4. authorization
  5. indexing

 

ANS: A

RATIONALE: To reduce the potential for online credit card fraud, most e-commerce Web sites use some form of encryption technology to protect information as it comes in from the consumer. Some also verify the address submitted online against the one the issuing bank has on file, although the merchant may inadvertently throw out legitimate orders as a result.

 

  1. _____ is a three-digit number above the signature panel on the back of a credit card.
  2. Personal identification number
  3. Card verification value
  4. Automated teller machine
  5. Know your customer digits

 

ANS: B

RATIONALE: Card verification value is a three-digit number above the signature panel on the back of a credit card. This technique makes it impossible to make purchases with a credit card number stolen online.

 

  1. The additional security option, used for credit card transactions, that keeps track of a customer’s historical shopping patterns and notes deviations from the norm is _____.
  2. transaction incognito mode
  3. transaction identification code
  4. transaction-spam control software
  5. transaction-risk scoring software

 

ANS: D

RATIONALE: Card verification value is a three-digit number above the signature panel on the back of a credit card. This technique makes it impossible to make purchases with a credit card number stolen online. An additional security option is transaction-risk scoring software, which keeps track of a customer’s historical shopping patterns and notes deviations from the norm.

 

  1. _____ involves the deployment of malware that secretly steals data in the computer systems of organizations.
  2. Cyberterrorism
  3. Smishing
  4. Cyberespionage
  5. Vishing

 

ANS: C

RATIONALE: Cyberespionage involves the deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms. The type of data most frequently targeted includes data that can provide an unfair competitive advantage to the perpetrator.

 

  1. Which of the following statements best defines cyberterrorism?
  2. It involves the deployment of malware that secretly steals data in the computer systems of organizations.
  3. It is the unintended release of sensitive data or the access of sensitive data by unauthorized individuals.
  4. It is a network attack in which an intruder gains access to a network and stays undetected with the intention of stealing data over a long period of time.
  5. It is the intimidation of a government by using information technology to disable critical national infrastructure to achieve ideological goals.

 

ANS: D

RATIONALE: Cyberterrorism is the intimidation of a government or a civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, emergency response) to achieve political, religious, or ideological goals. Cyberterrorism is an increasing concern for countries and organizations around the globe.

 

  1. _____ serves as a clearinghouse for information on new viruses, worms, and other computer security topics.
  2. United States Computer Emergency Readiness Team (US-CERT)
  3. United States Computer Query Emergency Team (US-CQET)
  4. United States Computer Emergency Encryption Team (US-CEET)
  5. United States Computer Emergency Authority Team (US-CEAT)

 

ANS: A

RATIONALE: Cyberterrorism is the intimidation of a government or a civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, emergency response) to achieve political, religious, or ideological goals. Established in 2003 to protect the nation’s Internet infrastructure against cyberattacks, United States Computer Emergency Readiness Team serves as a clearinghouse for information on new viruses, worms, and other computer security topics (over 500 new viruses and worms are developed each month).

 

  1. Identify the industry that is considered as a high-value target for cyberterrorists.
  2. Automobile industry
  3. Logistics industry
  4. Gas industry
  5. Health industry

 

ANS: C

RATIONALE: Companies in the oil and gas industry are seen as high-value targets for cyberterrorists. Some cyberterrorists are interested in taking control over the flow of oil and natural gas in computer-controlled refineries and the movement of oil through pipelines.

 

  1. _____ is a method of computing that delivers secure, private, and reliable computing experiences based on sound business practices.
  2. Cloud computing
  3. Trustworthy computing
  4. Mobile computing
  5. Cluster computing

 

ANS: B

RATIONALE: Trustworthy computing is a method of computing that delivers secure, private, and reliable computing experiences based on sound business practices—which is what organizations worldwide are demanding today. Software and hardware manufacturers, consultants, and programmers all understand that this is a priority for their customers.

 

  1. In the context of general security risk assessment, which of the following is true of the concept of reasonable assurance?
  2. It decides whether or not to implement a particular countermeasure against attacks.
  3. It recognizes that managers must use their judgment to ensure that the cost of control does not exceed a system’s benefits.
  4. It recognizes the loss events or the risks or threats that could occur, such as a distributed denial-of-service attack or insider fraud.
  5. It determines the impact of each threat occurrence.

 

ANS: B

RATIONALE: No amount of resources can guarantee a perfect security system, so organizations must balance the risk of a security breach with the cost of preventing one. The concept of reasonable assurance recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved.

 

  1. Identify the primary security threat for mobile devices.
  2. Distributed denial-of-service attack
  3. Cyberterrorism
  4. Cyberespionage
  5. Theft of device

 

ANS: D

RATIONALE: Mobile devices such as smartphones can be susceptible to viruses and worms. However, the primary security threat for mobile devices continues to be loss or theft of the device.

 

  1. Which of the following uses encryption to provide secure access to a remote computer over the Internet?
  2. Virtual private network (VPN)
  3. File transfer protocol (FTP)
  4. Indexing
  5. Data warehousing

 

ANS: A

RATIONALE: Wary companies have begun to include special security requirements for mobile devices as part of their security policies. In some cases, users of laptops and mobile devices must use a virtual private network (a method employing encryption to provide secure access to a remote computer over the Internet) to gain access to their corporate network.

 

  1. Which of the following limits network access based on an organization’s access policy?
  2. An antivirus software
  3. The concept of Reasonable assurance
  4. A firewall
  5. A browser

 

ANS: C

RATIONALE: Installation of a corporate firewall is the most common security precaution taken by businesses. A firewall stands guard between an organization’s internal network and the Internet, and it limits network access based on the organization’s access policy.

 

  1. Which of the following statements defines an intrusion detection system (IDS)?
  2. An IDS is a discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices.
  3. An IDS evaluates an organization’s security policy.
  4. An IDS indicates the presence of a specific virus.
  5. An IDS is software and/or hardware that monitors system and network resources for breaches.

 

ANS: D

RATIONALE: An intrusion detection system (IDS) is software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment. Such activities usually signal an attempt to breach the integrity of the system or to limit the availability of network resources.

 

  1. Which intrusion detection system (IDS) contains information about specific attacks and system vulnerabilities?
  2. Knowledge-based IDS
  3. Behavior-based IDS
  4. Threat-based IDS
  5. Risk-based IDS

 

ANS: A

RATIONALE: Knowledge-based approaches and behavior-based approaches are two fundamentally different approaches to intrusion detection. Knowledge-based intrusion detection systems contain information about specific attacks and system vulnerabilities and watch for attempts to exploit these vulnerabilities, such as repeated failed login attempts or recurring attempts to download a program to a server. When such an attempt is detected, an alarm is triggered.

 

  1. Which of the following is true of a virus signature?
  2. It quarantines the virus present in a system.
  3. It indicates the presence of a specific virus in a system.
  4. It temporarily stops the activities of a detected virus.
  5. It deletes a detected virus completely.

 

ANS: B

RATIONALE: Antivirus software should be installed on each user’s personal computer to scan a computer’s memory and disk drives regularly for viruses. Antivirus software scans for a specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus.

 

  1. A thorough _____ should test system safeguards to ensure that they are operating as intended.
  2. internet audit
  3. cost audit
  4. software audit
  5. security audit

 

ANS: D

RATIONALE: A security audit evaluates whether an organization has a well-considered security policy in place and if it is being followed. A thorough security audit should also test system safeguards to ensure that they are operating as intended.

 

  1. Which of the following defines computer forensics?
  2. It is a discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices.
  3. It evaluates an organization’s security policy.
  4. It detects viruses in a computer system and quarantines them.
  5. It is the software and/or hardware that monitors system and network resources and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment.

 

ANS: A

RATIONALE: Computer forensics is a discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law. A computer forensics investigation may be opened in response to a criminal investigation or civil litigation.

 

TRUE/FALSE

 

  1. An industrial spy hacks computers or Web sites in an attempt to promote a political ideology.

 

ANS: False

RATIONALE: Industrial spies capture trade secrets and attempt to gain an unfair competitive advantage. They are usually hired by organizations or individuals to illegally gain data and access to other organizations’ trade secrets.

 

  1. Macros can insert unwanted words, numbers, or phrases into documents or alter command functions.

 

ANS: True

RATIONALE: Macros can insert unwanted words, numbers, or phrases into documents or alter command functions. After a macro virus infects a user’s application, it can embed itself in all future documents created with the application.

 

  1. Worms propagate without human intervention and send copies of themselves to other computers via email.

 

ANS: True

RATIONALE: Unlike a computer virus, which requires users to spread infected files to other users, a worm is a harmful program that resides in the active memory of the computer and duplicates itself. Worms differ from viruses in that they can propagate without human intervention, often sending copies of themselves to other computers by email.

 

  1. A Trojan horse abuses email systems to send unsolicited email to large numbers of people.

 

ANS: False

RATIONALE: A Trojan horse is a program in which malicious code is hidden inside a seemingly harmless program. The program’s harmful payload might be designed to enable the hacker to destroy hard drives, corrupt files, control the computer remotely, launch attacks against other computers, steal passwords or Social Security numbers, or spy on users by recording keystrokes and transmitting them to a server operated by a third party.

 

  1. A distributed denial-of-service attack involves infiltration of target systems.

 

ANS: False

RATIONALE: A distributed denial-of-service attack does not involve infiltration of the targeted system. Instead, it keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in—the Internet equivalent of dialing a telephone number repeatedly so that all other callers hear a busy signal.

 

  1. A rootkit can be disinfected without formatting the hard disk or reinstalling the operating system.

 

ANS: False

RATIONALE: When it is determined that a computer has been infected with a rootkit, there is little to do but reformat the disk; reinstall the operating system and all applications; and reconfigure the user’s settings, such as mapped drives. This can take hours, and the user may be left with a basic working machine, but all locally held data and settings may be lost.

 

  1. In a smishing scam, people receive a legitimate-looking text message on their phone telling them to call a specific phone number or to log on to a Web site.

 

ANS: True

RATIONALE: In a smishing scam, people receive a legitimate-looking text message on their phone telling them to call a specific phone number or to log on to a Web site. This is often done under the guise that there is a problem with their bank account or credit card that requires immediate attention.

 

  1. In an advanced persistent threat, the intruder gains useful information about the target in the incursion stage.

 

ANS: False

RATIONALE: In an advanced persistent threat, the intruder gains useful information about the target in the reconnaissance stage. The intruder begins by conducting reconnaissance on the network to gain useful information about the target (security software installed, computing resources connected to the network, number of users, etc.).

 

  1. In the context of an information technology risk assessment, assets refer to hardware components only.

 

ANS: False

RATIONALE: Risk assessment is the process of assessing security-related risks to an organization’s computers and networks from both internal and external threats. In the context of an information technology risk assessment, an asset is any hardware, software, information system, network, or database that is used by the organization to achieve its business objectives.

 

  1. Firewalls are used to block access to certain Web sites.

 

ANS: True

RATIONALE: Firewalls can be established through the use of software, hardware, or a combination of both. Any Internet traffic that is not explicitly permitted into the internal network is denied entry. Similarly, most firewalls can be configured so that internal network users can be blocked from gaining access to certain Web sites based on such content as sex and violence.

 

ESSAY

 

  1. What are the steps that can be taken by organizations to safeguard people from phishing, smishing, and vishing scams?

 

ANSWER: Financial institutions, credit card companies, and other organizations whose customers are targeted by criminals through short message service or voice mail should be on the alert for phishing, smishing, and vishing scams. They must be prepared to act quickly and decisively without alarming their customers if such a scam is detected. Recommended action steps for institutions and organizations include the following:

  • Companies should educate their customers about the dangers of phishing, smishing, and vishing through letters, recorded messages for those calling into the company’s call center, and articles on the company’s Web site.
  • Call center service employees should be trained to detect customer complaints that indicate a scam is being perpetrated. They should attempt to capture key pieces of information, such as the callback number the customer was directed to use, details of the phone message or text message, and the type of information requested.
  • Customers should be notified immediately if a scam occurs. This can be done via a recorded message for customers phoning the call center, working with local media to place a news article in papers serving the area of the attack, placing a banner on the institution’s Web page, and even displaying posters in bank drive-through and lobby areas.
  • If it is determined that the calls are originating from within the United States, companies should report the scam to the Federal Bureau of Investigation.
  • Institutions can also try to notify the telecommunications carrier for the particular numbers to request that they shut down the phone numbers victims are requested to call.

 

  1. Explain the different phases of an advanced persistent threat (APT).

 

ANSWER: An advanced persistent threat (APT) attack advances through the following five phases:

  • Reconnaissance: The intruder begins by conducting reconnaissance on the network to gain useful information about the target (security software installed, computing resources connected to the network, number of users, etc.)
  • Incursion: The attacker next gains incursion to the network at a low level to avoid setting off any alarms or suspicion. Some form of spear-fishing may be employed in this phase. Once incursion to the target has been gained, the attacker establishes a back door, or a means of accessing a computer program that bypasses security mechanisms.
  • Discovery: The intruder now begins a discovery process to gather valid user credentials (especially administrative ones) and move laterally across the network, installing more back doors. These back doors enable the attacker to install bogus utilities for distributing malware that remains hidden in plain sight.
  • Capture: The attacker is now ready to access unprotected or compromised systems and capture information over a long period of time.
  • Export: Captured data is then exported back to the attacker’s home base for analysis and/or used to commit fraud and other crimes

 

  1. What are the steps involved in a general security risk assessment process?

 

ANSWER: The steps in a general security risk assessment process are as follows:

  • Step1—Identify the set of IT assets about which the organization is most concerned. Priority is typically given to those assets that support the organization’s mission and the meeting of its primary business goals.
  • Step 2—Identify the loss events or the risks or threats that could occur, such as a distributed denial-of-service attack or insider fraud.
  • Step 3—Assess the frequency of events or the likelihood of each potential threat; some threats, such as insider fraud, are more likely to occur than others.
  • Step 4—Determine the impact of each threat occurring.
  • Step 5—Determine how each threat can be mitigated so that it becomes much less likely to occur or, if it does occur, has less of an impact on the organization.
  • Step 6—Assess the feasibility of implementing the mitigation options.
  • Step 7—Perform a cost-benefit analysis to ensure that your efforts will be cost effective.
  • Step 8—Make the decision on whether or not to implement a particular countermeasure.

 

  1. What are the characteristics of a good antivirus software?

 

ANSWER: A good antivirus software checks vital system files when the system is booted up, monitors the system continuously for virus-like activity, scans disks, scans memory when a program is run, checks programs when they are downloaded, and scans email attachments before they are opened. Two of the most widely used antivirus software products are Norton AntiVirus from Symantec and Personal Firewall from McAfee.

 

  1. Explain the need for a security audit in an organization.

 

ANSWER: A security audit evaluates whether an organization has a well-considered security policy in place and if it is being followed. One result of a good audit is a list of items that needs to be addressed in order to ensure that the security policy is being met. A thorough security audit should also test system safeguards to ensure that they are operating as intended. Such tests might include trying the default system passwords that are active when software is first received from the vendor. The goal of such a test is to ensure that all such known passwords have been changed.

Reviews

There are no reviews yet.

Be the first to review “Information Technology For Managers 2nd Edition By by George Reynolds – Test Bank”

Your email address will not be published. Required fields are marked *