Final Exam - Review

Final Review
Chapter 9

1. Preventing vulnerability during the EC design and per-implementation stage is far more expensive than mitigating problems later.
A.    True
B.    False

2. Phishing is rampant because some people respond to it and make it profitable.
A.    True
B.    False

3. Access control involves authorization and authentication.
A.    True
B.    False

4. The key reasons why EC criminals cannot be stopped include each of the following except:
A.    Online shoppers do not take necessary precautions to avoid becoming a victim.
B.    Strong EC security makes online shopping inconvenient and demanding on customers.
C.    Sophisticated hackers use browsers to crack into Web sites.
D.    There is lack of cooperation from credit card issuers and foreign ISPs.

5. The assurance that an online customer or trading partner cannot falsely deny their purchase or transaction is referred to as:
A.    nonrepudiation.
B.    integrity.
C.    availability.
D.    authentication.

6. Fingerprint scanners, facial recognition systems, and voice recognition are examples of ________ that recognize a person by some physical trait.
A.    access control lists
B.    human firewalls
C.    biometric systems
D.    intrusion detection systems

7. ________ is the criminal, fraudulent process of attempting to acquire confidential information by masquerading as a trustworthy entity.
A.    Phishing
B.    Pretexting
C.    Social engineering
D.    Spamming

8.  A botnet is:
A.    a huge number of hijacked Internet computers that have been set up to forward traffic, including spam and viruses, to other computers on the Internet.
B.    a piece of code in a worm that spreads rapidly and exploits some known vulnerability.
C.    a production system that looks like it does real work, but that acts as a decoy and is watched to study how network intrusions occur.
D.    a piece of software code that inserts itself into a host or operating system to launch DOS attacks.

9. A summary of a message, converted into a string of digits after the hash has been applied, best describes:
A.    digital envelope.
B.    hash.
C.    message digest.
D.    digital signature.

10. A law that makes it a crime to send commercial e-mail messages with false or misleading message headers or misleading subject lines is:
A.    SSL.
B.    EEA.
C.    DCMA.
D.    CAN-SPAM.

11. The work atmosphere that a company sets for its employees describes:
A.    standard of due care.
B.    internal control environment.
C.    acceptable use policy.
D.    internal politics.

12. The combination of the encrypted original message and the digital signature, using the recipient's public key, best describes:
A.    digital envelope.
B.    digital signature.
C.    hash.
D.    message digest.

13. The success and security of EC is measured by:
    confidentiality, integrity, and availability.
    quality, reliability, and speed.
    encryption, functionality, and privacy.
    authentication, authorization, and nonrepudiation.

14. Each of the following is a true statement about access control except:
A.    All resources need to be considered together to identify the rights of users or categories of users.
B.    Access control lists (ACLs) define users' rights, such as what they are allowed to read, view, write, print, copy, delete, execute, modify, or move.
C.    Access control determines which persons, programs, or machines can legitimately use a network resource and which resources he, she, or it can use.
D.    After a user has been identified, the user must be authenticated.

15. Assurance that stored data has not been modified without authorization and a message that was sent is the same message that was received is referred to as:
A.    nonrepudiation.
B.    availability.
C.    authentication.
D.    integrity.

16.  The motives of hackers have shifted from the desire for fame and notoriety to advancing personal and political agendas.
A.    True
B.    False

17. Keystroke logging captures and records user keystrokes.
A.    True
B.    False

18. Cybercrimes are intentional crimes carried out on the Internet.
A.    True
B.    False

19. Social engineering is an example of an unintentional threat.
A.    True
B.    False

20. Authentication provides the means to reconstruct what specific actions have occurred and may help EC security investigators identify the person or program that performed unauthorized actions.
A.    True
B.    False

21. The process of verifying the real identity of an individual, computer, computer program, or EC Web site best describes:
A.    authentication.
B.    nonrepudiation.
C.    availability.
D.    integrity.

22. Encryption components include each of the following except:
A.    key value.
B.    encryption algorithm.
C.    ciphertext.
D.    internal control environment.

23. Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction best defines:
A.    anti-virus protection. 
B.    security audit. 
C.    incident management. 
D.    information security. 

24. The protection of information systems against unauthorized access to or modification of information that is stored, processed, or being sent over a network is referred to as: 
A.    data integrity. 
B.    human firewall. 
C.    information assurance. 
D.    information integrity. 

25. An attack on a website in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources best describes: 
A.    botnet infestation. 
B.    denial-of-service attack. 
C.    cyberhijacking. 
D.    cyberraid. 

26.  Which of the following is not an advantage of virtual private networks (VPN) for data communications?
A.    They can reduce communication costs dramatically because VPN equipment is cheaper than other remote solutions.
B.    They are less expensive than private leased lines because they use the public Internet to carry information.
C.    They ensure the confidentiality and integrity of the data transmitted over the Internet without requiring encryption.
D.    Remote users can use broadband connections rather than make long distance calls to access an organization's private network.

27. Security functions or characteristics of digital signatures include each of the following except:
A.    A digital signature is the electronic equivalent of a personal signature, which can be forged.
B.    Digital signatures ensure that the original content of an electronic message or document is unchanged.
C.    Digital signatures are portable.
D.    Digital signatures are based on public keys for authenticating the identity of the sender of a message or document.

28. A scheme for securing e-payments using public key encryption and various technical components best describes:
A.    Data Encryption Standard.
B.    public key infrastructure.
C.    message digesting.
D.    key space.

29. A method of encryption that uses a pair of matched keys, including a public key to encrypt a message and a private key to decrypt it, describes:
A.    symmetric private key encryption.
B.    public asymmetric key encryption.
C.    paired key encryption.
D.    data encryption standard.

Chapter 10

1. One problem with the Address Verification System (AVS) for fraud prevention is the number of false positives, meaning that the merchant rejects a valid order.
A.    True
B.    False

 2. In the authorization process, money is transferred from the buyer's to the merchant's account.
A.    True
B.    False

 3. The disintermediation of cash and credit cards has been successful in the online world.
A.    True
B.    False

 4. Which of the following spurred the use of debit cards by eliminating the requirement for merchants to issue receipts for debit purchases of $15 or less?
A.    U.S. Electronic Funds Transfer Act
B.    Federal Deposit Insurance Act
C.    Bank Service Company Act
D.    Bank Protection Act

 5. The type of contact card that is erasable and modifiable is:
A.    EEPROM.
B.    BIOS.
C.    EPROM.
D.    RAM.

 6. Factors influencing whether a particular e-payment method achieves critical mass include:
A.    independence.
B.    security.
C.    interoperability and portability.
D.    all of the above.

 7. A smart card containing a small gold plate on the face that when inserted in a smart card reader makes contact and passes data to and from the embedded microchip is a:
A.    contact card.
B.    proximity card.
C.    plate card.
D.    dedicated card.

8. Factors that determine whether a particular method of e-payment achieves critical mass include each of the following except:
A.    full traceability of the buyers.
B.    interoperability with other enterprise systems and applications.
C.    degree of security of the transfer.
D.    hardware and software independence.

9. A file containing customer status and customer information that is used when processing transactions to identify known problem customers is a:
A.    cancellation list.
B.    rejection list.
C.    problem child list.
D.    negative list.

 10. Costs associated with fraudulent transactions include:
A.    additional fees and penalties imposed by card associations for accepting fraudulent transactions.
B.    the revenue that is lost from rejecting orders that are valid.
C.    the cost of manually reviewing orders.
D.    all of the above.

11. The barrier to selling books online, either hardcopy or electronic, is technical and not financial.
A.    True
B.    False

12. In the online world, virtually every attempt to disintermediate cash and credit cards has failed.
A.    True
B.    False

13. The overwhelming majority of B2C purchases are paid for by smart cards.
A.    True
B.    False

14. E-payment systems that require the payer to install specialized security software have proven more likely to succeed.
A.    True
B.    False

15. The success of an e-payment method depends on its interoperability with existing enterprise systems and applications.
A.    True
B.    False

16. To succeed, special e-payment methods, such as e-cash, have to maintain anonymity.
A.    True
B.    False

17. E-payment methods that can address the lower or higher end of the price continuum are unlikely to be widely accepted because of cost and security issues.
A.    True
B.    False

18. In the settlement process, the systems must determine whether a buyer's card is active and whether the cardholder has sucient funds available for the purchase.
A.    True
B.    False

19. The processing of card payments has two major phases: identification and settlement.
A.    True
B.    False

20. Credit cards, charge cards, and debit cards are three forms of online payment cards.
A.    True
B.    False

21. Thirty-eight percent of all merchants use negative lists, which are files that include a customer's information and the status of that customer. A customer's transaction is matched against these files and flagged if the customer is a known problem.
A.    True
B.    False

22. An electronic card that contains information that can be used for payment purposes best describes:
A.    host card.
B.    pocket card.
C.    funds card.
D.    payment card

23. For a given type of payment card and processing system, the processes and participants are essentially the same for offline (card present) and online (card not present) purchases. 
A.    True
B.    False

24. In the online world, merchants are not held liable for fraudulent transactions. 
A.    True
B.    False

25. Because of their visibility and large sales volumes, larger firms are more susceptible to fraud than medium-sized firms. 
A.    True
B.    False

Chapter 11

1. A searchable database of computer hardware that meets a strict set of environmental criteria best describes:
A)   Environmental Protection Computing Resource.
B)    One Step To Green Computing.
C)    Electronic Product Environmental Assessment Tool.
D)   Information Technology Assessment Tool.

2. Productivity benefits from using EC are difficult to measure because:
A)   qualitative benefits do not count.
B)    the payoffs are too short.
C)    there is no time lag in EC gains.
D)   EC gains in certain areas of the company may be offset by losses in other areas.

3. For ________ companies, it may be even more important to change strategies quickly.
A)   retail
B)    service
C)    pure-play
D)   traditional

4.  ________ is an umbrella term for any of several arrangements that allow a vendor of content in electronic form to control the material and restrict its usage.
A)   Digital rights management
B)    Fair use
C)    Patent management
D)   Intellectual property management

5. Metrics are used to describe each of the following except:
A)   costs.
B)    standards.
C)    benefits.
D)   ratio of costs to benefits.

6. The study and practice of ecofriendly computing resources, and it is now a key concern of businesses in all industries best describes:
A)   blue computing.
B)    green computing.
C)    energy efficient computing.
D)   natural computing.

7. Worldwide purchases of EPEAT-registered products result in each of the following except:
A)   reduced use of toxic waste materials.
B)    reduced use of primary materials.
C)    reduced staffing requirements.
D)   avoiding the disposal of tons of hazardous waste.

8. Google and eBay have similar core competencies.
A)   True
B)    False

9. Blue computing is the study and practice of ecofriendly computing resources.
A)   True
B)    False

10. In the strategy implementation phase, general long-term plans are continuously evaluated.
A)   True
B)    False

11. Project management is the process of making the selected applications and projects a reality, including hiring staff; purchasing equipment; and licensing, purchasing, or writing software.
A)   True
B)    False

12. Trends that may slow EC and Web 2.0, and even cripple the Internet include:
A)   copyright complaints.
B)    security concerns.
C)    lack of net neutrality.
D)   all of the above.

13. Internet capabilities that make it more difficult for companies to capture profits include each of the following except:
A)   The Internet allows buyers and sellers to find and transact business with one another more easily.
B)    The Internet makes information widely available.
C)    The Internet reduces the difficulty of purchasing, marketing, and distribution.
D)   The Internet makes it easier to make secure payments.

14. Google's ________ is its expertise in information search technology.
A)   value proposition
B)    company analysis
C)    core competency
D)   SWOT

15. Which U.S. law mandates the use of filtering technologies in schools and libraries that receive certain types of federal funding?
A)   Computer Fraud and Abuse Act
B)    Children's Internet Protection Act
C)    Homeland Security Act
D)   Privacy Protection Act

16. Many companies use different names, colors, sizes, and packaging for their overseas products and services. This practice is referred to as:
A)   geo-focus.
B)    world trade.
C)    specialization.
D)   localization.

17. The threat of substitute products or services is a major force that can endanger a company's position in a given industry.
A)   True
B)    False

18. Ethics is the branch of philosophy that deals with what is considered to be right and wrong.
A)   True
B)    False

19. Forecasting means identifying business, technological, political, economic, and other relevant trends that are currently affecting the business or that have the potential to do so in the future.
A)   True
B)    False

20. An agreement that requires computer users to take specific steps to allow the collection of personal information is called:
A)   opt-in.
B)    user acceptance agreement.
C)    informed consent.
D)   opt-out.

21. The legal term for the use of the work without permission or contracting for payment of a royalty is
A)   theft of digital rights.
B)    infringement.
C)    copyright violation.
D)   theft of intellectual property.

22. In law, fair use refers to the use of copyrighted material for ________ purposes.
A)   educational
B)    entertainment
C)    commercial
D)   noncommercial

23. Intangible metrics in the model for IT project justification include each of the following except:
A)   services to society.
B)    growth enabler.
C)    lead-time.
D)   competitive advantage.

24. Traditional methods for evaluating EC investments include all of the following EXCEPT:
A)   ROI
B)    Break-even or payback period
C)    Discount rate
D)   NPV

25. Justifying an EC investment by comparing the costs of each project against its benefits is known as a cost-benefit analysis.
A)   True
B)    False

Chapter 12

1. Web site usability means that people who use the Web site can do so quickly and easily to accomplish their tasks and may also consider such factors as cost-effectiveness and usefulness.
A)   True
B)    False

2. Unlike the brick-and-mortar marketplace, the failure rate for online companies is low.
A)   True
B)    False

3.  Business process management systems monitor the execution of the business processes so that managers can analyze and change processes in response to data, rather than on just a hunch.
A)   True
B)    False

4. Insuring:
A)   connects people, data, and diverse systems.
B)    is the in-house development of applications.
C)    is a method of transferring the management and/or day-to-day execution of an entire business function to a third-party service provider.
D)   is a class of systems that integrates large systems.

5. Basic options for developing an EC Web site include each of the following except:
A)   lease the application.
B)    develop the site in-house.
C)    buy a packaged application.
D)   clone a competitor's Web site.

6. In organizational transformation:
A)   the change may affect only one or a few of the functional areas of the business.
B)    there is always a sharp break with the past and every aspect of the business will probably change.
C)    there are incremental changes to the ways things have always been done.
D)   there is a change in outlook, but rarely a change in procedures or investment in infrastructure.

7. Factors determining usability include:
A)   efficiency of use.
B)    memorability.
C)    ease of learning.
D)   all of the above.

8. Reprise Electronics, a conglomerate that manufactures and sells all kinds of electronic goods under several brand names, currently has separate Web sites for each of its brands. The company decides to bring all of the Web sites together through a single site that, in addition to providing links to the brand pages, will also provide general information about how to select electronic merchandise and informational pages about the Reprise Company today and its management team. This is an example of adding:
A)   a reverse auction.
B)    a portal.
C)    e-procurement.
D)   a Webstore.

9. Secondary content that offers a coupon, rebate, or special service is called:
A)   cross-selling.
B)    comment.
C)    promotion.
D)   up-selling.

10. The primary reason for writing a business plan is to:
A)   provide an operational framework for the business.
B)    provide strategic direction to employees.
C)    acquire external funding.
D)   help the founders remember what they are trying to accomplish.

11.  Syndicated content is Web content that matches the needs and expectations of the individual visitor.
A)   True
B)    False

12. Content creation and management for a large EC site can be slow and expensive.
A)   True
B)    False

13. A plan for organizing the underlying infrastructure and applications of a site best describes:
A)   IT architecture.
B)    IT infrastructure.
C)    business plan.
D)   EC architecture.

14. The process of selecting a software vendor and EC package includes each of the following except:
A)   establish a service-level agreement.
B)    determine the evaluation criteria.
C)    close vendor contract.
D)   evaluate vendors and packages.

15.  Outsourcing options for creating and operating EC applications include:
A)   software houses, such as IBM.
B)    telecommunications companies, such as MCI.
C)    outsourcers, such as EDS.
D)   all of the above.

16.   ________ is the name-based address that identifies an Internet-connected server.
A)   URL name
B)    Host name
C)    Domain name
D)   IP address

17.  When creating a new business, the first step is to:
A)   acquire financing needed to make the business successful.
B)    investigate all existing opportunities.
C)    identify a consumer or business need that is not presently being met.
D)   write a business case or plan.

18.  ________ is money invested in a business by an individual, a group of individuals, or a funding company in exchange for equity in the business.
A)   Advancement
B)    Venture capital
C)    Operating capital
D)   Start-up funding

19. The first step in creating a new company or adding an online project is to identify a consumer or business need in the marketplace.
A)   True
B)    False

20. Chaplin's Pet Store has been in business for many years. Chaplin, the present owner, decides to open an online sales channel where he can advertise and sell the same gourmet pet food. This is an example of adding:
A)   a portal.
B)    a Webstore.
C)    e-procurement.
D)   a reverse auction.

21. Which of the following is true regarding a second round of financing?
A)   The angel investor will pay the highest price per share.
B)    The venture capitalist will pay the highest price per share.
C)    The entrepreneur will pay the highest price per share.
D)   IPO investors will pay the highest price per share.

22. A major entertainment company has four studios that have been in the same location for more than ten years. The company includes a page on its Web site with addresses, phone numbers, and general e-mail addresses for each of these studios. None of this information has changed since the Web site was developed. This is an example of ________ content.
A)   dynamic
B)    functional
C)    static
D)   organizational

23. Disadvantages for using the off-the-shelf approach as an EC development strategy include:
A)   Software may not exactly meet the company's needs.
B)    Limited off-the-shelf software packages are available.
C)    The company must hire programmers specifically dedicated to an EC project.
D)   The vendor rarely updates the software.

24. Reviews, testimonials, expert advice, or further explanation about the product are called:
A)   up selling.
B)    comment.
C)    cross-selling.
D)   promotion.

25. A _________________ is a wealthy individual who contributes personal funds and possibly expertise at the earliest stage of business development.
A)   entrepreneur
B)    venture capitalist
C)    angel
D)   incubator

26. A______________ is a company, university, or nonprofit organization that supports promising businesses in their initial stages of development.
A)   entrepreneur
B)    venture capitalist
C)    angel
D)   incubator

27. The difference between a business plan and a business case is:
A)   all new businesses should have a business plan, but only existing businesses planning a major EC or IT initiative should develop a business case.
B)    business cases are brief and general, while business plans are long and detailed.
C)    a business case is a part of every business plan.
D)   all businesses need a business case, but only new businesses need a business plan.

28. The key difference between an e-business plan and a traditional business plan is that the entrepreneur must:
A)   understand all aspects of the technology required to implement the plan.
B)    understand that the Internet is a unique sales channel.
C)    understand that traditional rules do not apply when doing business on the Internet.
D)   develop a ten-year plan.

29. The greatest difficulty in dealing with venture capital is:
A)   finding the money a venture capitalist will require.
B)    the loss of control a venture capitalist demands.
C)    relocating the business to an incubator.
D)   finding a willing venture capitalist.

30. A__________________ Web site does little more than provide information about the business and its products.
A)   informational
B)    interactive
C)    transactional
D)   dynamic