E-commerce Security (II) *MIDTERM CONTENT INCLUSIVE*

Question 1

Malicious code (Malware)

Answer 1

Includes a variety of threats such as viruses, worms, Trojan horses, and bots

Question 2

Exploit Kits

Answer 2

Collection of exploits bundled together and rented or sold as a commercial product. Use of a kit does not require much skill, allowing for non-fluent digital users to commit cybercrime

Question 3

Drive-by download

Answer 3

Malware that comes with a downloaded file that a user requests

Question 4

Malvertising

Answer 4

Online advertising that contains malicious code

Question 5

Virus

Answer 5

A computer program that can replicate or make copies of itself and spread to other files

Question 6

Worm

Answer 6

Malware that is designed to spread from computer to computer

Question 7

Ransomware

Answer 7

Malware that blocks or limits access to a computer or network by encrypting files and then demanding a ransom payment, typically in a cyryptocurrency such as Bitcoin, in exchange for the decryption key

Question 8

Trojan horse

Answer 8

Appears to be harmless but then does something other than expected. Often a way for viruses or other malicious code to be introduced into a computer system

Question 9

Backdoor

Answer 9

Malware feature that allows an attacker to covertly access a compromised computer or network

Question 10

Bot

Answer 10

Type of malicious code that can be covertly installed on a computer when connected to the Internet. Once installed, the bot responds to external commands sent by the attacker

Question 11

Botnet

Answer 11

A collection of captured bot computers

Question 12

Potentially Unwanted Program (PUP)

Answer 12

Program that installs itself on a computer, typically without the user’s informed consent

Question 13

Adware

Answer 13

A PUP that serves pop-up ads to your computer

Question 14

Browser parasite

Answer 14

A program that can monitor and change the settings of a user’s browser

Question 15

Cryptojacking

Answer 15

Installs a browser parasite that sucks up a computer’s processing power to mine cryptocurrency without the user’s knowledge or consent

Question 16

Spyware

Answer 16

A program used to obtain information such as a user’s keystrokes, e-mails, instant messages, and so on

Question 17

Social engineering

Answer 17

Exploitation of human fallibility and gullibility to distribute malware

Question 18

Phishing

Answer 18

Any deceptive, online attempt by a third party to obtain confidential information for financial gain

Question 19

BEC (business e-mail compromise) phishing

Answer 19

Variation of Nigerian letter scam in which an attacker poses as a high-level employee of a company and requests that another employee transfer funds to what is actually a fraudulent account

Question 20

Hacker

Answer 20

An individual who intends to gain unauthorized access to a computer system

Question 21

Cracker

Answer 21

Within the hacking community, a term typically used to denote a hacker with criminal intent

Question 22

Cybervandalism

Answer 22

Intentionally disrupting, defacing, or even destroying a site

Question 23

Hacktivism

Answer 23

Cybervandalism and data theft for political purposes

Question 24

Data breach

Answer 24

Occurs when an organization loses control over corporate information, including the personal information of customers and employees, to outsiders

Question 25

Credential stuffing

Answer 25

Brute force attack that hackers launch via
botnets and automated tools using known username and password combinations obtained from data breaches

Question 26

Identity fraud

Answer 26

Involves the unauthorized use of another person’s personal data for illegal financial benefit

Question 27

Spoofing

Answer 27

Involves attempting to hide a true identity by using someone else’s e-mail or IP address

Question 28

Pharming

Answer 28

Automatically redirecting a web link to an address
different from the intended one, with the site masquerading as the intended destination

Question 29

Spam (junk) websites

Answer 29

Also referred to as link farms; promise to offer products or services but, in fact, are just collections of advertisements

Question 30

Sniffer

Answer 30

A type of eavesdropping program that monitors the information traveling over a network

Question 31

Man-in-the-middle (MitM) attack

Answer 31

Attacker can intercept communications between two parties who believe they are directly communicating with one another, when in fact the attacker is controlling the communications

Question 32

Denial of Service (DoS) attack

Answer 32

Flooding a website with useless traffic to inundate and overwhelm the network

Question 33

Distributed Denial of Service (DDoS) attack

Answer 33

Using numerous computers to attack the target network from numerous launch points

Question 34

SQL Injection (SQLi) attack

Answer 34

Takes advantage of poorly coded web application software that fails to properly validate or filter data entered by a user on a web page

Question 35

Zero-day vulnerability

Answer 35

Software vulnerability that has been previously unreported and for which no patch yet exists

Question 36

Encryption & Cipher text

Answer 36

The process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver

Question 37

The 4 dimensions of e-commerce security encryption provides

Answer 37

Message integrity
Nonrepudiation
Authentication
Confidentiality

Question 38

Key (cipher)

Answer 38

Any method for transforming plain text to cipher text

Question 39

Substitution cipher

Answer 39

Every occurrence of a given letter is replaced systematically by another letter

Question 40

Transposition cipher

Answer 40

The ordering of the letters in each word is changed in some systematic way

Question 41

Symmetric key cryptography (secret key cryptography)

Answer 41

Both the sender and the receiver use the same key to encrypt and decrypt the message

Question 42

Data Encryption Standard (DES)

Answer 42

Developed by the National Security Agency (NSA) and IBM. Uses a 56-bit encryption key

Question 43

Advanced Encryption Standard (AES)

Answer 43

The most widely used symmetric key algorithm,
offering 128-, 192-, and 256-bit keys

Question 44

Public key cryptography

Answer 44

Two mathematically related digital keys are used: a public key and a private key. The private key is kept secret by the owner, and the public key is widely disseminated. Both keys can be used to encrypt and decrypt a message. However, once the keys are used to encrypt a message, that same key cannot be used to unencrypt the message

Ensures authentication (private key encryption proves who the sender is)

Question 45

Hash function

Answer 45

An algorithm that produces a fixed-length number called a hash or message digest

Question 46

Digital signature (e-signature)

Answer 46

“Signed” cipher text that can be sent over the Internet

Question 47

Digital certificate

Answer 47

A digital document issued by a certification authority that contains a variety of identifying information

Question 48

Certification Authority (CA)

Answer 48

A trusted third party that issues digital certificates

Question 49

Public key infrastructure (PKI)

Answer 49

CAs and digital certificate procedures that are accepted by all parties

Question 50

Secure negotiated session

Answer 50

A client-server session in which the URL of the requested document, along with the contents, contents of forms, and the cookies exchanged, are encrypted

Question 51

Session key

Answer 51

A unique symmetric encryption key chosen for a single secure session

Question 52

HTTPS

Answer 52

Secure version of the HTTP protocol that uses TLS for encryption and authentication

Question 53

Virtual Private Networks (VPN)

Answer 53

Allows remote users to securely access internal networks via the Internet, using the Point-to-Point Tunneling Protocol (PPTP)

Question 54

WPA2

Answer 54

Wireless security standard that uses the AES algorithm for encryption and CCMP, a more advanced authentication code protocol

Question 55

WPA3

Answer 55

Next-generation WPA protocol that implements more robust security

Question 56

Firewall

Answer 56

Refers to either hardware or software that filters communication packets and prevents some
packets from entering the network based on a security policy

Question 57

Proxy server (proxy)

Answer 57

Software server that handles all communications originating from or being sent to the Internet, acting as a bodyguard for the organization

Question 58

Intrusion detection system (IDS)

Answer 58

Examines network traffic, watching to see if it matches certain patterns or preconfigured rules indicative of an attack

Question 59

Intrusion prevention system (IPS)

Answer 59

Has all the functionality of an IDS, with the additional ability to take steps to prevent and block suspicious activities

Question 60

Software supply chain attack

Answer 60

Hackers target development environments to infect software that is then downloaded by end users