Revision

Question 1

Front end

Answer 1

diretly interact with user, have some control
presentation layer, prioritise user experience
Client side, same across different platforms
Integrate with back end (sending/receiving data)

eg. shopping cart interface on e-commerce website

Question 2

Back end

Answer 2

does not directly interact with user, behind the scenes/ logic layer

Include hardware and software, accounting budgeting, manufacturing, marketing, inventory management, order tracking and distribution

Server
* process front end request and respond

Database
* store, retrieve, manage data

Serverside logic
* buisness logic on how data should be processed and actions to perform

API (Application Programming Interface)
* allow front end to communicate with it
* handle request and respond

Programming Languages
* Python, Java, JavaScript

Middlewear
* bridge between front and back end
* data exchange, authentication, integration

Security
* Encrypt, validate, authentication and authorization

Question 3

Blockchain

Answer 3

digital records of transaction
records called blocks link together in a single list called chain
cryptographic hash links blocks, hence permanently records and hard to alter
each transaction validated by multiple computers

Peer to peer network, with no central authority.
Files shared directly without a central server
Only require internet and P2P Software= easy

record transaction made with cryptocurrencies
protect intellectual property, digital signature etc

Question 4

Type of Block chain

Answer 4

Public
* Open to anyone
* fully decentralised
* Secure but slow
* Example: BTC

Private
* Restricted to specific participants
* decentralised to organisation
* Higher Speed
* Example: SCM

Consortium
* Industries that need collaboration
* Decentralised to multiple organisation
* Balanced decentralisation and speed

Hybrid
* Combined Public and Private
* Adjustable decentralisation and speed

Question 5

Da

Data Mining

Answer 5

use mathemetical techniques to look for patterns or relationships in data
aid in decision making
Market Basket Analysis: those who bought that also bought this

Question 6

Customer Relationship Management

Answer 6

help e-business manage customer base
match customer needs with products (personalisation
own inhouse personalization software or customised off the shelf software to meet information needs rather than just based on purchasing history
Operational CRM: Direct Customer interations
Analytical CRM; uses Operational CRM data to identify trends

Question 7

Supply Chain Management

Answer 7

Supply Chain Planning (SCP)
* Predict inventory levels based on resources

Supply Chain Execution (SCE)
* automate different actions in the supply chain

Question 8

Encryption

Answer 8

translaltion of data into a cipher text, where it is decrypted into plain text at the destination
require public key to encrypt, private key to decrypt

Public Key asymmetric and uses very large prime numbers
session keys are shorter

Question 9

Data/Fund Transfer Safely

Answer 9

Encryption, Authentication, validation, blockchain, tunneling, SSL, vpn etc

Question 10

Physical Risks

Answer 10

Network Equipment and Physical Location
* Equipment and rooms always locked, location annonymous
* Fire suppression systems, train employees
* Substantial construction and design of facilities

Electrical Power Backup
* Two level: Batteries, Power Generators

Internet Connectivity Redundancy
* To have more than 1 connection to the internet
* complete data-centre redundancy to continue operation from different location

Outsourcing risks
* Web hosting services
* fee for service arrangement for power, connectivity, security

Question 11

Internal Security Risks

Answer 11

Unhappy employees, poor secuirty awarenes and planning

Passwords
Biometrics
Smart Card (embedded memory chip with user ID for authentication of remote user)
Backup and Restore Policies
Disaster Recovery Planning

Question 12

External Security

Answer 12

Bypass network defences
Hackers
Viruses
Website Defacement
DDOS
Counter by
Firewalls (packet fiiltering, circuit level, application level)

Question 13

Transactional Security

Answer 13

Authentication
Integrity
Non repudiation (authencity of signature)
Confidentiaty

Security Protocols
Encryption
Public Keys
VPN
Tunneling
WAP
WTLS
WLANs
Security audit
penetrative testing

Question 14

Security Protocols

Answer 14

Secure Socket Layer (SSL) uses public key encryption and digital certificates
Transport Layer Security (TLS) assure no third party access to internet communications
Seure Electronic Transactions (SET) used for presenting credit card transaction on the internet

Question 15

VPN

Answer 15

private networks that use internet to transmit data
firewalls, public key encryption, digital certificates

Question 16

Tunneling

Answer 16

encapsulate one protocol witin another protocol

Question 17

WAP

Answer 17

Wireless Application Protocol
wap server send digital certificate & public key, client generates encrypted session key

Question 18

WTLS

Answer 18

Wireless Transport Layer Security
encryption and digital certificates

Question 19

WLANs

Answer 19

most vulnerable as hackers require few resoures

Question 20

Security audit

Answer 20

review policy, employee training and physical security

Question 21

penetrative testing

Answer 21

insurance, NDA, Scanning tools, Scope, Documentation

Question 22

Hackers

Answer 22

• intruders that deliberately gain unauthorized access
• most common=send confusing data
• Crashing a program= take control of computers
• Buffer overlow cause crashes
• White hat: good hackers
• Black hat: steal valuable information, disrupt service or damage

Question 23

Malware

Answer 23

· A short for “malicious software,” refers to any software designed to harm, exploit, or compromise the integrity of computers, networks, or devices.
· It is also used to steal data or inflict damage to computer or software systems.
· This includes viruses, worms, Trojan horses, and ransomware.

Question 24

Standard virus

Answer 24

• small destructive programs inserted to other files
• erase files/hardrives, prevent from booting, saving, printing and send repetitive e-mail messages
• spread via email, attachments or when infected program executes
• Melissa 1999

Question 25

Macro Virus

Answer 25

* Infect Macro (word/excel/removable drives)

Question 26

Trojan Horses

Answer 26

* Maliciouse disguised as fun or useful * Steal passwords, plant destructive programs * Zeus 2007

Question 27

Ransomware

Answer 27

· Encrypts a victim's files or locks them out of their system. · A demand of a ransom from the hacker to the victim to restore access to the data or system. · Can lead to financial and data loss if the ransom is not paid and backups are not available.

Question 28

AI Hallucination

Answer 28

AI model generates outputs that are factually incorrect while presenting them with high confidence as if they were true when user upload malware package into AI, and is social engineered to be used as part of training data-> when other users use a similar prompt, AI suggested that malware package as an answer, where innocent users would download such malware

Question 29

Deepfake

Answer 29

face or body has been digitally altered so that they appear to be someone else, typically used maliciously or to spread false information

Question 30

Denial of Service (DOS)

Answer 30

disable network using flood of useless traffic (Pings, email) DDOSS -> multiple computers to attack network

Question 31

Payment Cards

Answer 31

Credit Cards (present spending limit based on credit limit) Debit Cards (removes charge from cardholder account to seller bank) Charge Cards (no preset spending limit)

Question 32

Adv & Disadv Payment Cards

Answer 32

Adv **fraud protection** worldwide acceptance online transaction Disadv per transaction fee and monthly processing fee

Question 33

Electronic Cash

Answer 33

**companies attempt** for a value storage and exchange system Concerns Privacy, Security, Independence, Portability, Convenience Characteristics Spend only once, Annonymous, Convenience Online: online bank involved in all transfers Offiline: virtual wallet

Question 34

Adv & disadv of Electronic Cash

Answer 34

Adv * more efficient * less costly (distance and hardware no cost) * no party require special authorization Disadv * No audit trail * forgery * "flop"

Question 35

Providing Security for Electronic Cash

Answer 35

Threat of **prosecution** **two part lock for annonymous security** that signals when someone is **double spending** attach a serial number for each transaction for tracing

Question 36

Electronic Wallets

Answer 36

Works like a **charge card** Holds credit card, electronic cash, owner identification & contact can be server side or client side

Question 37

Stored Value Cards

Answer 37

Cash Card, Ezlink card, Flash Card elaborate smart card or simple plastic card with magnetic strip

Question 38

Smart Card

Answer 38

Ploastic card with embeded microcheap containing user information 100 times more info than magnetic strip

Question 39

Using E-cash

Answer 39

1. Customer select e-cash as payment method 2. confirm payment using stored balance or bank account 3. E-commnerce platform send transaction detail to payment gateway 4. gateway connects with e-cash provider 5. provider verifiy balance and ensure valid payment 6. Fraud checks and security validation performed 7. If approved, e-cash deduct fund from account and transferred to vendor account 8. venor receive payment, confirm receipt, and process order 9. Customer gets payment notfication