This Document Contains Chapters 9 to 10 Chapter 09: Electronic Commerce Software 1. In the context of doing business online, midsize and smaller companies religiously use self-hosting services. a. True b. False Answer: False 2. With dedicated hosting, the client shares the server with other clients of the service provider. a. True b. False Answer: False 3. Electronic commerce sites vary greatly in terms of size, purpose, audience, and other factors. a. True b. False Answer: True 4. In a co-location service, the client installs its own software and maintains the server. a. True b. False Answer: True 5. The key functions of a basic electronic commerce Web site are catalog display, shopping cart capabilities, and transaction processing. a. True b. False Answer: True 6. Web stores never use the same department names as their physical counterparts. a. True b. False Answer: False 7. As in a physical store, merchandise in an online store can be grouped within logical departments to make locating an item simpler. a. True b. False Answer: True 8. Large sites with many products can provide a search engine that allows customers to enter descriptive search terms so that they can quickly find the Web page containing what they want to purchase. a. True b. False Answer: True 9. Shopping cart software at some Web sites allows the customer to fill a shopping cart with purchases, put the cart in virtual storage, and come back days later to confirm and pay for the purchases. a. True b. False Answer: True 10. MySQL, which is maintained by a community of programmers on the Web, is closed-source software. a. True b. False Answer: False 11. The entire cost of a middleware implementation is the cost of the software itself. a. True b. False Answer: False 12. Page-based application systems are easily revised and updated. a. True b. False Answer: False 13. Yahoo! offers its commerce services, which include site design, an online payment function, order processing and shipping, and marketing programs, which are described on its Yahoo! Small Business Ecommerce Web page. a. True b. False Answer: True 14. Mall-style commerce service providers charge a high monthly fee. a. True b. False Answer: False 15. Midrange software traditionally does not offer connectivity to database systems that store inventory information. a. True b. False Answer: False 16. Commerce sites with minimal needs can use externally hosted stores that provide software tools to build an online store on a host’s site. a. True b. False Answer: True 17. Commerce service providers (CSPs) offer free or low-cost electronic commerce software for building online business sites hosted on the CSP’s server. a. True b. False Answer: True 18. IBM WebSphere software components include catalog management tools for both B2B and B2C operations. a. True b. False Answer: True 19. A small commerce site can have a very simple static catalog. a. True b. False Answer: True 20. The term "enterprise" is used in information systems to describe a system that serves multiple locations or divisions of one company and encompasses all areas of the business or enterprise. a. True b. False Answer: True 21. IBM and Oracle provide content management software as components in other enterprise software packages. a. True b. False Answer: True 22. Knowledge management software helps companies preserve the knowledge gained through the use of information so that future users can benefit from the learning of current users. a. True b. False Answer: True 23. Supply chain management planning software helps companies develop coordinated demand forecasts using information from each participant in the supply chain. a. True b. False Answer: True 24. Supply chain management software performs two general types of functions: planning and execution. a. True b. False Answer: True 25. All companies create their own customer relations management software using outside consultants and their own IT staffs. a. True b. False Answer: False 26. _________ often offer Web server management and rent application software to businesses. a. Middleware vendors b. Enterprise resource planning vendors c. Database providers d. Commerce service providers Answer: d 27. Commerce service providers are also called _________ service providers. a. hosting b. managed c. incubating d. liaisoning Answer: b 28. A _________ is a listing of goods and services. a. tier b. bug c. catalog d. code Answer: c 29. In the early days of electronic commerce, shoppers selected items they wanted to purchase by filling out online forms which required a shopper to _________. a. manually enter product descriptions b. place items into a shopping cart c. enter into a video chat with the vendor d. e-mail credit card information Answer: a 30. In a shopping cart, clicking the checkout button usually displays a screen that asks for _________ and shipping information. a. stocking b. ordering c. billing d. sourcing Answer: c 31. HTTP messaging is a(n) _________ system which does not retain information from one transmission or session to another, thus shopping cart software must store information about specific shoppers and their purchases. a. stateless b. blocked c. unverifiable d. unidentifiable Answer: a 32. One way the shopping cart software stores information about specific shoppers and their purchases is by creating _________. a. Web logs b. cookies c. IP addresses d. filters Answer: b 33. _________ occurs when the shopper proceeds to the virtual checkout counter by clicking a checkout button. a. Debugging b. Catalog display c. Transcription d. Transaction processing Answer: d 34. Large information systems that store the same data in many different physical locations are commonly called _________ information systems. a. centralized b. distributed c. stack-based d. server-centric Answer: b 35. Application servers are usually grouped into two types: page-based and _________ systems. a. server-based b. component-based c. script-based d. group-based Answer: b 36. A program transferring information from order entry systems in several different divisions to a single accounts receivable is an example of _________. a. application integration b. data mining c. co-location d. interoperability Answer: a 37. A _________ application system separates the presentation logic from the business logic. a. page-based b. JSP-based c. component-based d. PHP-based Answer: c 38. _________ software packages are business systems that integrate all facets of a business, including accounting, logistics, manufacturing, marketing, planning, project management, and treasury functions. a. Enterprise resource planning b. Supply chain management c. Data services d. Customer relationship management Answer: a 39. In the context of electronic commerce, ERP is the acronym for _________. a. electronic record processing b. enterprise resource planning c. enterprise record provider d. electronic resource provider Answer: b 40. The W3C defines _________ as software systems that support interoperable machine-to-machine interaction over a network. a. offline transactions b. Web services c. credit transactions d. programming languages Answer: b 41. _________ is a message-passing protocol that defines how to send marked-up data from one software application to another across a network. a. File Transfer Protocol b. Encryption Protocol c. Hypertext Transfer Protocol d. Simple Object Access Protocol Answer: d 42. _________ is used to describe the characteristics of the logic units that make up specific Web services. a. Web Services Description Language b. Universal Description, Discovery, and Integration Specification c. Representational State Transfer d. Simple Object Access Protocol Answer: a 43. _________ provide small businesses with a basic Web site, online store design tools, storefront templates, and an easy-to-use interface. a. Mall-style CSPs b. Basic CSPs c. Suppliers of enterprise-class products d. Suppliers of Web development tools Answer: a 44. _________ helps companies control the large amounts of text, graphics, and media files that have become crucial to doing business. a. Content management software b. Supply chain management software c. Operations management software d. Inventory tracking software Answer: a 45. A _________ stores the information about items in a database, usually on a separate computer that is accessible to the server that is running the Web site itself. a. shopping cart software b. transaction processing software c. dynamic catalog d. middleware Answer: c 46. WebSphere Commerce Professional, a family of electronic commerce packages, is produced by _________. a. Microsoft b. Intel c. Oracle d. IBM Answer: d 47. Enterprise-class electronic commerce software: a. provides tools for supporting purchase activities. b. is restricted to small online businesses. c. requires a single computer to operate. d. runs devoid of a Web server system. Answer: a 48. _________ software typically provides tools for linking to and supporting supply activities. a. Enterprise-class b. Content management c. Web hosting d. Knowledge management Answer: a 49. _________ is an example of an enterprise-class electronic software. a. Microsoft COM b. Sales Cart c. Oracle E-Business Suite d. Common Object Request Broker Architecture Answer: c 50. Which of the following statements is true of knowledge management software? a. It helps an organization put away outdated information. b. It enhances the ability of users to collaborate among themselves. c. It does not include tools that read electronic documents. d. It does not provide users with a search functionality. Answer: b 51. _________ provide Internet access to companies and individuals. Answer: Internet service providers ISPs Internet service providers (ISPs) 52. The approach in which companies use their own servers and server software to do business online is known as _________. Answer: self-hosting 53. _________ hosting means that the client’s Web site is on a server that hosts other Web sites simultaneously and is operated by the service provider at its location. Answer: Shared 54. A(n) _________ is a software that makes it easy for users to enter, edit, update, and retrieve information in the database. Answer: database manager database management software 55. The databases within the distributed information systems are known as _________. Answer: distributed database systems 56. The best hosting services provide Web server hardware and software combinations that are _________, which means they can be adapted to meet changing requirements when their clients grow. Answer: scalable 57. A(n) _________ is a simple list written in Hyper Text Markup Language, HTML, that appears on a Web page or a series of Web pages. Answer: static catalog 58. A(n) _________ is a computer that takes the request messages received by the Web server and runs application programs that perform some kind of action based on the contents of the request messages. Answer: application server 59. A(n) _________ is a collection of information that is stored on a computer in a highly structured way. Answer: database 60. The rules a business establishes about its database structure, which are carefully thought out and take into account how the company does business are known as its _________. Answer: business rules 61. Making a company’s information systems work together is called _________. Answer: interoperability 62. The rules used in business based on which the actions that the application server software performs are determined are known as _________. Answer: business logic 63. _________ application systems return pages generated by scripts that include the rules for presenting data on the Web page with the business logic. Answer: Page-based 64. Oracle and SAP are two major _________ vendors. Answer: enterprise resource planning ERP enterprise resource planning (ERP) 65. A general name for the ways programs interconnect with each other is _________. Answer: application program interface (API) application program interface API 66. _________ uses simpler structures than SOAP protocols, often including an XML- or XHTML-tagged data set to implement Web services. Answer: Representational State Transfer (REST) Representational State Transfer REST RESTful application RESTful design 67. The design used by Web services that are built on the Representational State Transfer model is known as _________. Answer: RESTful design 68. In the context of Web Services Specifications, the _________ works as a sort of address book to identify the locations of Web services and their associated Web Services Description Language descriptions. Answer: Universal Description, Discovery, and Integration Specification (UDDI) UDDI Universal Description, Discovery, and Integration Specification 69. A principle called _________ describes the way the Web uses networking architecture to identify and locate Web pages and the elements that make up those Web pages. Answer: Representational State Transfer (REST) Representational State Transfer REST 70. Atom Publishing Protocol, which simplifies blog publishing, is a(n) _________ application. Answer: RESTful Web service 71. _________ is an open-source database product developed and maintained by a community of programmers on the Web. Answer: MySQL 72. The common format of the programs written for machine-to-machine communication using Web services was originally _________. Answer: HTML Hypertext Markup Language (HTML) Hypertext Markup Language 73. The _________ function of supply chain management software helps with tasks such as warehouse and transportation management. Answer: execution 74. The ways programs interconnect with each other over the Web are called as _________. Answer: Web APIs Web application program interfaces Web application program interfaces (APIs) 75. The practice of replacing a company’s investment in computing equipment by selling Internet-based access to its own computing hardware and software is called _________. Answer: cloud computing 76. What is the difference between shared hosting and dedicated hosting? Answer: Shared hosting means that the client’s Web site is on a server that hosts other Web sites simultaneously and is operated by the service provider at its location. With dedicated hosting, the service provider makes a Web server available to the client, but the client does not share the server with other clients of the service provider. 77. List at least five software components that large and complex electronic commerce sites can include in addition to a catalog display, shopping cart capabilities, and transaction processing. Answer: Larger and more complex electronic commerce sites use software that adds other features and capabilities to the basic set of commerce tools. These additional software components can include: • Middleware that integrates the electronic commerce system with existing company information systems that handle inventory control, order processing, and accounting • Enterprise application integration • Web services • Integration with enterprise resource planning (ERP) software • Supply chain management (SCM) software • Customer relationship management (CRM) software • Content management software • Knowledge management software 78. What is the difference between a static catalog and a dynamic catalog? Answer: A static catalog is a simple list written in HTML that appears on a Web page or a series of Web pages. To add an item, delete an item, or change an item’s listing, the company must edit the HTML of one or more pages. A dynamic catalog stores the information about items in a database, usually on a separate computer that is accessible to the server that is running the Web site itself. A dynamic catalog can feature multiple photos of each item, detailed descriptions, and a search tool that allows customers to search for an item and determine its availability. 79. What are the benefits of using a mall-style commerce service provider or a mall-style CSP ? What are the costs associated with them? Answer: Mall-style CSPs provide small businesses with a basic Web site, online store design tools, storefront templates, and an easy-to-use interface. These service providers charge a low monthly fee and may also charge one-time setup fees (similar to basic CSPs), however, others also charge a percentage of or fixed amount for each customer transaction. Mall-style CSPs provide shopping cart software or the ability to use another vendor’s shopping cart software. They also provide payment-processing services so the online store can accept credit cards. 80. What is the purpose of supply chain management software? Answer: Supply chain management (SCM) software helps companies to coordinate planning and operations with their partners in the industry supply chains of which they are members. SCM software performs two general types of functions: planning and execution. Most companies that sell SCM software offer products that include both components, but the functions are quite different. SCM planning software helps companies develop coordinated demand forecasts using information from each participant in the supply chain. SCM execution software helps with tasks such as warehouse and transportation management. Chapter 10: Electronic Commerce Security 1. Threats that are unlikely to occur can be ignored when the cost to protect against the threat exceeds the value of the protected asset. a. True b. False Answer: True 2. In the context of the elements of computer security, necessity refers to preventing data delays or denials. a. True b. False Answer: True 3. Networks outside a firewall are referred to as trusted networks. a. True b. False Answer: False 4. The most complete way for Web site visitors to protect themselves from revealing private information or being tracked by cookies is to disable cookies entirely. a. True b. False Answer: True 5. Active content elements are programs that run on the server. a. True b. False Answer: False 6. Active content can pose a threat to the security of client devices. a. True b. False Answer: True 7. People who write programs or manipulate technologies to obtain unauthorized access to computers and networks are called crackers. a. True b. False Answer: True 8. Active content is launched in a Web browser automatically prior to the browser loading the Web page containing active content. a. True b. False Answer: False 9. Applets typically run within the Web browser and are most often written in the Java programming language. a. True b. False Answer: True 10. Java applets operating in a sandbox can perform file input, output, or delete operations. a. True b. False Answer: False 11. Active content can be delivered as an e-mail attachment. a. True b. False Answer: True 12. A Trojan horse erasing or altering information in a client computer is said to be a secrecy violation. a. True b. False Answer: False 13. Persistent cookies refer to the category of cookies which exist until the Web client ends the connection. a. True b. False Answer: False 14. Worms can spread quickly through the Internet. a. True b. False Answer: True 15. Signed code or messages serve the same function as a photo on a driver’s license or passport. a. True b. False Answer: True 16. A digital certificate contains a means to send an encrypted message to the entity that sent the original Web page or e-mail message. a. True b. False Answer: True 17. Message packets on the Internet travel a planned path from a source node to a destination node. a. True b. False Answer: False 18. Any message traveling on the Internet is subject to secrecy, integrity, and necessity threats. a. True b. False Answer: True 19. One significant threat to electronic commerce is theft of sensitive or personal information. a. True b. False Answer: True 20. The path taken by a message packet from a source node to a destination node can be controlled by Internet users. a. True b. False Answer: False 21. Backdoor is a program that protects information from unauthorized access. a. True b. False Answer: False 22. The Computer Emergency Response Team (CERT) is the most prominent organization that promotes computer security. a. True b. False Answer: True 23. One disadvantage of private-key systems is that encryption and decryption are significantly slower than public-key systems. a. True b. False Answer: False 24. In the context of encryption, shorter keys usually provide significantly better protection than longer keys. a. True b. False Answer: False 25. A Web browser that has entered into a Secure Socket Layer session indicates that it is in an encrypted session. a. True b. False Answer: True 26. _________ is the protection of computer assets from unauthorized access, use, alteration, or destruction. a. Computer security b. Computer risk c. Spamming d. Phishing Answer: a 27. Any act or object that poses a danger to computer assets is known as a _________. a. countermeasure b. bug c. threat d. code Answer: c 28. In the context of computer security, the protection of assets using nonphysical means is called _________. a. eavesdropping b. logical security c. tangible security d. phishing Answer: b 29. A(n) _________ is a person or device that is able to listen in on and copy Internet transmissions. a. eavesdropper b. white hat hacker c. black hat hacker d. cracker Answer: a 30. _________ are computer sleuths who are hired to probe PCs and locate information that can be used in legal proceedings. a. War drivers b. Computer forensics experts c. Crackers d. Hackers Answer: b 31. _________ refers to protecting against unauthorized data disclosure and ensuring the authenticity of the data source. a. Necessity b. Secrecy c. Integrity d. Encryption Answer: b 32. _________ refers to preventing unauthorized data modification. a. Integrity b. Secrecy c. Necessity d. Completeness Answer: a 33. A _________ is a written statement describing which assets to protect and why they are being protected, who is responsible for that protection, and which behaviors are acceptable and which are not. a. plain text b. cypher text c. security policy d. digital signature Answer: c 34. The purpose of a _________ is to provide a way for a third-party Web site to place cookies from that third-party site on a visitor’s computer. a. personal firewall b. digital certificate c. Web bug d. gateway server Answer: c 35. JavaScript and VBScript are _________, which provide commands that are executed on the client. a. plug-ins b. scripting languages c. Web bugs d. session cookies Answer: b 36. A(n) _________ is a small application program that typically runs within a Web browser. a. applet b. buffer c. white hat hacker d. black hat hacker Answer: a 37. A _________ is a program hidden inside another program or Web page that masks its true purpose. a. remote wipe b. Trojan horse c. digital certificate d. war driver Answer: b 38. In the context of categorizing cookies in terms of their time duration, _________ are cookies which exist until the Web client ends the connection. a. first-party cookies b. persistent cookies c. third-party cookies d. session cookies Answer: d 39. A(n) _________ is an object that contains programs and properties that Web designers place on Web pages to perform particular tasks. a. persistent cookie b. dead link c. ActiveX control d. session cookie Answer: c 40. ActiveX controls run only on computers with _________ operating systems. a. Windows b. Linux c. UNIX d. Mac Answer: a 41. A(n) _________ is a software that attaches itself to another program and can cause damage when the host program is activated. a. applet b. browser plug-in c. virus d. message digest Answer: c 42. The term _________ describes the process of hiding information within another piece of information. a. wiretapping b. steganography c. authentication d. decryption Answer: b 43. _________ is the protection of individual rights to nondisclosure. a. Secrecy b. Privacy c. Necessity d. Sensitivity Answer: b 44. Software applications called _________ provide the means to record information that passes through a computer or router that is handling Internet traffic. a. remote wipes b. digital certificates c. sniffer programs d. plug-ins Answer: c 45. A _________ is an element of a program that allows users to run the program without going through the normal authentication procedure for access to the program. a. rogue app b. backdoor c. worm d. remote wipe Answer: b 46. _________ is the electronic defacing of an existing Web site’s page. a. Spamming b. Masquerading c. Phishing d. Cyber vandalism Answer: d 47. _________ is pretending to be someone you are not or representing a Web site as an original when it is really a fake. a. Hash coding b. Spoofing c. Warchalking d. Cyber vandalism Answer: b 48. _________ encodes a message with an algorithm that uses a single numeric key to encode and decode data. a. Hash coding b. Symmetric encryption c. Public-key encryption d. Decrypting Answer: b 49. A _________ is a number that summarizes an encrypted information. a. digital certificate b. hash function c. message digest d. hash algorithm Answer: c 50. A _________ is an area of memory set aside to hold data read from a file or database. a. firewall b. cookie c. buffer d. worm Answer: c 51. A(n) _________ is a procedure that recognizes, reduces, or eliminates a threat. Answer: countermeasure 52. A(n) _________ occurs when an Internet e-mail message is intercepted and its contents are changed before it is forwarded to its original destination. Answer: integrity violation 53. The purpose of a(n) _________ is to disrupt normal computer processing, or deny processing entirely. Answer: necessity threat delay attack denial attack denial-of-service (DOS) attack denial of service DOS attack denial-of-service 54. In the context of elements of a security policy, _________ refers to the secure identification of clients and servers with digital signatures and certificates. Answer: authentication 55. Cookies placed on a client computer by a Web server site are called _________. Answer: first-party cookies 56. Cookies are categorized as session or persistent based on _________. Answer: time duration 57. First-party cookies and third-party cookies represent classification of cookies by their _________. Answer: source 58. A(n) _________ cookie originates from a Web site other than the site being visited. Answer: third-party 59. When a Trojan horse has taken over a large number of computers, the person who planted the virus can take control of all the computers and form a(n) _________. Answer: botnet 60. Most browsers allow users to limit the actions taken by Java applets and scripting languages by running them in a(n) _________, which is a functional subset of the full browser. Answer: sandbox 61. A(n) _________ is a Trojan horse that secretly takes over another computer for the purpose of launching attacks on other computers. Answer: zombie 62. A(n) _________ is a type of virus that replicates itself on the computers that it infects. Answer: worm 63. Browser _________ are programs that enhance the capabilities of browsers, handle Web content that a browser cannot handle. Answer: plug-ins plug ins plugins 64. A(n) _________ is an attachment to an e-mail message or program embedded in a Web page that verifies that the sender or Web site is who it claims to be. Answer: digital certificate digital ID 65. A(n) _________ is usually a long binary number that is used with the encryption algorithm to “lock” the characters of the message being protected so that they are undecipherable without the number. Answer: key 66. A(n) _________ security device is one that uses an element of a person’s biological makeup to perform identification. Answer: biometric 67. Apps that contain malware or that collect information from a mobile device and forward it to perpetrators are called _________. Answer: rogue apps 68. An integrity threat, also known as _________, exists when an unauthorized party can alter a message stream of information. Answer: active wiretapping 69. _________ are the computers on the Internet that maintain directories that link domain names to IP addresses. Answer: Domain name servers DNSs Domain name servers (DNSs) DNSs (Domain name servers) 70. In some cities that have large concentrations of wireless networks, attackers, called _________, drive around in cars using their wireless-equipped laptop computers to search for accessible networks. Answer: war drivers 71. _________ is the coding of information by using a mathematically based program and a secret key to produce a string of characters that is unintelligible. Answer: Encryption 72. The science that studies encryption is called _________. Answer: cryptography 73. The program that transforms normal text into cipher text is called a(n) _________. Answer: encryption program 74. _________ encryption encodes messages by using two mathematically related numeric keys. Answer: Asymmetric Public-key Public key 75. The process of proposing and accepting various transmission conditions is called _________. Answer: session negotiation 76. Briefly describe the requirements for secure electronic commerce. Answer: Secure electronic commerce should satisfy the following requirements. Secrecy: Prevent unauthorized persons from reading messages and business plans, obtaining credit card numbers, or deriving other confidential information. Integrity: Enclose information in a digital envelope so that the computer can automatically detect messages that have been altered in transit. Availability: Provide delivery assurance for each message segment so that messages or message segments cannot be lost undetectably. Key management: Provide secure distribution and management of keys needed to provide secure communications. Nonrepudiation: Provide undeniable, end-to-end proof of each message’s origin and recipient. Authentication: Securely identify clients and servers with digital signatures and certificates. 77. Describe the security dangers inherent in ActiveX controls. Answer: The security danger with ActiveX controls is that once they are downloaded, they execute like any other program on a client computer. They have full access to all system resources, including operating system code. An ill-intentioned ActiveX control could reformat a user’s hard disk, rename or delete files, send e-mails to all the people listed in the user’s address book, or simply shut down the computer. Because ActiveX controls have full access to client computers, they can cause secrecy, integrity, or necessity violations. 78. What is the difference between a virus and a worm? Answer: A virus is software that attaches itself to another program and can cause damage when the host program is activated. A worm is a type of virus that replicates itself on the computers that it infects. Worms can spread quickly through the Internet. 79. What are the six main elements included on a digital certificate? Answer: A digital certificate includes six main elements, including: 1) Certificate owner’s identifying information, such as name, organization address, and so on 2) Certificate owner’s public key 3) Dates between which the certificate is valid 4) Serial number of the certificate 5) Name of the certificate issuer 6) Digital signature of the certificate issuer. 80. How is a buffer vulnerable to security threats? Answer: A buffer is an area of memory set aside to hold data read from a file or database. A buffer is necessary whenever any input or output operation takes place because a computer can process file information much faster than the information can be read from input devices or written to output devices. Programs filling buffers can malfunction and overfill the buffer, spilling the excess data outside the designated buffer memory area. This is called a buffer overrun or buffer overflow error. Usually, this occurs because the program contains an error or bug that causes the overflow, but it can also be intentional. An overflow condition can consume the resources of the computer until it can no longer function. A more insidious version of a buffer overflow attack writes instructions into critical memory locations so that when the intruder program has completed its work of overwriting buffers, the Web server resumes execution by loading internal registers with the address of the main attacking program’s code. This type of attack can open the Web server to severe damage because the resumed program—which is now the attacker program—may regain control of the computer, exposing its files to disclosure and destruction by the attacking program. Test Bank for Electronic Commerce Gary P. Schneider 9781285425436, 9781305867819, 9781133526827
Close