ITS 4050 - Internet and Web Security
Review for First Test
The following questions are provided to help you study for the first
test. Do not expect to see these exact questions on the test.
- History review: what is the significance of the Jacquard loom, with
regard to computers and manufacturing?
- Compare these features of an e-commerce site: catalog, shopping cart,
transaction processing, fulfillment system. What are the difference
- Assuming we have a reason to use devices that belong to the Internet
of Things, what are some of the security concerns that they create?
- What does the requirement to make a customer's e-commerce site "highly
available" mean, in terms of a realistic design for it?
- Why should anything about commerce posted on the Internet have an
expiration data on it? (example: sales announcements)
- What are the three stages covered in the text regarding Customer Life-cycle
Management? In which phases do sales actually take place?
- List the four major steps in a payment card transaction from about
page 40 in the text. Which step actually includes the approval or denial
of the purchase? Who does the entity in this step communicate with?
- Why do we recommend that connection to e-commerce sites, and others,
be made with HTTPS, not HTTP?
- Do you have a policy you favor about passwords you use on websites
where you buy things? Do you have a different attitude as a professional
being consulted about it by a vendor?
- In social engineering,
- what is meant by a pretext?
- what should be your reaction to an urgent email from a bank you
don't use? what about from your own bank?
- why did the visher in the video I provided add background noise
from a crying baby to her call to her victim's cell phone company?
- What does the OWASP provide on their web site?
- What is a ping flood attack? What should be a reasonable defense against
- Why might an attack on a DNS service be effective on more victims
than just the intended target?
- What is the difference between internal and external hosting? Why
might either be a good choice in some cases?
- If we create a set of customer forums for our e-commerce site, what
some potential drawbacks to doing so?
What about using feedback forms that we post or email to our customers?
What about online surveys, such as those on Survey Monkey?
- What is the OWASP threat called Security Misconfiguration about? How
do you address it?
- If most of the people on our e-commerce site are actual customers,
why is data validation a priority?
- On a malicious web site, when would you expect a script embedded in
a web page to run?
- What are some of the defensive layers mentioned in chapter 7? What
perimeter does the text mean, regarding perimeter security?
- What is the point of Secure Sockets Layer? How does the user know
it is in use?
- What is an example of rule-based access control? How is it different
from role-based access control?