ITS 4050 - Internet and Web Security
Review for First Test
The following questions are provided to help you study for the
first test. Do not expect to see these exact questions on the
- History review: what is the significance of the Jacquard loom,
with regard to computers and manufacturing?
- Compare these features of an e-commerce site: catalog,
shopping cart, transaction processing, fulfillment system. What
are the differences between them?
- Assuming we have a reason to use devices that belong to the
Internet of Things, what are some of the security concerns that
- What does the requirement to make a customer's e-commerce site
"highly available" mean, in terms of a realistic design for it?
- Why should anything about commerce posted on the Internet have
an expiration date on it? (example: sales announcements)
- What are the three stages covered in the text regarding
Customer Life-cycle Management? In which phases do sales
actually take place?
- List the four major steps in a payment card transaction from
about page 40 in the text. Which step actually includes the
approval or denial of the purchase? Who does the entity in this
step communicate with?
- Why do we recommend that connection to e-commerce sites, and
others, be made with HTTPS, not HTTP?
- Do you have a policy you favor about passwords you use on
websites where you buy things? Do you have a different attitude
as a professional being consulted about it by a vendor?
- In social engineering,
- what is meant by a pretext?
- what should be your reaction to an urgent email from a
bank you don't use? what about from your own bank?
- why did the visher in the video I provided add background
noise from a crying baby to her call to her victim's cell
- What does the OWASP provide on their web site?
- What is a ping flood attack? What should be a reasonable
defense against it?
- Why might an attack on a DNS service be effective on more
victims than just the intended target?
- What is the difference between internal and external hosting?
Why might either be a good choice in some cases?
- If we create a set of customer forums for our e-commerce site,
what some potential drawbacks to doing so?
What about using feedback forms that we post or email to our
What about online surveys, such as those on Survey Monkey?
- What is the OWASP threat called Security Misconfiguration
about? How do you address it?
- If most of the people on our e-commerce site are actual
customers, why is data validation a priority?
- On a malicious web site, when would you expect a script
embedded in a web page to run?
- What are some of the defensive layers mentioned in chapter 7?
What perimeter does the text mean, regarding perimeter security?
- What is the point of Secure Sockets Layer? How does the user
know it is in use?
- What is an example of rule-based access control? How is it
different from role-based access control?