IA 2 - UNIT 2

Question 1

It involves using the internet, intranet, extranet, or other networks to support business processes.

Answer 1

E-Business

Question 2

• Primarily refers to online buying, selling, marketing, and servicing products and services.
• Includes payment and delivery of products/services online.

Answer 2

E-Commerce

Question 3

phishing attack primary targets

Answer 3

1. retail services
2. financial institutions
3. ISP

Question 4

Identified privacy and security as significant
concerns.

Answer 4

2001 Study
(Udo)

Question 5

Buyer concerns about website security remain
critical.

Answer 5

2014 Findings
(Hartono et al.)

Question 6

Importance of information security in e-commerce financial transactions.

Answer 6

2016 Emphasis
(Jotwani &
Dutta)

Question 7

Types of Security
Threats

Answer 7

1. Denial of Service (DoS)
2. Spying Attacks
3. Unauthorized Access

Question 8

Overloading servers to make services unavailable.

Answer 8

Denial of Service
(DoS)

Question 9

Interception of sensitive information during transactions (e.g., man-in-the-middle attacks).

Answer 9

Spying Attacks

Question 10

You are gaining access to user accounts or sensitive data without permission.

Answer 10

Unauthorized Access

Question 11

Types of DoS Attacks

Answer 11

1. DDoS
2. Virus Infection
3. Computer Worms

Question 12

• Involves multiple compromised systems (botnets).
• Often undetected by the owners of infected systems.

Answer 12

DDoS

Question 13

• Deliberately corrupts or deletes data.
• Spread via email attachments or downloads.

Answer 13

Virus Infection

Question 14

Self-replicating does not necessarily damage
but consumes bandwidth.

Answer 14

Computer
Worms

Question 15

Types of Spying Attacks

Answer 15

1. Sniffing
2. Man in the Middle Attack
3. Key Logging

Question 16

Applications or devices that read, monitor, and
capture network data exchanges.

Answer 16

Sniffing

Question 17

An attack where the attacker intercepts and
relays messages between two parties.

Answer 17

Man in the Middle Attack

Question 18

a spying attack that records
each user’s keystroke on a computer.

Answer 18

Keylogging

Question 18

Consequences of Spying Attacks

Gaining access to sensitive information can lead to:

Answer 18

1. Identity theft
2. Financial fraud
3. Corporate espionage

Question 19

is an organized framework of concepts, beliefs, principles, policies, procedures, techniques, and measures that protect system assets against threats.

Answer 19

security

Question 20

Methods Supporting the AIC Objectives

Answer 20

1. Authentication
2. Encryption
3. Access Control
4. Firewalls
5. Intrusion Detection and Prevention
6. Systems (IDPS)
7. Message Digest/Checksum
8. Honeypot
9. Digital Signature & Certificate

Question 21

• Technologies that measure and analyze unique physiological or behavioral characteristics are used to verify or identify individuals.
• These technologies are convenient, as they eliminate the need for cards or passwords, and they are unique to each person, making them a reliable form of authentication.

Answer 21

Biometrics for
Authentication

Question 22

Fingerprints were collected for bank verification
and mobile SIM registration.

Answer 22

Nigeria

Question 23

Bradesco Bank’s palm vein biometric ATM
system

Answer 23

Brazil

Question 24

Biometric identification database to reduce benefit fraud.

Answer 24

India

Question 25

* The user provides biometric data via a sensor. * A template is created and stored.

Answer 25

Registration

Question 26

Modes of Biometrics

Answer 26

1. Physical Biometrics 2. Behavioral Biometrics

Question 27

* User provides biometric data again. * New template is generated and compared to the stored one. * Access granted or denied based on matching.

Answer 27

Authentication

Question 28

Physical Biometrics

Answer 28

1. Fingerprints 1. Face Recognition 1. Hand Geometry 1. Iris Recognition 1. Palm Vein 1. Identification

Question 29

Behavioral Biometrics

Answer 29

Keystroke dynamics

Question 30

* Generates **profiles for network nodes based on sampled data.** * Identifies nodes with out-of-line profiles as potential attackers.

Answer 30

Bayes Probability Algorithm

Question 31

**Sampling and anomaly detection** to monitor network nodes.

Answer 31

Kalutarage’s Approach

Question 32

* Combines boosting techniques with **neural networks to improve the accuracy** and generality of intrusion detection. * Tran et al. [68]

Answer 32

Adaptive Boosting & Semiparametric Neural Networks

Question 33

* Feng et al. [69] * A **hybrid method that mines network data** to detect anomalies and potential attacks.

Answer 33

State Vector Machine & Ant Colony Networks

Question 34

Benefits of Machine Learning in Intrusion Detection

Answer 34

* Adaptive algorithms that learn and evolve with new attacks. * Real-time detection and response to anomalies. * Reduces manual analysis, increasing detection accuracy.

Question 35

is a decentralized, transparent, and secure method for **managing transactions and data without intermediaries.**

Answer 35

Blockchain

Question 35

Peer-to-Peer Security Using Blockchains

Answer 35

1. Immutability 2. Protection from Fraud 3. Cryptographic Hashing

Question 36

Once a block is accepted and added to the chain, it cannot be altered.

Answer 36

Immutability

Question 37

The blockchain structure and validation process prevent tampering and fraudulent transactions.

Answer 37

Protection from Fraud

Question 38

SHA-256 provides a secure hash function, ensuring data integrity.

Answer 38

Cryptographic Hashing

Question 39

Challenges in Blockchain Security

Answer 39

1. Anonymity Concerns 2. Scalability Issues

Question 40

* **Bitcoin transactions are anonymous,** which may not be acceptable for traditional sectors like banking. * Solution: Modified blockchain models with knowable user identities.

Answer 40

Anonymity Concerns

Question 41

Current implementations may face challenges scaling to accommodate larger numbers of transactions.

Answer 41

Scalability Issues

Question 42

Peers in the network who validate new transactions by **solving cryptographic puzzles.**

Answer 42

Data Miners

Question 43

Maps business processes, application systems, and network topologies against possible attacks and defenses.

Answer 43

Enterprise Security Model

Question 44

As enterprises move to the cloud, network complexity increases, making security more challenging.

Answer 44

Cloud Complexity

Question 45

service oriented security framework

Answer 45

1. authentication certificates 2. code filters 3. https 4. ids/ips 5. encryption 6. access control 7. seperate server for business data

Question 45

JP Morgan Chase employs a multi-layered security model to protect its banking and financial data. This model includes **comprehensive business process mapping to identify potential vulnerabilities in financial transactions**, customer data, and infrastructure.

Answer 45

Enterprise Security Architecture

Question 46

Three Phases of user education and engagement in information security

Answer 46

1. awareness 2. training 3. education

Question 47

Basic understanding of security concepts.

Answer 47

Awareness

Question 47

incorporating awareness, training, and education at different user levels. This includes regular employee security briefings, specialized IT training, and advanced education for cybersecurity staff.

Answer 47

Security Awareness Programs at NASA

Question 47

In-depth knowledge for professionals working in security fields.

Answer 47

Education

Question 47

Developing specific skills to handle security challenges.

Answer 47

Training

Question 48

offers training materials and simulation tools to help organizations **educate employees and end-users about phishing attacks.** Their e-learning modules simulate real phishing scenarios to raise awareness and improve responses.

Answer 48

APWG’s Anti-Phishing Training

Question 49

Methods of Delivering Security Awareness Training

Answer 49

1. E-learning 2. Content Coverage 3. Compliance

Question 50

Mandatory online courses.

Answer 50

E-learning

Question 50

Phishing awareness, password security, handling sensitive data

Answer 50

Content Coverage

Question 50

Specific organizational **requirements for data security**

Answer 50

Compliance

Question 51

Example of E-learning Training

Answer 51

1. Password Management Best Practices 2. Sensitive Data Handling Procedures 3. Phishing and Social Engineering 4. Compliance and Regulatory Awareness (e.g., GDPR, HIPAA).