Page 88 - DCAP306_DCAP511_E-COMMERCE_AND_E-BUSINESS
P. 88

Unit 6:  Security Framework





               6.5   Keywords

               Cross-site Scripting: It is a type of computer security weakness usually found in web applications that
               enables attackers to infuse client-side script into web pages viewed by other users.
               Private Keys: These keys are associated with the original sender and are private to that particular
               sender. They are used to compute signatures.
               Public Keys: These keys are the numbers associated with a particular user. They are known to everyone
               who wishes to establish a secured communication with the corresponding user. They are generally used
               to verify signatures.
               Web of Trust: It is a concept used in PGP to establish the authentication between a public key and its
               owner.
               6.6  Self Assessment

               1.   State whether the following statements are true or false:
                    (a)  The disadvantage of an e-commerce system is that when the purchase order is duplicated, it
                       cannot be easily identified.

                    (b)  Confidentiality feature ensures that the retrieved transaction information is reliable and
                       resembles the transmitted document without any modification.
                    (c)  Cross-site scripting involves overloading a  Web application by sending volumes of data
                       larger than its actual capacity.

                    (d)  In stream cipher mode, the information is transmitted without dividing into fixed blocks, as
                       it is capable of handling data of large size.
                    (e)  Symmetric cryptosystems use private and public keys to establish a secure communication.
                    (f)  Price manipulation vulnerability is also known as XSS attack.
               2.   Fill in the blanks:

                    (a)  ________________ is the vulnerability technique that attacks Web sites based on the type of
                       back-end database used.
                    (b)  When a consumer purchases a good online, the price of the good is stored dynamically in a
                       __________________ field.
                    (c)  In __________________ mode, the transmitted information is divided into fixed size blocks.
                    (d)  The strength of the information encrypted depends on length of __________________.
                    (e)  _____________ functions have the capability of handling information of any size.
               3.   Select a suitable choice for the questions given below:
                    (a)  Which of the following protocol uses signed and encrypted framework to apply encryption
                       services and digital signature to MIME objects?
                        (i)  PEM        (ii) MOSS    (iii) PGP          (iv) S/MIME
                    (b)  Which of the following protects information from unauthorized access by internal users and
                       hackers?
                        (i)  Authenticity     (ii) Integrity      (iii) Non- repudiability    (iv) Availability
                    (c)  Which of the following converts the confidential information into a coded language that is
                       difficult to understand by unauthorized users?
                        (i)  Decryption       (ii) Encryption   (iii) Auditability  (iv) Availability
                    (d)  Which of the following have the right to own the private key?




                                    LOVELY PROFESSIONAL UNIVERSITY                           81
   83   84   85   86   87   88   89   90   91   92   93