Chapter 3 eBusiness and eCommerce

1) The Internet is a global system of interconnected computer networks.

Answer: TRUE
Diff: 1
Learning Obj.: 1
2) eBusiness refers to the use of information technologies in some aspect of the business or
organization.
Answer: FALSE
Diff: 1
Learning Obj.: 1
3) eBusiness and eCommerce have the same meaning.
Answer: FALSE
Diff: 1
Learning Obj.: 1
4) Web commerce is a type of eCommerce and eCommerce is a type of eBusiness.
Answer: TRUE
Diff: 1
Learning Obj.: 1
5) One reason for the worldwide popularity of the Internet is that it has brought universal
standards of communication to all networks.
Answer: TRUE
Diff: 2
Learning Obj.: 1
6) Some computers on the Internet need an Internet Protocol address.
Answer: FALSE
Diff: 2
Learning Obj.: 1
7) Domain names and their corresponding IP addresses are registered in electronic "phone
books" at many sites on the Internet.
Answer: TRUE
Diff: 2
Learning Obj.: 1
8) Software known as firewalls limits access to information on a company's servers from the rest
of the world.
Answer: TRUE
Diff: 2
Learning Obj.: 1
1 | Page

9) One common type of electronic mail server is known as POP server.

Answer: TRUE
Diff: 1
Learning Obj.: 1
10) Internet Explorer and Firefox are examples of Web servers.
Answer: FALSE
Diff: 2
Learning Obj.: 1
11) Under the Uniform Electronic Transaction Act, digital signatures are not legally binding in
most states.
Answer: FALSE
Diff: 2
Learning Obj.: 4
12) File servers exist mainly as storage for electronic files.
Answer: TRUE
Diff: 1
Learning Obj.: 1
13) The enterprise architecture describes the joint structure and behavior of the enterprise and its
information system.
Answer: TRUE
Diff: 2
Learning Obj.: 2
14) The enterprise architecture involves five enterprise architectural domains.
Answer: FALSE
Diff: 1
Learning Obj.: 2
15) Human resources is part of the application architecture of a company.
Answer: FALSE
Diff: 2
Learning Obj.: 2
16) The relational data model is a three-dimensional structure similar in look to that of a cube.
Answer: FALSE
Diff: 2
Learning Obj.: 2
17) The data model uses structured query language to perform operations on data within a
database.
Answer: TRUE
Diff: 2
Learning Obj.: 2
2 | Page

18) Data modeling is a database design process that proceeds through the conceptual, logical,
and implementation phases.
Answer: FALSE
Diff: 2
Learning Obj.: 2
19) The corporate information factory can be represented by a 3-part model including data
acquisition, management, and delivery.
Answer: TRUE
Diff: 2
Learning Obj.: 2
20) The transactional interface is used for queries, analysis, and research whereas the decision
support interface is used for access and manipulation of data in the operational database.
Answer: FALSE
Diff: 2
Learning Obj.: 2
21) Service-oriented architecture is an applications architecture design framework that facilitates
the development of application suites that share information with each other.
Answer: TRUE
Diff: 2
Learning Obj.: 2
22) Database drivers connect applications to printers.
Answer: FALSE
Diff: 2
Learning Obj.: 2
23) The enterprise service bus (ESB) transfers data to users through a graphical user interface.
Answer: FALSE
Diff: 2
Learning Obj.: 2
24) A guessed plaintext attack will succeed even though the sender adds a few random numbers
at the end of a message.
Answer: FALSE
Diff: 1
Learning Obj.: 4
25) Another name for a digital ID is a digital certificate.
Answer: TRUE
Diff: 1
Learning Obj.: 4

3 | Page

26) A digital time-stamping service can be used to securely store private keys.
Answer: FALSE
Diff: 2
Learning Obj.: 4
27) Digital cash and real cash are virtually identical because digital cash can only be "spent"
once.
Answer: FALSE
Diff: 2
Learning Obj.: 5
28) Anyone can issue his or her digital notes for use in Internet transactions.
Answer: TRUE
Diff: 2
Learning Obj.: 5
29) A major issue in electronic transactions is privacy.
Answer: TRUE
Diff: 1
Learning Obj.: 4
30) Blinding permits a bank to issue digital cash so that it is unable to link the payer to the payee.
Answer: TRUE
Diff: 2
Learning Obj.: 5
31) Memory cards provide a high degree of security and can be used for complex financial
transactions.
Answer: FALSE
Diff: 2
Learning Obj.: 5
32) A system such as an Internet store can be fully automated with no human intervention.
Answer: TRUE
Diff: 2
Learning Obj.: 5
33) Cookies prevent a merchant from viewing and analyzing a person's computer to determine
any other Web sites that the person has visited.
Answer: FALSE
Diff: 2
Learning Obj.: 5

4 | Page

34) Almost all privacy statements prohibit Web merchants from sharing their customer
information with other merchants.
Answer: FALSE
Diff: 2
Learning Obj.: 5
35) A merchant can obtain a third-party seal of approval, such as the AICPA's Web Trust, to
assure its customers their privacy will be protected.
Answer: TRUE
Diff: 2
Learning Obj.: 5
36) ATM cards are really smart cards because they are used for both identification and payment.
Answer: FALSE
Diff: 2
Learning Obj.: 5
37) The ________ ________ ________ is a reference model for business models in general.
Answer: Osterwalder Reference Model (ORM)
Diff: 2
Learning Obj.: 3
38) The ORM defines the typical business model in terms of four major domains: ________,
________, ________, and ________.
Answer: infrastructure, offering, customers, finance
Diff: 3
Learning Obj.: 3
39) When the intranets of two or more companies are linked together a(n) ________ is formed.
Answer: extranet
Diff: 2
Learning Obj.: 1
40) A robot-type program that continually runs on a computer and exchanges information with
users who request it is called a(n) ________.
Answer: server
Diff: 1
Learning Obj.: 1
41) A(n) ________ ________ is a collection of related documents, files, and programs that falls
under the control of one individual.
Answer: Web site
Diff: 2
Learning Obj.: 1

5 | Page

42) The verification of a digital signature involves the use of a(n) ________ algorithm.
Answer: hashing
Diff: 3
Learning Obj.: 4
43) Whereas ________ signatures are relatively easy to forge, ________ signatures are next to
impossible to forge.
Answer: handwritten; digital
Diff: 2
Learning Obj.: 4
44) A sufficiently long key is a useful countermeasure against a(n) ________ ________.
Answer: cryptanalysis attack
Diff: 3
Learning Obj.: 4
45) Digital IDs are issued by a(n) ________ ________.
Answer: certifying authority
Diff: 2
Learning Obj.: 4
46) The technique of ________ permits bank to issue digital cash so that it is unable to link the
payer to the payee.
Answer: blinding
Diff: 2
Learning Obj.: 5
47) An electronic ________ is essentially a computer program that keeps track of various keys,
digital certificates, and other items of information associated with electronic funds.
Answer: wallet
Diff: 2
Learning Obj.: 5
48) A merchant's Web site may perform important functions, such as opening an encrypted
________ session.
Answer: SSL
Diff: 2
Learning Obj.: 5
49) ________ is one of the adverse results of privacy problems on the Internet.
Answer:
Spam
Unsolicited e-mail
Diff: 2
Learning Obj.: 5

6 | Page

50) A(n) ________ ________ ________ model is a set of best practices for a given business
process or group of processes.
Answer: business process reference
Diff: 2
Learning Obj.: 3
51) The four levels of abstraction in the value reference model are ________, ________,
________, and ________.
Answer: strategic, tactical, operational, activities/actions
Diff: 3
Learning Obj.: 3
52) The activities that relate to moving the product are often referred to as ________ activities.
Answer: supply-chain
Diff: 2
Learning Obj.: 3
53) The ________ reference model defines the typical business model in terms of infrastructure,
offering, customers, and finance.
Answer: Osterwalder
Diff: 3
Learning Obj.: 3
54) The Act which recognizes transactions as legally binding if electronic signatures are used is
the ________ ________ ________ Act.
Answer: Uniform Electronic Transactions
Diff: 3
Learning Obj.: 4
55) A(n) ________ is the process of linking and sequencing services in order to make them work
together.
Answer: orchestration
Diff: 1
Learning Obj.: 2
56) A(n) ________ ________ ________ is a set of commands that a given piece of software
makes available so that its functions and data can be accessed by other pieces of software.
Answer: applications programming interface
Diff: 1
Learning Obj.: 2

7 | Page

57) The Electronic Bank of America might digitally sign a message that contains which of the
following information?
A) The bank's name and address
B) The dollar value of the bank note being created
C) A unique serial number
D) All of the above
Answer: D
Diff: 1
Learning Obj.: 5
58) Which of the following is considered a virtual electronic cash card?
A) Memory card
B) eBusiness card
C) Signature-transporting card
D) Answers A and C are correct.
Answer: D
Diff: 2
Learning Obj.: 5
59) Which of the following is a common approach used to describe services and the SOAP
protocol for communication between services?
A) SOA
B) WSDL
C) ESB
D) HTML
Answer: B
Diff: 2
Learning Obj.: 2
60) A domain name is
A) an alias name that can be used in place of an IP number.
B) an alias name that can be used in place of an ISP.
C) a series of numbers such as 207.49.159.2.
D) used by a firewall to keep intruders out of a network.
Answer: A
Diff: 2
Learning Obj.: 1
61) One major difference between an organization's intranet and the Internet is
A) the intranet may be totally unavailable to outsiders.
B) the Internet may be totally unavailable to outsiders.
C) an intranet user almost never can access the Internet.
D) the Internet operates over a local area network.
Answer: A
Diff: 2
Learning Obj.: 1
8 | Page

62) A client is
A) a robot-type program that runs on a computer and exchanges information with users.
B) another name for a proxy server.
C) a user program that accesses and exchanges information with servers.
D) a program that holds incoming electronic mail.
Answer: C
Diff: 2
Learning Obj.: 1
63) One type of server which acts as an electronic post office is called a ________.
A) file server
B) mail server
C) Web server
D) commerce server
Answer: B
Diff: 1
Learning Obj.: 1
64) The protocol that specifies the format of all documents on the World Wide Web is ________.
A) HTML
B) hyperlinks
C) URL
D) ciphertext
Answer: A
Diff: 1
Learning Obj.: 1
65) SQL allows user to
A) define data in a relational database.
B) access data in a relational database.
C) manipulate data in a relational database.
D) All of these answers are correct.
Answer: D
Diff: 2
Learning Obj.: 2
66) Which of the following contain subsets of the data contained in the operational database and
data warehouse?
A) Data marts
B) Data mining warehouse
C) OLAP
D) All of these answers are correct.
Answer: A
Diff: 2
Learning Obj.: 2
67) A plaintext message can be changed into a ciphertext message by using
9 | Page

A) a password.
B) a digital key.
C) Answers A and B are both correct.
D) Neither answer A nor B is correct.
Answer: C
Diff: 2
Learning Obj.: 4
68) If Company A wants to send Company B a secure message, Company A will use Company
B's public key to encrypt the message. Company B must then
A) use Company A's public key to decrypt the message.
B) use its private key to decrypt the message.
C) use Company A's private key to decrypt the message.
D) use its public key to decrypt the message.
Answer: B
Diff: 2
Learning Obj.: 4
69) A message which contains a digital signature
A) must be encrypted along with the signature.
B) must be sent once as plaintext and once as ciphertext if no message digest exits.
C) does not have to be encrypted when a message digest is used as a digital signature.
D) Answers B and C are correct.
Answer: D
Diff: 2
Learning Obj.: 4
70) Which statement below regarding keys is false?
A) Each user should create his or her own public and private keys.
B) Using a central office authority to create and distribute keys is highly recommended.
C) The longer the life of the key, the more security that must be applied to protect it.
D) Sensitive keys should be themselves protected by passwords.
Answer: B
Diff: 2
Learning Obj.: 4
71) Privacy is a major issue in electronic transactions. Therefore, the Internet should not be used
if
A) a bank uses a different digital signature for each denomination of currency.
B) digital signatures need to be issued for coins used in electronic transactions.
C) the IP address of one of the parties to a transaction needs to remain fully confidential.
D) All of these answers are correct.
Answer: C
Diff: 2
Learning Obj.: 4
72) The technique that permits a bank to issue digital cash so that it is unable to link the payer to
10 | P a g e

the payee is called

A) laundering money.
B) using a blinded digital signature.
C) using a generic digital signature.
D) digitized recycling.
Answer: B
Diff: 1
Learning Obj.: 5
73) There are different types of electronic wallet-sized cards used in virtual cash transactions.
ATM cards are classified as
A) shared-key cards.
B) signature-creating cards.
C) memory cards.
D) signature-transporting cards.
Answer: C
Diff: 2
Learning Obj.: 5
74) There are different types of electronic wallet-sized cards used in virtual cash transactions.
The card that shows the most promise for wide-scale retail transaction use in the foreseeable
future is the
A) shared-key card.
B) signature-creating card.
C) memory card.
D) signature-transporting card.
Answer: D
Diff: 2
Learning Obj.: 5
75) Which feature below would not be considered a highly convenient feature for consumers of
an Internet store transaction?
A) Consumers usually must wait for delivery of items purchased via delivery by third parties.
B) Internet store transactions can be completed without any human intervention on the part of the
vendor.
C) Internet stores are "open" 24 7 with virtually worldwide access.
D) Internet stores accept most credit cards.
Answer: A
Diff: 2
Learning Obj.: 5

11 | P a g e

76) Electronic commerce poses many problems with consumer's privacy. Small pieces of
information that are placed on a user's computer by an electronic merchant are called
A) spybots.
B) cookies.
C) worms.
D) viruses.
Answer: B
Diff: 1
Learning Obj.: 5
77) The AICPA's Web Trust attestation program provides assurance that a merchant's Web site
has
A) some type of functioning information protection.
B) business practices disclosure.
C) transaction integrity.
D) All of these answers are correct.
Answer: D
Diff: 2
Learning Obj.: 5
78) Servers that exist to support eBusiness are
A) mail servers.
B) file servers.
C) Web servers.
D) All of the above support eBusiness.
Answer: D
Diff: 1
Learning Obj.: 1
79) ________ servers and ________ servers make applications and data in databases available to
remote clients.
A) Application; database
B) Application; mail
C) File; database
D) Web; mail
Answer: A
Diff: 1
Learning Obj.: 1
80) A three-tiered application architecture involves applications that contain ________ tiers.
A) conceptual, logical, and physical
B) conceptual, knowledge, and functional
C) presentation, logic, and data
D) planning, design, and implementation
Answer: C
Diff: 2
12 | P a g e

Learning Obj.: 2
81) The ________ describes the joint structure and behavior of the enterprise and its information
system.
A) relational architecture
B) business architecture
C) business modeling
D) enterprise architecture
Answer: D
Diff: 2
Learning Obj.: 2
82) Enterprise architecture involves ________ enterprise architectural domains.
A) 3
B) 4
C) 5
D) EA does not involve architectural domains.
Answer: B
Diff: 2
Learning Obj.: 2
83) The ________ architecture defines the needed data and how it is to be stored, processed,
utilized, and integrated with other domains.
A) business
B) data
C) application
D) technical
Answer: B
Diff: 2
Learning Obj.: 2
84) The ________ architecture defines standards, principles, procedures and best practices to
govern the information technology architecture.
A) business
B) data
C) application
D) technical
Answer: D
Diff: 2
Learning Obj.: 2
85) In a relational database model, operations on data are performed by using
A) EA.
B) Java.
C) SQL.
D) UML.
Answer: C
13 | P a g e

Diff: 1
Learning Obj.: 2
86) The corporate information factory model includes
A) data acquisition.
B) data management.
C) data delivery.
D) data acquisition, data management, and data delivery.
Answer: D
Diff: 1
Learning Obj.: 2
87) ________ store relatively current transaction data for quick access by management in
support of tactical decision making.
A) Data warehouses
B) Operational databases
C) Relational databases
D) Data marts
Answer: B
Diff: 1
Learning Obj.: 2
88) ________ store enormous volumes of current and historical data for use in research and
analysis.
A) Data warehouses
B) Operational databases
C) Relational databases
D) Data marts
Answer: A
Diff: 1
Learning Obj.: 2
89) ________ works better with tables that have more than two dimensions for complex
analyses.
A) OLTP
B) ETL
C) SQL
D) OLAP
Answer: D
Diff: 2
Learning Obj.: 2
90) A ________ interface is used for access and manipulation of data in the operational database.
A) decision support
B) transactional
C) graphical user
D) relational
14 | P a g e

Answer: B
Diff: 2
Learning Obj.: 2
91) Service oriented architecture services are ________ software units of functionality.
A) dependent
B) intradependent
C) independent
D) multiple
Answer: C
Diff: 2
Learning Obj.: 2
92) ________ refers to software that serves as a go-between for two applications, enabling
communication between them that would otherwise be impossible.
A) Interfacing
B) Bridgeware
C) Middleware
D) None of the above enables communication between applications.
Answer: C
Diff: 2
Learning Obj.: 2
93) ________ drivers connect applications to databases.
A) Application interface
B) Warehouse
C) Middleware
D) Database
Answer: D
Diff: 2
Learning Obj.: 2
94) The ________ serves as a central switchboard for communications between all enterprise
services and applications.
A) enterprise service bus (ESB)
B) application interface (AI)
C) enterprise architecture (EA)
D) data warehouse (DW)
Answer: A
Diff: 2
Learning Obj.: 2
95) The ________ framework views the organization from the perspectives of the different
stakeholders.
A) Osterwalder
B) federal enterprise
C) open group
15 | P a g e

D) Zachman
Answer: D
Diff: 2
Learning Obj.: 3
96) Primary value chain activities include all the following activities except
A) inbound logistics.
B) accounting.
C) marketing.
D) manufacturing.
Answer: B
Diff: 2
Learning Obj.: 3
97) The value reference model depicts the value chain at ________ levels of abstraction.
A) one
B) two
C) three
D) four
Answer: D
Diff: 2
Learning Obj.: 3
98) The activities related to moving a product are referred to as
A) value chain activities.
B) supply-chain activities.
C) logistical activities.
D) primary activities.
Answer: B
Diff: 2
Learning Obj.: 3
99) The ________ reference model defines the typical business model in terms of infrastructure,
offering, customers, and finance.
A) Osterwalder
B) Zachman
C) federal enterprise
D) open group
Answer: A
Diff: 2
Learning Obj.: 3
100) What act recognizes electronic signatures as legally binding in commerce and businessrelated transactions?
A) Sarbanes-Oxley Act
B) Section 404 Act
C) Uniform Electronic Transactions Act
16 | P a g e

D) Contract Validation Act

Answer: C
Diff: 2
Learning Obj.: 4
101) What standard, developed by credit card companies, represents a security framework based
on numerous control objectives?
A) Payment card industry data security standard
B) Credit card security interface standard
C) Credit card settlement security payment standard
D) Electronic bill payment security standard
Answer: A
Diff: 2
Learning Obj.: 4
102) ________ systems integrate all the major accounting functions, as well as the Web store,
into a single software system.
A) Open enterprise planning
B) Application server planning
C) Enterprise resource planning
D) Zachman enterprise planning
Answer: C
Diff: 2
Learning Obj.: 3
103) Which of the following statements best describes the business architecture's relation to
other architectures?
A) The business architecture supports all the other architectures.
B) The data and technology architectures determine business architectures.
C) The business architectures determine the data and technology architectures.
D) None of the above correctly describe the stated relationship.
Answer: C
Diff: 2
Learning Obj.: 2
104) Which of the following is a standard communications protocol in SOA?
A) XML
B) URL
C) XBRL
D) SOAP
Answer: D
Diff: 2
Learning Obj.: 2
105) Which of the following is not an example of middleware?
A) Enterprise system bus
B) Database driver
17 | P a g e

C) Application programming interface

D) All of the above are examples of middleware.
Answer: A
Diff: 2
Learning Obj.: 2
106) The label "www.google.com" is an example of a
A) domain name.
B) fixed IP address.
C) domain name server.
D) dynamic IP address.
Answer: A
Diff: 2
Learning Obj.: 1
107) "207.49.159.2" is an example of a(n)
A) domain name.
B) domain name server.
C) transmission control protocol.
D) Internet protocol address.
Answer: D
Diff: 2
Learning Obj.: 1
108) Ben Black works as an instructor at Cheyenne School, whose domain name is Chey. Ben
Black's user name is bblack. Cheyenne School's e-mail system uses the POP protocol. Ben
Black's e-mail address is
A) bblack@chey.edu.
B) bblack@chey.com.
C) benblack@chey.org.
D) benblack@chey.com.
Answer: A
Diff: 2
Learning Obj.: 1
109) An Internet merchant captured all of the cookies present on Ron's personal computer at his
home
A) because Ron's bank required it.
B) the merchant wanted to speed its transaction with Ron.
C) the merchant wanted to know all of the other sites visited by Ron.
D) because the merchant's bank required it.
Answer: C
Diff: 1
Learning Obj.: 1

18 | P a g e

110) Presented below is a list of terms relating to accounting information systems, followed by
definitions of those terms.
Required: Match the letter next to each definition with the appropriate term. Each answer will be
used only once.
________ 1. OLAP
________ 2. IP
________ 3. FTP
________ 4. SQL
________ 5. POP
________ 6. Key
________ 7. Digital cash
________ 8. Hyperlink
A. The most commonly used protocol for file servers
B. A processing method for very large databases and complicated reporting
C. Address for an individual computer on the Internet
D. The most commonly used protocol for mail servers
E. An electronic "promissory note"
F. A "pointer" to another document on a Web server
G. Used to define, access, and manipulate data in a relational database
H. Needed to decode an encrypted message
Answer: 1. B, 2. C, 3. A, 4. G, 5. D, 6. H, 7. E, 8. F
Diff: 2
Learning Obj.: 1

19 | P a g e

111) Presented below is a list of terms relating to accounting information systems, followed by
definitions of those terms.
Required: Match the letter next to each definition with the appropriate term. Each answer will be
used only once.
________ 1. API
________ 2. Firewall
________ 3. Internet
________ 4. ESB
________ 5. ORM
________ 6. SOA
________ 7. EA
________ 8. IP
________ 9. DNS
A. A set of commands that a given piece of software makes available so that its functions and
data can be accessed by other pieces of software
B. An applications architecture design framework that facilitates the development of application
suites
C. Describes the joint structure and behavior of the enterprise and its information system
D. Limits access to information on the company's servers from the rest of the world
E. Electronic phone book that associates domain names with IP addresses
F. Defines the typical business model in terms of four major domains: infrastructure, offering,
customers, and finance
G. Middleware that serves as a central switchboard for communications between all enterprise
services and applications
H. Protocol that assigns a unique address to each computer on the Internet
I. "The" electronic highway
Answer: 1. A, 2. D, 3. I, 4. G, 5. F, 6. B, 7. C, 8. H, 9. E
Diff: 2
Learning Obj.: 1
112) Give the e-mail address for DJ Jack (his user name is djjac) who works for radio station
WXYZ (the station's domain). WXYZ is a privately held corporation.
Answer: djjac@wxyz.com
Diff: 2
Learning Obj.: 1
113) Give the e-mail address for Red Duke (his user name is reddu), who is an instructor at
Badlands Community Technical School (whose domain is blcomtech).
Answer: reddu@blcomtech.edu
Diff: 2
Learning Obj.: 1

20 | P a g e

114) Name four types of smart cards that are used for electronic payments, and describe the
functions of each card.
Answer: Suggested answer:
There are four types of smart cards. Their functions and uses are:
Memory cards, which are only capable of storing information. For example, a memory card
could store a customer's prepaid account balance information. A cash register could deduct
charges from the card when the card is inserted in the cash register.
Shared-key cards, which encrypt all communications between the card and the point of
payment device, such as a cash register. Shared-key cards could provide more security for
prepaid account balances.
Signature-transporting cards, which are similar to shared-key cards, but also allow the user to
spend digital cash notes. When the customer inserts the card into the cash register, the note is
transferred to the cash register. The cash register can verify on-line with the bank that the note
has not previously been spent.
Signature-creating cards, which are similar to signature-transporting cards, but are capable of
generating their own digital signatures, allowing the user to write electronic "checks" containing
the cardholder's digital signature.
Diff: 2
Learning Obj.: 5
115) Explain the difference between a "server" and a "client." List and describe the four types of
servers.
Answer: Suggested answer:
A server is a program that constantly runs on a computer and shares (exchanges) information,
files, etc., with users who request the information. A client is a user program which requests
information, files, etc., which have been placed on a server.
The four types of servers are:
Mail servers (such as POP servers) act like electronic mailboxes, holding incoming electronic
mail until the user's client program requests it.
File servers (or FTP servers) allow clients to send and retrieve files to and from remote
computers.
Web servers allow clients to access documents and run computer programs residing on remote
computers via the World Wide Web.
Commerce servers are Web servers that specialize in secure financial transactions.
Application servers and database servers make applications and databases available to remote
clients.
Diff: 2
Learning Obj.: 1

21 | P a g e

116) Describe at least three ways in which the privacy of a company's communications may be
violated by unauthorized means.
Answer: Students may mention the following:
Encrypted messages may be decoded by means of guessed plaintext attacks. Senders can avoid
this attack by adding random numbers to the end of a message, using sufficiently long keys, and
frequently changing keys.
Encrypted keys may be the targets of factoring attacks. The attacker tries to discover the two
large prime numbers that make up the public key. Then, the attacker attempts to factor the private
key from the two large prime numbers. Fortunately, this is almost mathematically impossible to
do.
Computers that contain sensitive key information may be compromised. This is considered the
most likely attack. Once an attacker obtains a private key, he or she can decrypt any messages
encrypted with the related public key. To prevent attacks, personal computers containing private
keys should have limited physical access. Both the computers and the keys themselves should be
accessible only through passwords.
Former employees may use keys which have not been discontinued. To prevent this attack,
companies should place keys on a certificate revocation list associated with the certifying
authority that originally issued the key.
Attackers may monitor messages to determine their origins and destinations. This form of
attack does not have a good defense. If one party needs to remain anonymous, the Internet should
not be used as a communications medium.
Diff: 2
Learning Obj.: 4

22 | P a g e

117) What is an intranet and what security issues surround its use by a corporation?
Answer: Suggested answer:
An intranet is a self-contained, in-house network or Internet that is used by a company for its
own internal communications. Employees within an organization may use an intranet in exactly
the same fashion as the Internet; however, the intranet may be partially or completely unavailable
to those outside of the organization.
The main security problem with intranets is that such a network can potentially expose the
organization's sensitive information to everyone on the Internet. To help avert such a problem,
companies use combinations of hardware and software to limit access from outsiders. A firewall
is a software program that filters each packet of incoming information to ensure that it has
originated from an authorized source. One typical approach is to use IP filtering, which blocks
out incoming packets which do not originate from preauthorized IP addresses. Such
preauthorized addresses are maintained in an access control list. Unfortunately, such firewall
protection can be defeated if an outsider can "spoof" an IP address (by sending incoming
message requests that falsely appear to come from an authorized IP address). Firewalls are still
useful, but should be considered only the first-line of defense.
Another type of security device used with an intranet is a proxy server. Such servers are used "on
the inside" of a company's firewall to filter all outgoing requests for information. If a request is
valid (as determined by settings found in an access control list), the request passes through the
proxy server; otherwise it is blocked. Proxy servers can also be used "in reverse" to filter all
incoming requests, thus preventing unauthorized access to specific locations within the
organization. Proxy servers which operate this way provide another type of firewall protection
from outside intruders.
Diff: 2
Learning Obj.: 1
118) What is the difference between electronic business and electronic commerce?
Answer: eBusiness refers to the use of information technologies in any aspect of the business,
whereas eCommerce is a part of eBusiness that directly involves the exchange of products and
services.
Diff: 1
Learning Obj.: 1

23 | P a g e

119) Describe enterprise architecture and its four architectural domains.

Answer: EA describes the joint structure and behavior of the enterprise and its information
system. The four architectural domains are the business architecture, the information
architecture, the applications architecture, and the technical architecture. The BA defines the
human resources, processes, and the infrastructure that a business needs to accomplish its
business strategy. The IA or data architecture defines the needed data and how it is stored,
processed, utilized, and integrated with the other main domains. The AA defines the applications
needed to run the business and how the applications communicate with each other through
intranets, extranets, and electronic data interchange (the focus is on the applications and how
they work together to form a single composite application). The TA describes the structure and
behavior of the IT infrastructure and defines standards, principles, procedures, and best practices
to govern the IT architecture.
Diff: 1
Learning Obj.: 2

24 | P a g e