1-Mark Questions
1.
What is E-Commerce security?
➢What is
E-Commerce security? E-Commerce
security refers to the protection of electronic transactions and sensitive
information exchanged during online commerce activities. It involves
implementing various measures to ensure the confidentiality, integrity, and
availability of data, as well as safeguarding against unauthorized access,
fraud, and cyber threats.
2.
What is E-Payment?
➢What is
E-Payment? E-Payment, short for
electronic payment, is a method of conducting financial transactions
electronically over the internet or other electronic networks. It involves
transferring funds from one party to another electronically, using online
payment systems, digital wallets, or electronic banking services.
3.
Write any two Antivirus software’s.
➢Write any two Antivirus
software’s:
o
Norton Antivirus
o McAfee Antivirus
4. What is Encryption?
➢What is
Encryption? Encryption is
the process of converting plaintext or data into ciphertext using cryptographic
algorithms and keys. It ensures that sensitive information remains secure and
confidential during transmission or storage by making it unreadable to
unauthorized parties. Decryption is the reverse process of converting ciphertext
back to plaintext using the appropriate decryption key.
5.
What is malware?
➢What is
malware? Malware, short for
malicious software, refers to any software or code designed to disrupt, damage,
or gain unauthorized access to computer systems, networks, or devices. Malware
includes various types such as viruses, worms, Trojans, ransomware, spyware,
and adware, each with its own malicious intent and behavior. Malware can
compromise the security and privacy of systems, steal sensitive information, or
cause harm to data and resources.
1.
What is encryption? Explain.
➢What is
encryption? Explain: Encryption is
the process of converting plaintext or data into ciphertext using cryptographic
algorithms and keys. The purpose of encryption is to ensure the confidentiality
and integrity of sensitive information during transmission or storage. When
data is encrypted, it becomes scrambled and unreadable to anyone who doesn't
have the decryption key. Only authorized parties with the correct key can
decrypt the ciphertext and revert it back to its original plaintext form.
Encryption plays a crucial role in protecting sensitive information, such as
personal data, financial transactions, and confidential communications, from
unauthorized access, interception, or tampering.
2.
What are the tools available to achieve website
security.
➢What are
the tools available to achieve website security: Achieving website security involves
implementing various tools and techniques to protect against cyber security
threats and vulnerabilities. Some common tools used to enhance website security
include:
o
Secure Sockets Layer (SSL) certificates:
Encrypts data transmitted between a web server and a user's browser, ensuring
secure communication and preventing eavesdropping or data interception.
o
Web Application Firewalls (WAF):
Filters and monitors HTTP traffic between a web application and the internet,
protecting against common web-based attacks such as SQL injection, cross-site
scripting (XSS), and distributed denial-of-service (DDoS) attacks.
o
Intrusion Detection Systems (IDS) and
Intrusion Prevention Systems (IPS): Detect and prevent unauthorized access
or malicious activities on a network or web server by monitoring and analyzing
network traffic and system logs.
o
Vulnerability scanners: Identify
security weaknesses and vulnerabilities in web applications, servers, and
network infrastructure, allowing administrators to patch or mitigate potential
risks.
o
Multi-factor authentication (MFA):
Adds an extra layer of security by requiring users to provide multiple forms of
authentication, such as passwords, security tokens, or biometric data, before
granting access to sensitive resources.
o
Content Security Policy (CSP):
Mitigates the risk of cross-site scripting (XSS) attacks by defining and
enforcing a white list of trusted sources for loading scripts, style sheets,
and other resources on web pages.
3.
How an online credit card transaction works? Explain.
➢How an
online credit card transaction works? Explain: An online credit card transaction typically
involves several steps to securely process payment information and authorize
the transaction:
o
Initiation: The customer selects the
desired products or services on the merchant's website and proceeds to the
checkout page to complete the purchase.
o Data Entry: The customer enters their
credit card details, including the card number,
expiration date,
and security code (CVV/CVC), into the payment form on the website.
o
Encryption: The payment information
is encrypted using SSL or TLS encryption protocols to protect it during
transmission over the internet. This ensures that the data is securely
transmitted from the customer's browser to the merchant's web server.
Authorization: The merchant's web server sends the encrypted
payment data to a payment gateway, which forwards the information to the credit
card network (e.g., Visa,
o
Verification: The credit card network verifies the
authenticity of the transaction and checks for available funds and fraud flags
associated with the card.
o
Approval: If the transaction is authorized, the credit
card network sends an approval
response to the
payment gateway, which then notifies the merchant's website.
o
Completion: The customer receives a confirmation of the successful transaction on
the website, and the purchased goods or services are delivered or made
available to the customer.
Throughout the process, encryption, secure
communication protocols, and authentication mechanisms are used to protect the
confidentiality and integrity of the payment information and ensure a secure
online transaction.
10-Mark Questions
1.
What is E-Payment? Explain the types.
➢What is
E-Payment? Explain the types:
E-Payment, short for electronic payment, refers to the process of making
financial transactions electronically, often through the internet or other
electronic devices. E-Payment systems facilitate the transfer of funds between
parties without the need for physical cash or checks. There are several types
of e-payment methods, including: o Credit Card Payments: Customers can
make purchases online using credit cards, where the payment information is
securely transmitted to the merchant's website for
authorization
and processing.
o Debit Card Payments: Similar to credit
cards, debit card payments involve using debit card details to make purchases
online. Funds are deducted directly from the customer's bank account.
o Bank Transfers: Bank transfers allow
customers to transfer funds electronically from their bank account to the
recipient's account. This method is commonly used for larger transactions and
payments between businesses.
o Mobile Payments: Mobile payment systems
enable users to make payments using their smartphones or mobile devices.
Examples include mobile wallets, digital payment apps, and contactless payments
using Near Field Communication (NFC) technology.
o Digital Currencies: Cryptocurrencies
such as Bitcoin, Ethereum, and Litecoin are decentralized digital currencies
that can be used for online transactions. These transactions are recorded on a
blockchain and offer pseudonymous and secure payments.
o E-Wallets: E-Wallets or digital wallets
store payment information and allow users to make payments online or in-store.
Examples include PayPal, Apple Pay, Google Pay, and Samsung Pay.
What is security threat? Explain
different types of security threats.
➢What is a
security threat? Explain different types of security threats: A security threat refers to any potential
danger or risk to the confidentiality, integrity, and availability of
information or resources within a computer system, network, or organization.
Security threats can come from various sources, including malicious actors,
software vulnerabilities, and natural disasters. Here are different types of
security threats:
o
Malware: Malware, short for
malicious software, includes viruses, worms, Trojans, ransomware, spyware, and
adware. Malware infects systems and performs malicious actions, such as
stealing sensitive information, damaging files, or hijacking system resources.
o
Phishing: Phishing attacks involve
sending fraudulent emails, messages, or websites that impersonate legitimate
entities to trick users into revealing sensitive information, such as
passwords, credit card numbers, or personal data.
o
Denial-of-Service (DoS) and Distributed
Denial-of-Service (DDoS) Attacks: DoS and DDoS attacks flood a system,
server, or network with excessive traffic or requests, causing it to become
overwhelmed and unavailable to legitimate users.
o
Man-in-the-Middle (MitM) Attacks:
MitM attacks intercept and manipulate communication between two parties,
allowing the attacker to eavesdrop on sensitive information or modify data
without the knowledge of the sender or recipient.
o SQL Injection: SQL injection attacks
exploit vulnerabilities in web applications by injecting malicious SQL code
into input fields, allowing attackers to access or manipulate databases, steal
data, or perform unauthorized actions.
o
Zero-Day Exploits: Zero-day exploits
target vulnerabilities in software or hardware that are unknown to the vendor
or developers. Attackers exploit these vulnerabilities before patches or fixes
are available, posing a significant risk to affected systems.
o
Social Engineering: Social
engineering attacks manipulate human psychology to deceive individuals into
divulging confidential information or performing actions that compromise
security. Examples include pretexting, baiting, and tailgating.
These are just a few examples of security
threats, and organizations need to implement comprehensive security measures to
mitigate risks and protect against evolving threats.
UNIT – IV Business Concepts in E-Commerce
No comments:
Post a Comment