Chapter 12Electronic Commerce Systems

TRUE/FALSE
1. Because of network protocols, users of networks built by different manufacturers are able to
communicate and share data.
ANS: T
2. Electronic commerce refers only to direct consumer marketing on the Internet.
ANS: F
3. Business to consumer is the largest segment of Internet commerce.
ANS: F
4. The phrase .com has become an Internet buzz word. It refers to a top-level domain name for
communications organizations.
ANS: F
5. The standard format for an e-mail address is DOMAIN NAME@USER NAME.
ANS: F
6. The network paradox is that networks exist to provide user access to shared resources while one of its
most important objectives is to control access.
ANS: T
7. Business risk is the possibility of loss or injury that can reduce or eliminate an organizations ability to
achieve its objectives.
ANS: T
8. IP spoofing is a form of masquerading to gain unauthorized access to a Web server.
ANS: T
9. The rules that make it possible for users of networks to communicate are called protocols.
ANS: T
10. A factor that contributes to computer crime is the reluctance of many organizations to prosecute
criminals for fear of negative publicity.
ANS: T
11. Cookies are files created by user computers and stored on Web servers.
ANS: F

12. Sniffing is the unauthorized transmitting of information across an Intranet.

ANS: F
APPENDIX QUESTION
13. The client-server model can only be applied to ring and star topologies.
ANS: F
14. The most popular topology for local area networks is the bus topology.
ANS: T
15. A network topology is the physical arrangement of the components of the network.
ANS: T
16. A bus topology is less costly to install than a ring topology.
ANS: T
17. In a hierarchical topology, network nodes communicate with each other via a central host computer.
ANS: T
18. Polling is one technique used to control data collisions.
ANS: T
19. The most frequent use of EDI is in making vendor payments.
ANS: F
20. EDI is the inter-company exchange of computer processible business information in standard format.
ANS: T
MULTIPLE CHOICE
APPENDIX QUESTION
1. The primary difference between a LAN and a WAN is
a. the geographical area covered by the network
b. the transmission technology used
c. the type of workstation used
d. the size of the company
ANS: A
2. To physically connect a workstation to a LAN requires a
a. file server

b. network interface card

c. multiplexer
d. bridge
ANS: B
3. One advantage of network technology is
a. bridges and gateways connect one workstation with another workstation
b. the network interface card permits different networks to share data
c. file servers permit software and data to be shared with other network users
d. a universal topology facilitates the transfer of data among networks
ANS: C
4. Which topology has a large central computer with direct connections to a periphery of smaller
computers? Also in this topology, the central computer manages and controls data communications
among the network nodes.
a. star topology
b. bus topology
c. ring topology
d. client/server topology
ANS: A
5. In a star topology, when the central site fails
a. individual workstations can communicate with each other
b. individual workstations can function locally but cannot communicate with other
workstations
c. individual workstations cannot function locally and cannot communicate with other
workstations
d. the functions of the central site are taken over by a designated workstation
ANS: B
6. Which of the following statements is correct? The client-server model
a. is best suited to the token-ring topology because the random-access method used by this
model detects data collisions.
b. distributes both data and processing tasks to the servers node.
c. is most effective used with a bus topology.
d. is more efficient than the bus or ring topologies.
ANS: B
7. What do you call a system of computers that connects the internal users of an organization that is
distributed over a wide geographic area?
a. LAN
b. decentralized network
c. multidrop network
d. Intranet
ANS: D
8. Sniffer software is
a. software used by malicious Web sites to sniff data from cookies stored on the users hard
drive
b. used by network administrators to analyze network traffic

c. used by bus topology Intranets to sniff for a carrier before transmitting a message to avoid
data collisions
d. illegal programs downloaded from the Net to sniff passwords from the encrypted data of
Internet customers
ANS: B
9. In a ring topology
a. all nodes are of equal status
b. nodes manage private programs and databases locally
c. shared resources are managed by a file server which is a node on the ring
d. all of the above
ANS: D
10. The client/server technology
a. increases the amount of data that is transmitted between the central file and the network
node
b. eliminates the need for nodes to communicate with each other
c. reduces the number of records that must be locked by having the file server perform record
searches
d. functions only with a ring and bus topology
ANS: C
11. A star topology is appropriate
a. for a wide area network with a mainframe for a central computer
b. for centralized databases only
c. for environments where network nodes routinely communicate with each other
d. when the central database does not have to be concurrent with the nodes
ANS: A
12. In a ring topology
a. the network consists of a central computer which manages all communications between
nodes
b. has a host computer connected to several levels of subordinate computers
c. all nodes are of equal status; responsibility for managing communications is distributed
among the nodes
d. information processing units rarely communicate with each other
ANS: C
13. Which method does not manage or control data collisions that might occur on a network?
a. multiplexing
b. polling
c. carrier sensing
d. token passing
ANS: A
14. Network protocols fulfill all of the following objectives except
a. facilitate physical connection between network devices
b. provide a basis for error checking and measuring network performance
c. promote compatibility among network devices
d. result in inflexible standards

ANS: D
15. All of the following are true about the Open System Interface (OSI) protocol except
a. within one node different layers communicate with other layers at that node
b. one protocol is developed and applied to all the OSI layers
c. specific layers are dedicated to hardware tasks and other layers are dedicated to software
tasks
d. layers at each node communicate logically with their counterpart layers across nodes
ANS: B
16. Which of the following statements is correct? TCP/IP
a. is the basic protocol that permits communication between Internet sites.
b. controls Web browsers that access the WWW.
c. is the file format used to produce Web pages.
d. is a low-level encryption scheme used to secure transmissions in HTTP format.
ANS: A
17. XBRL
a. is the basic protocol that permits communication between Internet sites.
b. controls Web browsers that access the Web.
c. is the document format used to produce Web pages.
d. was designed to provide the financial community with a standardized method for preparing
e. is a low-level encryption scheme used to secure transmissions in higher-level (HTTP)
format.
ANS: D
18. FTP
a. is the document format used to produce Web pages.
b. controls Web browsers that access the Web.
c. is used to connect to Usenet groups on the Internet
d. is used to transfer text files, programs, spreadsheets, and databases across the Internet.
e. is a low-level encryption scheme used to secure transmissions in higher-level () format.
ANS: D
19. HTML
a. is the document format used to produce Web pages.
b. controls Web browsers that access the Web.
c. is used to connect to Usenet groups on the Internet.
d. is used to transfer text files, programs, spreadsheets, and databases across the Internet.
e. is a low-level encryption scheme used to secure transmissions in higher-level () format.
ANS: A
20. Which one of the following statements is correct?
a. Cookies always contain encrypted data.
b. Cookies are text files and never contain encrypted data.
c. Cookies contain the URLs of sites visited by the user.
d. Web browsers cannot function without cookies.
ANS: C

21. A message that is made to look as though it is coming from a trusted source but is not is called
a. a denial of service attack
b. digital signature forging
c. Internet protocol spoofing
d. URL masquerading
ANS: C
22. A digital signature is
a. the encrypted mathematical value of the message senders name
b. derived from the digest of a document that has been encrypted with the senders private
key
c. the computed digest of the senders digital certificate
d. allows digital messages to be sent over analog telephone lines
ANS: B
23. HTTP
a. is the document format used to produce Web pages.
b. controls Web browsers that access the Web.
c. is used to connect to Usenet groups on the Internet
d. is used to transfer text files, programs, spreadsheets, and databases across the Internet.
e. is a low-level encryption scheme used to secure transmissions in higher-level () format.
ANS: B
24. Which of the following statements is correct?
a. Packet switching combines the messages of multiple users into a packet for transmission.
At the receiving end, the packet is disassembled into the individual messages and
distributed to the intended users.
b. The decision to partition a database assumes that no identifiable primary user exists in the
organization.
c. Message switching is used to establish temporary connections between network devices for
the duration of a communication session.
d. A deadlock is a temporary phenomenon that disrupts transaction processing. It will resolve
itself when the primary computer completes processing its transaction and releases the data
needed by other users.
ANS: C
25. NNTP
a. is the document format used to produce Web pages.
b. controls Web browsers that access the Web.
c. is used to connect to Usenet groups on the Internet
d. is used to transfer text files, programs, spreadsheets, and databases across the Internet.
e. is a low-level encryption scheme used to secure transmissions in higher-level (HTTP)
format.
ANS: C
SHORT ANSWER
1. What is packet switching?
ANS:

Packet switching is a transmission whereby messages are divided into small packets. Individual
packets of the same message may take different routes to their destinations. Each packet contains
address and sequencing codes so they can be reassembled into the original complete message at the
receiving end.
2. What is an extranet?
ANS:
An extranet is a variant on Internet technology. This is a password-controlled network for private users
rather than the general public. Extranets are used to provide access between trading partner internal
databases.
3. What is a URL?
ANS:
A URL is the address that defines the path to a facility or file on the Web. URLs are typed into the
browser to access Web site homepages and individual Web pages, and can be embedded in Web pages
to provide hypertext links to other pages.
4. What is an IP address?
ANS:
Every computer node and host attached to the Internet must have a unique Internet protocol (IP)
address. For a message to be sent, the IP addresses of both the sending and the recipient nodes must be
provided.
5. What is spoofing?
ANS:
Spoofing is a form of masquerading to gain unauthorized access to a Web server to perpetrate an
unlawful act without revealing ones identity.
6. Name the three types of addresses used on the Internet.
ANS:
The three types of addresses used on the Internet are: e-mail addresses of individuals, Web site (URL)
addresses of pages, and IP addresses of individual computers attached to the Internet.
7. What is XML?
ANS:
XML is a meta-language for describing markup languages. The term extensible means, that any
markup language can be created using XML. This includes the creation of markup languages capable
of storing data in relational form, where tags (formatting commands) are mapped to data values.
8. What is XBRL?
ANS:
XBRL (Extensible Business Reporting Language) is an XML-based language that was designed to
provide the financial community with a standardized method for preparing, publishing and
automatically exchanging financial information, including financial statements of publicly held
companies.
9. What is XBRL Taxonomy?

ANS:
XBRL taxonomies are classification schemes that are compliant with the XBRL specifications, to
accomplish a specific information exchange or reporting objectives.
10. Explain the parts of an e-mail address and give an example (your own?).
ANS:
The two parts of an e-mail address are the user name and the domain name. For example,
hsavage@cc.ysu.edu is the address of Helen Savage at the computer center site at Youngstown State
University.
11. Explain a denial of service attack.
ANS:
A denial of service attack is an assault on a Web server to prevent it from serving its users. The normal
connecting on the Internet involves a three-way handshake: (1) from the originating server to the
receiving server, (2) from the receiving server to the originating, and (3) from the originating server to
the receiving. In a denial of service attack, step three is omitted by the attacking entity, and this locks
up the receiving server and prevents either completing the connection or using their ports to respond to
other inquiries. This is somewhat like a calling party on a phone being able to prevent the called party
from breaking the connection, hence making the phone unusable.
12. What are cookies and why are they used?
ANS:
Cookies are files containing user information that are created by the Web server of the site being
visited and are then stored on the visitors own computer hard drive. They can contain the addresses of
sites visited by the user. If the site is revisited, the browser sends the cookie(s) to the Web server. This
was originally intended to enhance efficiency. Many questions now exist about the use of cookies,
especially with regard to user privacy and the security of user information such as passwords.
13. List at least five top-level domain names used in the United States.
ANS:
Among the top-level domain names used in the U.S. are:
.coma commercial entity
.neta network provider
.organ non-profit organization
.eduan educational or research entity
.gova government entity
APPENDIX QUESTION
14. When are networks connected with a bridge and with a gateway?
ANS:
Bridges connect LANs of the same type; gateways connect LANs of different manufacturers and
different types.
15. Describe an advantage to the client/server topology.
ANS:

Client/server technology reduces the number of records that have to be locked and reduces the amount
of data that is transmitted over the network.
16. Describe one primary advantage of polling as a network control method.
ANS:
Polling is noncontentious so data collisions are prevented.
Firms can prioritize data communications by polling important nodes more frequently than less
important nodes.
17. Describe one disadvantage to carrier sensing as a network control method.
ANS:
Collisions can occur when two messages are sent simultaneously.
18. Why is network control needed? What tasks are performed?
ANS:
Network control establishes a communication session between sender and receiver, manages the flow
of data across the network, detects and resolves data collisions, and detects errors in data caused by
line failure or signal degeneration.
19. Define WAN, LAN, and VAN.
ANS:
A WAN is a wide area network, a LAN is a local area network, and a VAN is a value-added network.
20. What are the five basic network architectures?
ANS:
The five basic network architectures are: star, hierarchical, ring, bus, and client/server.
ESSAY
APPENDIX QUESTION
1. Contrast a LAN and a WAN. Typically, who owns and maintains a WAN?
ANS:
A LAN is a local area network covering a limited geographic area (a room, a building, several
buildings within a restricted geographic distance). Information processing units connected to a LAN
are usually microcomputer-based workstations. Typically, LANs are privately owned and controlled.
2. Describe the basic differences between the star, ring, and bus topologies.
ANS:
The star topology is a configuration of IPUs with a large central computer (the host) at the hub (or
center) that has connections to a number of smaller computers. Communication between nodes is
managed from the host.
The ring topology connects many computers of equal status. There is no host. Management of
communication is distributed among the nodes.

In the bus topology, all nodes are connected to a common cable, the bus. Communication and file
transfer are controlled centrally by one or more server.
3. What security questions must be considered with regard to Internet commerce?
ANS:
Security questions that must be answered to safeguard Internet commerce relate to:
private or confidential financial data stored on a host or server that could be accessed by unauthorized
individuals,
interception of private information sent between sites, such as credit card numbers, and
the risk of destruction of data and programs by virus attacks and other malice.
4. What is the World Wide Web?
ANS:
The World Wide Web is an Internet facility that links user sites locally and around the world. It was
originally developed to share scientific information over the Internet. Although the Web is the part of
the Internet that is most familiar to average users, it is just a part. Other Internet tools include file
transfer using FTP, remote connection to another computer using Telnet, and access to the menuing
system Gopher. Its popularity is in part due to the ease of access that is provided by Internet browser
software. The basic Web document is written in hypertext markup language that contains numerous
links to other pages, thus permitting easy movement.
5. Discuss the three levels of Internet business models.
ANS:
How much benefit an organization gains from the Internet depends on how much of its function is
used. Three levels of uses can be made:
a. At the simplest level, the information level, the organization uses the Internet to display
information about the company, its products, services, and business policies. In other words, it
provides information only.
b. At the transaction level, the organization uses the Internet to accept orders from customers and/or
to place them with their suppliers. In other words, transactions occur.
c. At the highest level, the distribution level, the organization uses the Internet to both sell and
deliver digital productsonline news, software, music, video, etc.
6. Define risk in an electronic commerce setting.
ANS:
The typical definition of business risk is the possibility of loss or injury that can reduce or eliminate an
organizations ability to achieve its objectives. In the area of e-commerce, risk relates to the loss, theft,
or destruction of data and/or the use or generation of data or computer programs that financially or
physically harm an organization.
7. Discuss the four areas of concern as they are related to e-commerce: data security, business policy,
privacy, and business process integrity.
ANS:
Data security relates to the level of protection over stored and transmitted datathe security of internal
databases and protection from unauthorized access by individuals inside and outside the organizations.
Business policies relate to the need of consumers and trading partners to know a companys policies
regarding billing, payment, merchandise returns, shipping, products, and sales tax collection.

Privacy refers to the level of confidentiality used by an organization in managing customer and trading
partner data.
Business process integrity relates to the accuracy, completeness, and consistency with which an
organization processes its business transactions.
8. Define and contrast digital certificate and digital signature.
ANS:
A digital certificate is like an electronic identification card that is used in conjunction with a public
key encryption system to verify the authenticity of the message sender. These are issued by
certification authorities.
A digital signature is an electronic authentication technique that ensures that the transmitted message
originated with the authorized sender and that it was not tampered with after the signature was applied.
9. Explain the function of the two parts of the TCP/IP protocol.
ANS:
The two parts of the TCP/IP protocol are the transfer control protocol (TCP) and the Internet protocol
(IP). This controls how the individual packets of data are formatted, transmitted, and received. The
TCP supports the transport function of the OSI (Open System Interface) model that has been adopted
by the International Standards Organization for the communication community. This ensures that the
full message is received. The IP component provides the routing mechanism. It contains a network
address and is used to route messages to their destinations.
10. What are network protocols? What functions do they perform?
ANS:
Network protocols are the rules and standards governing the design of hardware and software that
permit users of networks manufactured by different vendors to communicate and share data. Protocols
perform a number of different functions.
a. They facilitate the physical connection between network devices.
b. They synchronize the transfer of data between physical devices.
c. They provide a basis for error checking and measuring network performance.
d. They promote compatibility among network devices.
e. They promote network designs that are flexible, expandable, and cost-effective.
11. List and briefly define the privacy conditions inherent to the Safe Harbor agreement
ANS:
Notice: Organizations must provide individuals with clear notice of, the purposes for which it
collects and uses information about them, the types of third parties to which it discloses the
information, and how to contact the company with inquiries or complaints.
Choice: Before any data is collected, an organization must give its customers the opportunity to
choose whether to share their sensitive information (e.g., data related to factors such as health, race, or
religion).
Onward Transfer: Unless they have the individuals permission to do otherwise, organizations may
share information only with those third parties that belong to the Safe Harbor Agreement or follow its
principles.

Security and Data Integrity: Organizations need to ensure that the data they maintain is accurate,
complete, and current, and thus reliable, for use. They must also ensure the security of the information
by protecting it against loss, misuse, unauthorized access, disclosure, alteration, and destruction.
Access: Unless they would be unduly burdened or violate the rights of others, organizations must give
individuals access to personal data about themselves and provide an opportunity to correct, amend, or
delete such data.
Enforcement: Organizations must enforce compliance, provide recourse for individuals who believe
their privacy rights have been violated, and impose sanctions on their employees and agents for noncompliance.
12. Discuss three audit implications of XBRL
ANS:
Audit implications include:
Taxonomy Creation. Taxonomy may be generated incorrectly, resulting in an incorrect mapping
between data and taxonomy elements that could result in material misrepresentation of financial data.
Controls must be designed and in place to ensure the correct generation of XBRL taxonomies.
Validation of Instance Documents. As noted, once the mapping is complete and tags have been stored
in the internal database, XBRL instance documents (reports) can be generated. Independent
verification procedures need to be established to validate the instance documents to ensure that
appropriate taxonomy and tags have been applied before posting to web server.
Audit Scope and Timeframe. Currently, auditors are responsible for printed financial statements and
other materials associated with the statements. What will be the impact on the scope of auditor
responsibility as a consequence of real time distribution of financial statements across the Internet?
Should auditors also be responsible for the accuracy of other related data that accompany XBRL
financial statements, such as textual reports?
13. What is a Certification Authority and what are the implications for the accounting profession?
ANS:
A certification authority is independent and trusted third party empowered with responsibility to vouch
for the identity of organizations and individuals engaging in Internet commerce. The question then
becomes who vouches for the CA? How does one know that the CA who awarded a seal of
authenticity to an individual is itself reputable and was meticulous in establishing his or her identity?
These questions hold specific implication for the accounting profession. Since they enjoy a high
degree of public confidence, public accounting firms are natural candidates for certification
authorities.