Security

Passing the e-Biz+ exam: Payment, performance, security

E-commerce sites need administrators who understand the intricacies of electronic business--and certs such as CompTIA's e-Biz+ are designed to help admins prove they have that knowledge. Here are some areas to focus on as you prep for this exam.


Electronic business knowledge is becoming increasingly important for admins in today's e-commerce economy. One way to master the necessary e-business concepts and prove your knowledge is to earn a vendor-neutral cert, such as CompTIA's e-Biz+. As we discussed last time, this exam, which focuses on concepts rather than on product implementation, is a one-test certification that is good for life.

Exam recap
Topics are broken down and weighted like this:
  • Fundamentals: 20 percent
  • Strategy and Planning: 20 percent
  • Initiatives and Implementation Considerations: 38 percent
  • Infrastructure: 22 percent
As of this writing, the test, exam EK0-001, consists of 60 questions that must be answered in 60 minutes, with a minimum passing score of 67 percent. You can find a complete list of the exam objectives at the CompTIA Web site.


Because of its theoretical focus, this exam requires a knowledge-level rather than a hands-on preparation strategy. My previous article offered five tips to help you target the key issues you must understand to pass the test. Here are five more.

Tip 6: Know the electronic payment methods
The methods of electronic payment are plentiful in today's world, but they were somewhat more basic when the exam was first written. Rather than focus on recent innovations, limit your studies for this exam to the leading technologies that have been in use for a number of years.

Secure electronic transactions (SET) are used for electronic purchases. An SET cardholder application must generate SET protocol messages that can be accepted by the SET merchant, payment gateway, and certificate authority components. In SET terminology, a cardholder application is sometimes called a wallet.

S-HTTP, the Secure Hypertext Transfer Protocol, is an Internet security application layer protocol that supports secure commercial transactions on the Web.

Electronic Benefits Transfer (EBT) allows a recipient to authorize transfer of benefits (government) from a federal account to a retailer as payment. PayPal accepts money from the purchaser in one of three ways: by charging the purchaser's credit card for any transactions (payments), by debiting a checking account for any payments, or by debiting a checking account for any payments. Businesses are charged to send and receive money via PayPal.

Tip 7: Automate whenever possible
One of the greatest features of the Web is its ability to present information 24 hours a day to a worldwide audience without requiring constant human intervention. Instead of requiring someone to place an order with an individual operator during working hours, orders can now be placed with your company around the clock. The key to making this happen, as well as to specializing content that is displayed, is automation. Whenever an exam question offers scenarios requiring you to choose between automating a display or process and not doing so, always choose to automate. Here are a few points to keep in mind when answering these types of questions:
  • A few creative applications using XML and Java can enable you to incorporate an e-venture into an existing mainframe infrastructure.
  • An agent is a type of software program instructed to go onto the Internet and do something specific for a user. Spider and worm programs are the most common types of agents. They roam the Internet and collect and index its content and create their own searchable databases of the content found.
  • Forms can be used for online catalogs, surveys, and conferencing, among other things. Forms, which are written in HTML and processed by CGI programs, offer a great way to collect and process information from people visiting your online store.
  • CGI scripts and SSL security are two examples of server-side technologies that increase the power of a Web server beyond its capability to deliver just standard HTML pages. Others include server-side includes and Active Server Pages.

Tip 8: Understand the performance issues
In the early days of the Web, it was expected that systems would be slow and crash every so often. Those days have been a memory for a number of years now, and visitors are no longer forgiving of such inconveniences. Web performance has become a top priority for administrators, and you must know the basics of this topic to pass this exam:
  • The term "thin client" refers to a client on a client/server network that occupies relatively little memory or disk storage space and leaves most of the processing work to the server. A "fat client" is just the opposite, a resource-intensive, often proprietary client in a client/server network that usually requires data be captured in proprietary file formats.
  • Thin clients can be used to control heavier and more processor-intensive applications. They also make application upgrades easy. Put in simple terms, thin clients provide a server-based software solution in which lightweight pieces of software control heavier and more processor-intensive applications.
  • A bandwidth test is a program that sends a file or files (of known size) over a network to a distant computer and then measures the time it takes to successfully download the file(s) at the distant site. Bandwidth, often referred to as throughput, refers to the capacity of information to flow in a specific period of time. It's measured using bits per second (bps). To calculate the possible data transfer time, you must divide the size of the file by the bandwidth. Latency and bandwidth would both be critical factors when computing capacity planning for a Web server.
  • Factors that can affect throughput and bandwidth include topology, congestion, and the server computer. Other factors include internetworking devices, types of data being transferred, power- and weather-induced outages, the number of users, and the types of computers being used.

Tip 9: Collect feedback and monitor logs
Everyone has heard the tale of the new administrator who decided to audit every transaction to keep a close watch on the system. Within a short time, the system slowed down as the logging detracted from performance and the log files grew to incomprehensible size—too much for any administrator to ever wade through. Clearly, it is important to know what to log and how to interpret the data collected.

"Hits" are the count of each individual request a Web browser makes for any file on your site (HTML, graphics, plug-ins, style sheets, and so on). "Pageviews" are a count of the number of times the HTML file for your Web page is requested from your Web server.

You can determine the number of unique visitors to your site by analyzing the IP addresses, domain names, and cookies in the log that records visitors to your site. Indiespace offers a tutorial on interpreting access logs, and iBoost Journal offers an article about measuring Web site traffic.

Tip 10: Security, security, security
The number one priority for e-business today is the same as it was when the first electronic transaction took place: security. Buyers want to know that their transactions are safe and that their privacy is being respected. The seller, on the other hand, not only has the burden of providing that safety but also wants assurance that it's dealing with a legitimate buyer and processing a transaction that cannot be repudiated.

An e-business that wants to secure consumer information and credit card data should, among other things: approach security as a system, use secure message digest, and destroy unneeded data. For the e-Biz+ exam, be sure to understand the following concepts:
  • A digital certificate is like an electronic credit card, establishing your credentials when transacting business over the Web.
  • A certificate authority (CA) is the entity in a network that manages security credentials and public keys for message encryption. The certificate authority checks with the registration authority to verify information provided by the requestor of a certificate. A certificate revocation list (CRL) holds a list of client certificates that were revoked before they expired.
  • A denial-of-service (DoS) attack is a malicious attack generally perpetrated by someone who wants to disrupt the ability to access Web sites or e-mail.
  • The Digital Signature Standard (DSS) is the U.S. government standard for authentication of electronic documents, as specified in Federal Information Processing Standard 186. Digital signatures are easily transportable.
  • A firewall is a system (or combination of systems) that enforces security policies between two or more networks. Examples of firewalls include routers with ACLs, dedicated hardware boxes, and certain software. A packet filter firewall examines packets as they enter/leave the network and then decides what to do with them based on a set of user-defined rules.
  • Internet Explorer displays a locked padlock to indicate that a Web page is secure. Netscape Navigator indicates a Web page is secure by displaying a full key (broken key for nonsecure sites).
  • Secure Sockets Layer (SSL) is an Internet security standard widely supported by Web browsers and servers. It's application-independent and works with all Internet tools, not just the World Wide Web. SSL has emerged as the clear standard for securing Web transactions. An SSL-protected message is encoded with the public keys of those who are exchanging information (decoded with the private keys).

Emmett's recommendation
A basic knowledge of business, coupled with an understanding of technology and a good dose of common sense, will help you pass this exam. CompTIA lists a variety of question types that may appear on the exam. But the version I took included only multiple-choice questions, with most requiring you to choose a single-answer from four possibilities.

 

Editor's Picks

Free Newsletters, In your Inbox