Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
80 Cards in this Set
- Front
- Back
|
1. Perhaps the most striking fact about natural disasters in relation to AIS controls is that
a) many companies in one locale can be seriously affected at one time by a disaster. b) losses are absolutely unpreventable. c) there are a large number of major disasters every year. d) disaster planning has largely been ignored in the literature. |
a) many companies in one locale can be seriously affected at one time by a disaster.
|
|
|
2. There are four distinct types of threats to an AIS: 1) software errors and equipment malfunctions; 2) unintentional acts; 3) intentional acts; and 4) __________.
a) computer fraud b) data transmission errors c) human carelessness d) natural and political disasters |
d) natural and political disasters
|
|
|
3. Which AIS threat below would be classified an unintentional act?
a) a power outage b) sabotage c) high winds d) a logic error |
d) a logic error
|
|
|
4. Which AIS threat below would be classified as a natural or political disaster?
a) Accident b) Corruption c) Power outage d) Terrorist attack |
d) Terrorist attack
|
|
|
5. Which AIS threat below would be classified a computer crime?
a) Innocent error b) Operating system crash c) Sabotage d) Terrorist attack |
c) Sabotage
|
|
|
6. Which AIS threat below would be classified as a software error or equipment malfunction?
a) Earthquake b) Logic error c) Operating system crash d) Sabotage |
c) Operating system crash
|
|
|
7. An expert from the Information Systems Security Association estimates that the largest single source of security problems for systems is due to
a) human errors and omissions. b) physical threats such as natural disasters. c) dishonest employees. d) fraud and embezzlement. |
a) human errors and omissions.
|
|
|
8. Fraud is any and all means a person uses to gain an unfair advantage over another person. Current and former employees of an organization are much more likely to perpetrate fraud than external parties. The act by a person or group of persons resulting in materially misleading financial statements is called a(n)
a) misappropriation of assets. b) employee fraud. c) fraudulent financial reporting. d) theft of assets. |
c) fraudulent financial reporting.
|
|
|
9. Most fraud perpetrators are insiders because
a) insiders are more dishonest than outsiders. b) insiders know more about the system and its weaknesses than outsiders. c) outsiders are more likely to get caught than insiders. d) insiders have more need for money than outsiders. |
b) insiders know more about the system and its weaknesses than outsiders.
|
|
|
10. A majority of fraud perpetrators are
a) outsiders. b) employees. c) computer hackers. d) vendors. |
b) employees.
|
|
|
11. Misappropriation of assets can also be called
a) Computer fraud b) Employee fraud c) Fraudulent financial reporting d) Management fraud |
b) Employee fraud
|
|
|
12. Intentional or reckless conduct that results in materially misleading financial statements is called
a) financial fraud. b) misstatement fraud. c) fraudulent financial reporting. d) audit failure fraud. |
c) fraudulent financial reporting.
|
|
|
13. The Treadway Commission studied 450 lawsuits against auditors and found that
a) misappropriation of assets was the reason for over one-half of the suits. b) fraudulent financial reporting was the reason for over one-half of the suits. c) white-collar criminals were responsible for only a fraction of the lawsuits. d) only in a very few cases were financial statements falsified. |
b) fraudulent financial reporting was the reason for over one-half of the suits.
|
|
|
14. Researchers have compared the psychological and demographic characteristics of white-collar criminals, violent criminals, and the general public. They found that
a) few differences exist between white-collar criminals and the general public. b) white-collar criminals eventually become violent criminals. c) most white-collar criminals invest their illegal income rather than spend it. d) most white-collar criminals are older and not technologically proficient. |
a) few differences exist between white-collar criminals and the general public.
|
|
|
15. Which of the factors listed below is not a common factor for fraud?
a) pressure to commit fraud b) opportunity to commit fraud c) desire to get even with the employer d) rationalization for the crime |
c) desire to get even with the employer
|
|
|
16. Reasons for committing a fraud include living beyond one's means, having heavy debts, or unusually high bills. Such a motivator for committing a fraud is commonly known as a
a) spark. b) pressure. c) flash-point. d) catalyst. |
b) pressure.
|
|
|
17. Which of the following motivators would be a good indication of financial pressure that would contribute to employee fraud?
a) a big change for the better in an employee's lifestyle b) an employee suddenly acquires lots of credit cards c) inadequate internal controls d) too close association with suppliers or customers |
a) a big change for the better in an employee's lifestyle
|
|
|
18. Which of the following emotions could cause an employee to feel pressured to defraud his employer?
a) a feeling of not being appreciated b) failing to receive a deserved promotion c) believing that their pay is too low relative to others around them d) All of the above emotions could be sources of pressure. |
d) All of the above emotions could be sources of pressure.
|
|
|
19. There are three characteristics associated with most fraud. The characteristic that often takes more time and effort and leaves behind more evidence than other types of fraud is called
a) theft. b) conversion. c) concealment. d) embezzlement. |
c) concealment.
|
|
|
20. In many cases of fraud, the __________ takes more time and effort than the __________ is worth.
a) concealment; theft b) theft; concealment c) conversion; theft d) conversion; concealment |
a) concealment; theft
|
|
|
21. What is one common way to hide a theft?
a) by creating cash through the transfer of money between banks b) by the conversion of stolen assets into cash c) by stealing cash from customer A and then using customer B's balance to pay customer A's accounts receivable d) by charging the stolen item to an expense account |
d) by charging the stolen item to an expense account
|
|
|
22. In a __________ scheme, customer receipts are stolen and then subsequent payments by other customers are misapplied to cover the theft of the original receipts.
a) kiting b) laundering c) bogus expense d) lapping |
d) lapping
|
|
|
23. One fraudulent scheme covers up a theft by creating cash through the transfer of money between banks. This is known as
a) lapping. b) misappropriation of assets. c) kiting. d) concealment. |
c) kiting.
|
|
|
24. Characteristics connected with fraud include pressures, opportunities, and rationalizations. Of these characteristics, which one often stems from a lack of internal controls within an organization?
a) pressures b) opportunities c) rationalizations d) none of the above |
b) opportunities
|
|
|
25. Which situation below makes it easy for someone to commit a fraud?
a) the organization placing excessive trust in key employees b) inadequate staffing within the organization c) company policies within the organization are unclear d) All of the above situations make it easy for someone to commit a fraud. |
d) All of the above situations make it easy for someone to commit a fraud.
|
|
|
26. What is the most prevalent opportunity within most companies to commit fraud?
a) the failure to have any internal controls b) the failure to enforce the system of internal controls c) the failure to have the correct controls d) the failure to realize that fraud could occur |
b) the failure to enforce the system of internal controls
|
|
|
27. Characteristics connected with fraud include pressures, opportunities, and rationalizations. Of these characteristics, which one relates to excuses that perpetrators have allowing them to justify their illegal behavior?
a) pressures b) opportunities c) rationalizations d) none of the above |
c) rationalizations
|
|
|
28. The US Justice Department defines computer fraud as
a) any crime in which a computer is used. b) an illegal act in which knowledge of computer technology is essential. c) any act in which cash is stolen using a computer. d) an illegal act in which a computer is an integral part of the crime. |
b) an illegal act in which knowledge of computer technology is essential.
|
|
|
29. Computer fraud is often much more difficult to detect than other types of fraud because
a) perpetrators usually only steal very small amounts of money at a time, thus requiring a long period of time to have elapsed before they're discovered. b) perpetrators can commit a fraud and leave little or no evidence. c) most perpetrators invest their illegal income rather than spend it, thus concealing key evidence. d) most computer criminals are older and are considered to be more cunning when committing such a fraud. |
b) perpetrators can commit a fraud and leave little or no evidence.
|
|
|
30. Why is computer fraud often more difficult to detect than other types of fraud?
a) Rarely is cash stolen in computer fraud. b) The fraud may leave little or no evidence it ever happened. c) Computers provide more opportunities for fraud. d) Computer fraud perpetrators are just cleverer than other types of criminals. |
b) The fraud may leave little or no evidence it ever happened
|
|
|
31. Many fraud cases go unreported and unprosecuted for several reasons. Why is this the case?
a) Companies are reluctant to report computer crimes because a highly visible computer fraud is a public relations nightmare. b) Such crimes are difficult, costly, and time-consuming to investigate and prosecute. c) Law enforcement and the courts are often too busy with violent crimes that little time is left for fraud cases. d) all of the above |
d) all of the above
|
|
|
32. Computer fraud can be analyzed using the traditional data processing model. According to this model, the simplest and most common fraud is __________ fraud.
a) input b) processor c) computer instructions d) output |
a) input
|
|
|
33. The simplest and most common way to commit a computer fraud is to
a) alter computer input. b) alter computer output. c) modify the processing. d) corrupt the data base. |
a) alter computer input.
|
|
|
34. Computer fraud has been categorized into several different classifications. The classification of computer fraud where the perpetrator causes a company to pay for ordered goods, or to pay for goods never ordered is called
a) disbursement fraud. b) inventory fraud. c) payroll fraud. d) cash receipts fraud. |
a) disbursement fraud.
|
|
|
35. In a disbursement fraud the company
a) pays too much for ordered goods. b) pays for goods never received. c) laps cash payments at the bank. d) Both A and B are correct. |
d) Both A and B are correct
|
|
|
36. How can funds be stolen in payroll fraud?
a) by paying a fictitious or ghost employee b) by increasing pay rates without permission c) by keeping a real but terminated employee on the payroll d) All of the above situations are possible. |
d) All of the above situations are possible.
|
|
|
37. Stealing a master list of customers and selling it to a competitor is an example of
a) data theft. b) output theft. c) disbursement fraud. d) a trap door technique. |
a) data theft.
|
|
|
38. One computer fraud technique is known as data diddling. What is it?
a) gaining unauthorized access to and use of computer systems, usually by means of a personal computer and a telecommunications network b) unauthorized copying of company data such as computer files c) unauthorized access to a system by the perpetrator pretending to be an authorized user d) changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data |
d) changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data
|
|
|
39. What is a denial of service attack?
a) A denial of service attack occurs when the perpetrator sends hundreds of messages from randomly generated false addresses, overloading an Internet service provider's e-mail server. b) A denial of service attack occurs when an e-mail message is sent through a re-mailer, who removes the message headers making the message anonymous, then resends the message to selected addresses. c) A denial of service attack occurs when a cracker enters a system through an idle modem, captures the PC attached to the modem, and then gains access to the network to which it is connected. d) A denial of service attack occurs when the perpetrator e-mails the same message to everyone on one or more Usenet newsgroups LISTSERV lists. |
a) A denial of service attack occurs when the perpetrator sends hundreds of messages from randomly generated false addresses, overloading an Internet service provider's e-mail server.
|
|
|
40. The unauthorized copying of company data is known as
a) Data leakage b) Eavesdropping c) Masquerading d) Phishing |
a) Data leakage
|
|
|
41. The unauthorized access to and use of computer systems
a) Hacking b) Hijacking c) Phreaking d) Sniffing |
a) Hacking
|
|
|
42. Which of the following is the easiest method for a computer criminal to steal output without ever being on the premises?
a) dumpster diving b) by use of a Trojan horse c) using a telescope to peer at paper reports d) electronic eavesdropping on computer monitors |
b) by use of a Trojan horse
|
|
|
43. Computer fraud perpetrators who use telephone lines to commit fraud and other illegal acts are typically called
a) hackers. b) crackers. c) phreakers. d) jerks. |
c) phreakers.
|
|
|
44. Gaining control of someone else's computer to carry out illicit activities without the user's knowledge
a) Hacking b) Hijacking c) Phreaking d) Sniffing |
b) Hijacking
|
|
|
45. Illegally obtaining and using confidential information about a person for economic gain
a) Eavesdropping b) Identity theft c) Packet sniffing d) Piggybacking |
b) Identity theft
|
|
|
46. Which of the following is not a method of identify theft
a) Scavenging b) Phishing c) Shoulder surfing d) Phreaking |
d) Phreaking
|
|
|
47. Which method of fraud is physical in its nature rather than electronic?
a) cracking b) hacking c) eavesdropping d) scavenging |
d) scavenging
|
|
|
48. When a computer criminal gains access to a system by searching records or the trash of the target company, this is referred to as
a) data diddling. b) dumpster diving. c) eavesdropping. d) piggybacking. |
b) dumpster diving.
|
|
|
49. A part of a program that remains idle until some date or event occurs and then is activated to cause havoc in the system is a
a) trap door. b) data diddle. c) logic bomb. d) virus. |
c) logic bomb.
|
|
|
50. The deceptive method by which a perpetrator gains access to the system by pretending to be an authorized user is called __________.
a) cracking. b) masquerading. c) hacking. d) superzapping. |
b) masquerading.
|
|
|
51. Tapping into a communications line and then entering the system by accompanying a legitimate user without their knowledge is called
a) superzapping. b) data leakage. c) hacking. d) piggybacking. |
d) piggybacking.
|
|
|
52. A fraud technique that slices off tiny amounts from many projects is called the __________ technique.
a) Trojan horse b) round down c) salami d) trap door |
c) salami
|
|
|
53. Spyware is
a) Software that tells the user if anyone is spying on his computer b) Software that monitors whether spies are looking at the computer c) Software that monitors computing habits and sends the data it gathers to someone else d) None of the above |
c) Software that monitors computing habits and sends the data it gathers to someone else
|
|
|
54. The unauthorized use of special system programs to bypass regular system controls and perform illegal act is called
a) a Trojan horse. b) a trap door. c) the salami technique. d) superzapping. |
d) superzapping.
|
|
|
55. Computer fraud perpetrators have developed many methods to commit their acts. One way is to modify programs during systems development allowing access into the system that bypasses normal system controls. This is known as
a) a Trojan horse. b) a trap door. c) the salami technique. d) superzapping. |
b) a trap door.
|
|
|
56. A fraud technique that allows the hacker to bypass normal system controls and enter a secured system is called
a) superzapping. b) data diddling. c) using a trap door. d) piggybacking. |
c) using a trap door.
|
|
|
57. A set of unauthorized computer instructions in an otherwise properly functioning program
a) Logic bomb b) Spyware c) Trap door d) Trojan horse |
d) Trojan horse
|
|
|
58. A __________ is similar to a __________, except that it is a program rather than a code segment hidden in a host program.
a) worm; virus b) Trojan horse; worm c) worm; Trojan horse d) virus; worm |
a) worm; virus
|
|
|
59. Which type of antivirus program is most effective in spotting an infection soon after it starts?
a) a virus protection program b) a virus identification program c) a virus detection program d) none of the above |
d) none of the above
|
|
|
60. How can an organization reduce fraud losses?
a) encrypt data and programs b) use forensic accountants c) maintain adequate insurance d) require vacations and rotate duties |
c) maintain adequate insurance
|
|
|
61. On Monday morning, Janet Pillsner, Chief Information Officer at International Securities Corporation (ISC), got some bad news. A tape used to store system data backups was lost while it was being transported to an offsite storage location. She called a meeting of her technical staff to discuss the implications of the loss. Which of the following is most likely to relieve her concerns over the potential cost of the loss?
a) The shipper has insurance that will reimburse ISC for the cost of the tape. b) ISC has a copy of the tape onsite, so a new copy for storage offsite can easily be prepared. c) The tape was encrypted and password protected. d) ISC has a comprehensive disaster recovery plan. |
c) The tape was encrypted and password protected.
|
|
|
62. Wally Hewitt is an accountant with a large accounting firm. The firm has a very strict policy of requiring all users to change their passwords every sixty days. In early March, Wally received an email from the firm that explained that there had been an error updating his password and that provided a link to a Web site with instructions for re-entering his password. Something about the email made Wally suspicious, so he called the firm’s information technology department and found that the email was fictitious. The email was an example of
a) social engineering. b) phishing. c) piggybacking. d) spamming. |
b) phishing.
|
|
|
63. Developers of computer systems often include a user name and password that is hidden in the system, just in case they need to get into the system and correct problems in the future. This is referred to as a
a) Trojan horse. b) key logger.. c) spoof. d) back door. |
d) back door.
|
|
|
64. In the 1960’s, techniques were developed that allowed individuals to fool the phone system into providing free access to long distance phone calls. The people who use these methods are referred to as
a) phreakers. b) hackers. c) hijackers. d) superzappers. |
a) phreakers.
|
|
|
65. During a routine audit, a review of cash receipts and related accounting entries revealed discrepancies. Upon further analysis, it was found that figures had been entered correctly and then subsequently changed, with the difference diverted to a fictitious customer account. This is an example of
a) kiting. b) data diddling. c) data leakage. d) phreaking. |
b) data diddling.
|
|
|
66. It was late on a Friday afternoon when Troy Willicott got a call at the help desk for Taggitt Finances. A man with an edge of panic clearly discernible in his voice was on the phone. “I’m really in a bind and I sure hope that you can help me.” He identified himself as Chet Frazier from the Accounting Department. He told Troy that he had to work on a report that was due on Monday morning and that he had forgotten to bring a written copy of his new password home with him. Troy know that Taggitt’s new password policy, that required that passwords must be at least fifteen characters long, must contain letters and numbers, and must be changed every sixty days, had created problems. Consequently, Troy provided the password, listened as it was read back to him, and was profusely thanked before ending the call. The caller was not Chet Frazier, and Troy Willicott was a victim of
a) phreaking. b) war dialing. c) identity theft. d) social engineering. |
d) social engineering.
|
|
|
67. Chiller451 was chatting online with 3L3tCowboy. “I can’t believe how lame some people are! :) I can get into any system by checking out the company web site to see how user names are defined and who is on the employee directory. Then, all it takes is brute force to find the password.” Chiller451 is a __________ and the method he is describing is ___________.
a) phreaker; dumpster diving b) hacker; social engineering c) phreaker; the salami technique d) hacker; password cracking |
d) hacker; password cracking
|
|
|
68. After graduating from college with a communications degree, Sylvia Placer experienced some difficulty in finding full time employment. She free-lanced during the summer as a writer and then started a blog in the fall. Shortly thereafter she was contacted by Clickadoo Online Services, who offered to pay her to promote their clients by mentioning them in her blog and linking to their Web sites. She set up several more blogs for this purpose and is now generating a reasonable level of income. She is engaged in
a) Bluesnarfing. b) splogging. c) vishing. d) typosquatting. |
b) splogging.
|
|
|
69. Telefarm Industries is a telemarketing firm that operates in the Midwest. The turnover rate among employees is quite high. Recently, the information technology manager discovered that an unknown employee had used an unsecured computer to access the firm’s database and copy a list of customers from the past three years that included credit card information. Telefarm was a victim of
a) Bluesnarfing. b) splogging. c) vishing. d) typosquatting. |
a) Bluesnarfing.
|
|
|
70. Wally Hewitt maintains an online brokerage account. In early March, Wally received an email from the firm that explained that there had been a computer error and that provided a phone number so that Wally could verify his customer information. When he called, a recording asked that he enter the code from the email, his account number, and his social security number. After he did so, he was told that he would be connected with a customer service representative, but the connection was terminated. He contacted the brokerage company and was informed that they had not sent the email. Wally was a victim of
a) Bluesnarfing. b) splogging. c) vishing. d) typosquatting. |
c) vishing.
|
|
|
71. Christmas shopping online is a popular pastime. Jim Chan decided to give it a try. He linked to amazon.com, found a perfect gift for his daughter, registered, and placed his order. It was only later that he noticed that the Web site’s URL was actually amazom.com. Jim was a victim of
a) Bluesnarfing. b) splogging. c) vishing. d) typosquatting. |
d) typosquatting.
|
|
|
72. Computers that are part of a botnet and are controlled by a bot herder are referred to as
a) posers. b) zombies. c) botsquats. d) evil twins. |
b) zombies.
|
|
|
73. Jiao Jan had been the Web master for Folding Squid Technologies for only three months when the Web site was inundated with access attempts. The only solution was to shut down the site and then selectively open it to access from certain Web addresses. FST suffered significant losses during the period. The company had been the victim of a(an)
a) denial-of-service attack. b) zero-day attack. c) malware attack. d) cyber-extortion attack. |
a) denial-of-service attack.
|
|
|
74. Jiao Jan had been the Web master for Folding Squid Technologies for only three months when he received an anonymous email that threatened to inundate the company Web site with access attempts unless a payment was wired to an account in Eastern Europe. Jiao was concerned that FST would suffer significant losses if the threat was genuine. The author of the email was engaged in
a) a denial-of-service attack. b) Internet terrorism. c) hacking. d) cyber-extortion. |
d) cyber-extortion.
|
|
|
75. I work in the information technology department of a company I'll call CMV. On Wednesday morning, I arrived at work, scanned in my identity card and punched in my code, when this guy in a delivery uniform came up behind me carrying a bunch of boxes. I opened the door for him, he nodded and grunted and went on in. I didn't think anything of it until later. Then I wondered if he might have been
a) typosquatting. b) piggybacking. c) posing. d) spoofing. |
b) piggybacking.
|
|
|
76. The call to tech support was fairly routine. A first-time computer user had purchased a brand new PC two months ago and it was now operating much more slowly and sluggishly than it had at first. Had he been accessing the Internet? Yes. Had he installed any “free” software? Yes. The problem is likely to be a(an)
a) virus. b) zero-day attack. c) denial of service attack. d) dictionary attack. |
a) virus.
|
|
|
77. Mo Chauncey was arrested in Emporia, Kansas, on February 29, 2008, for running an online business that specialized in buying and reselling stolen credit card information. Mo was charged with
a) typosquatting. b) carding. c) pharming. d) phishing. |
b) carding.
|
|
|
78. In November of 2005 it was discovered that many of the new CDs distributed by Sony BMG installed software when they were played on a computer. The software was intended to protect the CDs from copying. Unfortunately, it also made the computer vulnerable to attack by malware run over the Internet. The scandal and resulting backlash was very costly. The software installed by the CDs is a
a) virus. b) worm. c) rootkit. d) squirrel. |
c) rootkit.
|
|
|
79. The first known examples of the practice of concealing a message within a message comes from the historian Herodotus, who wrote of a case in which a message was tattooed on the shaved head of a slave. When the slave’s hair grew back, he traveled to the recipient and delivered the message by having his head shaved again. Modern applications involve concealing data within computer files. This practice is referred to as
a) latenography. b) obfuscography. c) cryptography. d) steganography. |
d) steganography.
|
|
|
80. A simple method for catching or preventing many types of employee fraud is to
a) monitor all employee behavior using video cameras. b) require all employees to take annual vacations. c) explain to employees that fraud is illegal and that it will be severely punished. d) monitor employee bank accounts and net worth. |
b) require all employees to take annual vacations
|
