| 1. Employee’s behavioral changes (alcohol, gambling) will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
b |
|
M1 |
1 |
|
M1 |
| 2. The purpose of the Red Flags Rule is: |
A. To detect the warning signs – or “red flags” – of identity theft in day-to-day operations |
B. take steps to prevent the crime |
C. Mitigate the damage it inflicts. |
D. All of the above |
c |
|
M1 |
2 |
|
M1 |
| 3. The interrelationship among auditing, fraud examination, and financial forensics is: |
A. Established and maintained by legal structures and justice processes |
B. Constant even while social and cultural pressures are exerted on it |
C. Cased on the SOX Act and SAS 99 |
E. Dynamic and changes over time |
e |
|
M1 |
3 |
|
M1 |
| 4. What is one of the primary differences between a Financial Statement auditor and a Forensic Accountant? |
A. Financial statement auditors are likely to follow leads suggested by immaterial items whereas Forensic Accountants often must restrict their efforts to searching for material misstatements. |
B. Forensic Accountants are likely to follow leads suggested by immaterial items whereas .financial statement auditors often must restrict their efforts to searching for material misstatements |
C. .Forensic Accountants must focus on specific legal areas that produce fraud charges under the courts of law whereas financial statement auditors focus their attention on the Generally Accepted Accounting Principles. |
D. Forensic Accountants are likely to ask individuals to fix discrepancies found in financial statements whereas financial statement auditors will fail a corporations financial statement certification, therefore having repercussions with the SEC. |
b |
|
M1 |
4 |
|
M1 |
| 5. Among the following which would be the red flags for payroll – |
A. Overtime time charged during a slack period |
B. Excessive or unjustified transactions |
C. Large no. of Write- off of accounts |
D. All of the above |
a |
|
M1 |
5 |
|
M1 |
| 6. If pressures and opportunities are high and personal integrity is low, the chance of fraud is: |
A. High |
B. Medium |
C. Very Low |
D. Low |
a |
|
M1 |
6 |
|
M1 |
| 7. Which is not a red flag among following: |
A. Negative Cash flows |
B. Significant sales to related parties |
C. Sudden above-average profits for specific quarters |
D. Paid dividend according to dividend payout ratio |
d |
|
M1 |
7 |
|
M1 |
| 8. At a minimum, professional skepticism: |
A. is supportive of client’s claim of fraud |
B. is a neutral but disciplined approach to detection and investigation |
C. assumes that the management is dishonest and therefore must “pull every loose thread” to find the evidence and fraud |
D. assumes unquestioned loyalty by newer and younger employees |
b |
|
M1 |
8 |
|
M1 |
| 9. Which of the following techniques is most effective in preventing computer crime? |
A. Backups |
B. Digital forensic analysis |
C. Using a firewall |
D. None of the above |
a |
|
M1 |
9 |
|
M1 |
| 10.Which is not a red flag among following: |
A. Negative Cash flows |
B. Significant sales to related parties |
C. Sudden above-average profits for specific quarters |
D. Paid dividend according to dividend payout ratio |
d |
|
M1 |
10 |
|
M1 |
| 11.Which of the following types of organizations typically use Forensic Accountants? |
A. Publicly held corporations. |
B. Private/non-profit corporations. |
C. Federal/State Agencies. |
D. All of the above. |
d |
|
M1 |
11 |
|
M1 |
| 12.Which of the following is not a common type of fraud pressure? |
A. Pressure to outsmart peers |
B. Financial pressures |
C. Work-related pressures |
D. Vices |
b |
|
M1 |
12 |
|
M1 |
| 13.Which of the following techniques is most effective in preventing computer crime? |
A. Backups |
B. Digital forensic analysis |
C. Using a firewall |
D. None of the above |
a |
|
M1 |
13 |
|
M1 |
| 14.In comparing management fraud with employee fraud, the auditor’s risk of failing to discover the fraud is: |
A. greater for management fraud because managers are inherently more deceptive than employees |
B. greater for management fraud because of management’s ability to override existing internal controls |
C. greater for employee fraud because of the higher crime rate among blue collar workers |
D. greater for employee fraud because of the larger number of employees in the organization |
b |
|
M1 |
14 |
|
M1 |
| 15.____ is the science of writing hidden messages I such a way that no one apart from th sender and intended recipient even realizes there is a hidden message. |
A. decryption |
B. obfuscation |
C. stenography |
D. encryption |
c |
|
M1 |
15 |
|
M1 |
| 16.Why is it recommended not to put a password in your EnCase? |
A. because you will secure your information |
B. it’s to many steps |
C. if you forget you are out of luck |
D. it cannot be encrypted |
c |
|
M1 |
16 |
|
M1 |
| 17.All of the following are methods that organization can adopt to proactively eliminate fraud opportunities EXCEPT: |
A. Accurately identifying sources and measuring risks |
B. Implementing appropriate preventative and detective controls |
C. Creating widespread monitoring by employees |
D. Eliminating protections for whistle blowers |
d |
|
M1 |
17 |
|
M1 |
| 18.Overstating revenues and understating liabilities and expenses typifies which of the following fraud schemes? |
A. Unconcealed larceny |
B. Purchase and sales Skimming |
C. Fraudulent statements |
D. Schemes |
c |
|
M1 |
18 |
|
M1 |
| 19.From the statements below select the most correct. |
A. Prevention and deterrence are typically more costly than attempting to remediate a fraud that has already occurred. |
B. Fraud deterrence refers to creating environments in which people are prohibited from committing fraud. |
C. Fraud detection refers to the process of preventing and discovering the presence of fraud. |
D. Prevention and deterrence are typically more cost beneficial than attempting to remediate a fraud that has already occurred. |
d |
|
M1 |
19 |
|
M1 |
| 20.when working on computer forensics always work from of the evidence and never from the original to prevent damage to the evidence. |
A. Original hard drive |
B. Live computer |
C. Remote desktop |
D. An image |
d |
|
M1 |
20 |
|
M1 |
| 21.Financial statement fraud is easiest to commit in organizations that: |
A.have democratic leadership. |
B.have a large internal audit department. |
C.have a board of directors comprised primarily of outsiders. |
D.have complex organizational structures. |
d |
|
M1 |
21 |
|
M1 |
| 22.Customer fraud includes all of the following EXCEPT: |
A. Get something for nothing |
B. Do not pay for goods purchased |
C. Fraud perpetrated through collusion between buyers and vendors. |
D. Deceive organization into giving them something they should not |
c |
|
M1 |
22 |
|
M1 |
| 23.What is the most cost-effective way to minimize the cost of fraud? |
A. Prevention |
B. Detection |
C. Investigation |
D. Prosecution |
a |
|
M1 |
23 |
|
M1 |
| 24.The Fraud Exposure Rectangle includes: |
A. Rationalization |
B. perceived pressure |
C. relationships with others |
D. All of the choices are included in the Fraud Exposure Rectangle |
c |
|
M1 |
24 |
|
M1 |
| 25.Which of the following statements is most correct regarding errors and fraud? |
A. An error is unintentional, whereas fraud is intentional. |
B. Frauds occur more often than errors in financial statements. |
C. Errors are always fraud and frauds are always errors. |
D. Auditors have more responsibility for finding fraud than errors. |
a |
|
M1 |
25 |
|
M1 |
| 26.You are suppose to maintain three types of records. Which answer is not a record? |
A. Chain of custody |
B. Documentation of the crime scene |
C. Searching the crime scene |
D. Document your actions |
c |
|
M1 |
26 |
|
M1 |
| 27.Forensic Interviewing Techniques does not include |
A. Investigation |
B. Polygraph test |
C. Physical Behaviour Analysis |
D. Disk Imaging |
d |
|
M1 |
27 |
|
M1 |
| 28.When performing forensics work, which of the guidelines below should be followed? i. You should make a copy of a suspect's drive and interact with the copy instead of the original ii. If you take the evidence home with you, carry it in a locked briefcase. iii. You should only document those tests that provide information that can be used in court. iv. The location and use of the evidence from the point it was seized until the moment it is shown in court must be known. |
A. i and ii |
B. i and iii |
C. i and ii |
D. All of above |
a |
|
M1 |
28 |
|
M1 |
| 29.Which financial ratio is not useful in detecting revenue-related fraud? |
A. Gross profit margin ratio |
B. Account receivable ratio |
C. Asset turnover ratio |
D. All of the above |
d |
|
M1 |
29 |
|
M1 |
| 30.Phishing attackers use –––––––––––––––––– to commit their crimes. |
A. Email |
B. SMS |
C. Courier |
D. Whatsapp |
a |
|
M1 |
30 |
|
M1 |
| 31.The possible profiles of a fraud perpetrator are |
A. Very friendly, but self centered and egoistic |
B. Unfriendly and an introvert |
C. Surly and angry but good in work |
D. Very slow in work that he/she is used to doing for years together |
b |
|
M1 |
31 |
|
M1 |
| 32.Steganography is |
A. graph of sales to technological spending |
B. the science of hiding information |
C. graph of mails sent to mails received |
D. the science of generating random passwords |
b |
|
M1 |
32 |
|
M1 |
| 33.Tools for imaging: (a) Dossier (b) Tableau (c) Encase & FTK (d) ACL |
A. (a), (b) & (c) only |
B. (b) & (c) only |
C. (a) & (b) only |
D. All of the above |
a |
|
M1 |
33 |
|
M1 |
| 34.most popular software forensic tools include all of the following except: |
A. Forensics Autopsy |
B. QUICKEN |
C. Forensics Toolkit |
D. SMART |
b |
|
M1 |
34 |
|
M1 |
| 35.One very well-known software used for forensic analysis is . |
A. IBM |
B. Google |
C. Encase |
D. Forensic-ripper |
c |
|
M1 |
35 |
|
M1 |
| 36.Three conditions are necessary for a fraud to occur. These three conditions are: |
A. need, dissatisfaction, and challenge |
B. pressure, opportunity, and rationalization |
C. no separation of duties, need, and no independent performance checks |
D. challenge, motivation, and failure to enforce internal controls |
b |
|
M1 |
36 |
|
M1 |
| 37.If a company wishes to improve detection methods, they should do all of the following except: |
A. use forensic accountants |
B. conduct frequent audits |
C. encrypt data |
D. all of the above improve detection of fraud |
d |
|
M1 |
37 |
|
M1 |
| 38.Refusal to take sick leave by employees will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
c |
|
M1 |
38 |
|
M1 |
| 39.MS Excel has an Auditing Formula function known as : |
A. Track Formula |
B. Trace Dependents |
C. Trace Formula |
D. Track Reliability |
b |
|
M1 |
39 |
|
M1 |
| 40.A Forensic Auditor is not given any specific written mandate but a general consent to investigate into a fraud for accounting manipulation in Customer accounts. After completion of work, a note on which of the following aspect should NOT be included in a Forensic Audit Report |
A. Objectives that the Forensic Auditor has perceived and pursued during the course of the investigation. |
B. Severe deficiencies in the internal control mechanism observed by him with regard to Vendor accounts which has immaterial relevance to the subject fraud |
C. A recommendation for volume/ quantum of punishment to be reprimanded to the erring accountant against whom the Forensic Auditor has an explicit evidence. |
D. A limiting condition where certain file of important document for a specific period that was not made available to the Forensic Auditor despite several requests. |
c |
|
M1 |
40 |
|
M1 |
| 41.Which of the following is not a required part of an Identity Theft Prevention Program? |
A. Reasonable policies and procedures to identify potential “red flags” |
B. A dedicated phone line for customers to call in identity theft reports. |
C. Specific procedures to detect the “red flags” identified as potential threats. |
D. A plan for regularly re-evaluating the program. |
b |
|
M1 |
41 |
|
M1 |
| 42.A Forensic Auditor is not given any specific written mandate but a general consent to investigate into a fraud for accounting manipulation in Customer accounts. After completion of work, a note on which of the following aspect should NOT be included in a Forensic Audit Report |
A. Objectives that the Forensic Auditor has perceived and pursued during the course of the investigation. |
B. Severe deficiencies in the internal control mechanism observed by him with regard to Vendor accounts which has immaterial relevance to the subject fraud |
C. A recommendation for volume/ quantum of punishment to be reprimanded to the erring accountant against whom the Forensic Auditor has an explicit evidence. |
D. A limiting condition where certain file of important document for a specific period that was not made available to the Forensic Auditor despite several requests. |
c |
|
M1 |
42 |
|
M1 |
| 43.A forensics lab will have dedicated areas for each of the following functions EXCEPT _________. |
A. forensics examination workspace |
B. a secured locker area |
C. a continuing education training centre |
D. well-stocked inventory |
b |
|
M1 |
43 |
|
M1 |
| 44.The journal of a forensics specialist or expert will contain entries that provide the following functions EXCEPT _______. |
A. the description of WHO did WHAT and WHEN |
B. the results of the examination |
C. any actions taken to examine the evidence |
D. any theories that result from the examination |
d |
|
M1 |
44 |
|
M1 |
| 45.Weakness in internal control environment will lead which kind of fraud- |
A. Employee Red Flag |
B. Management Red Flag |
C. General Red Flag |
D. None of above |
b |
|
M1 |
45 |
|
M1 |
| 46.Which of the following is not an example of an antishoplifting technique? |
A. “Scarecrooks” |
B. “Anne Droid” |
C. Trojan Horse |
D. Ponzi scheme |
d |
|
M1 |
46 |
|
M1 |
| 47.Lack of segregation of duties in vulnerable area will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
a |
|
M1 |
47 |
|
M1 |
| 48.Suspicious” refers to which of the following: |
A. Inconsistent signatures on file. |
B. Driver’s license photo doesn’t match person. |
C. Inability to recall mother’s maiden name. |
D. Any and all of the above |
d |
|
M1 |
48 |
|
M1 |
| 49.Acquisition to ISO standard 27037, which of the following is an important factor in data acquisition? |
A. The DEFR’s Competency |
B. The DEFR’s skills in using the command lines |
C. Use of validated tools |
D. Condition at the acquisition setting |
a |
|
M1 |
49 |
|
M1 |
| 50.Computer forensics does not involves …. |
A. Interpretation, |
B. Preservation, |
C. Delimitation |
D. Documentation |
a |
|
M1 |
50 |
|
M1 |
| 51.Secretly recording a suspect’s interview will : |
A. assist you as electronic notes since it is not possible to always make comprehensive handwritten notes |
B. assist you to confront the suspect later if he/she changes his/her stand or denies certain information given earlier |
C. assist you, to limited extent, to build up evidence against the suspect in a court of law |
D. all the above |
d |
|
M1 |
51 |
|
M1 |
| 52.In the context of forensics, data is most analogous to ________. |
A. files and folders |
B. information |
C. digital evidence |
D. bits |
c |
|
M1 |
52 |
|
M1 |
| 53.The use of _____________________ may be particularly valuable in cases of white- collar crime. |
A. Fingerprint examiners |
B. Forensic photography |
C. Forensic accountants |
D. None of the above |
c |
|
M1 |
53 |
|
M1 |
| 54.Which of the following is a not a power under PMLA? |
A. Confiscation |
B. Abatement of crime |
C. Search & Seizure |
D. Arrest |
b |
|
M1 |
54 |
|
M1 |
| 55.Social engineering facilitates what type of computer fraud? |
A. Click fraud |
B. Identity theft |
C. Spoofing |
D. Dictionary attacks |
b |
|
M1 |
55 |
|
M1 |
| 56.……………………………... gives the expected frequencies of the digits in tabulated data. |
A. Benford’s Law |
B. Beneish Model |
C. Relative Size Factor |
D. *Blank Answer* |
a |
|
M1 |
56 |
|
M1 |
| 57.While interviewing/interrogating an investigator should look for following outer personality/attributes in a person to conclude him as a suspect or a non-suspect I. Person’s dressing sense: the chances of the one being a suspect is more who dresses shabbily than the one who dresses immaculately II. Person’s Gender : the chances of the one being a suspect is more if he is a Male than the one who is a Female III. Other Characteristics like Race, Religion, Community, Color, Hierarchy, Age, Height Weight, no of years of service etc |
A. All (I), (II) and (III) above |
B. Only (III) above |
C. Both (I) and (II) above |
D. None |
d |
|
M1 |
57 |
|
M1 |
| 58.The following firm is not involved in accounting scandals: |
A. Enron |
B. Larson and Toubro |
C. Worldcom |
D. Satyam |
b |
|
M1 |
58 |
|
M1 |
| 59.Weak internal controls in an organization will affect which of the following elements of fraud? |
A. Motive |
B. Opportunity |
C. Rationalization |
D. None of the above |
b |
|
M1 |
59 |
|
M1 |
| 60.Financial statement auditors, under SAS 99, are required to make inquires about possible fraudulent activity of all of the following parties except: |
A.bond holders. |
B.audit committee members. |
C.management. |
D.internal auditors. |
a |
|
M1 |
60 |
|
M1 |
| 61.Accounts that can be manipulated in revenue fraud include all of the following except: |
A. Accounts Receivable. |
B. Inventory. |
C. Sales Discounts. |
D. Bad Debt Expense |
b |
|
M1 |
61 |
|
M1 |
| 62.MS Excel has an Auditing Formula function known as : |
A. Track Formula |
B. Trace Dependents |
C. Trace Formula |
D. Track Reliability |
b |
|
M1 |
62 |
|
M1 |
| 63.Which of the following statement related to Fraud Risk Assessment (FRA) is INCORRECT: |
A. Evaluate whether identified fraud risk controls are operating effectively. |
B. It is a one-time activity, not required to be performed on periodic basis. |
C. Identify and map existing preventive and detective controls to the relevant fraud risk. |
D. Identify and evaluate residual fraud risk resulting from ineffective or non-existent controls. |
b |
|
M1 |
63 |
|
M1 |
| 64.After you have identified the red flags of ID Theft that you’re likely to come across in your business, what do you do next? |
A. Set up procedures to detect those red flags in your day-to-day operations. |
B. Train all employees who will use the procedures. |
C. Decide what actions to take when a red flag is detected. |
D. All of the above |
d |
|
M1 |
64 |
|
M1 |
| 65.One of the key success driver of Data Analysis is the ability to keep shuffling between the bird’s eye view (i.e macro overview) vis-à-vis the ant’s view (i.e micro view) of the data. In that context, which of the following techniques are useful for Forensic Auditor to get Bird’s Eyeview Or Macro overview of the Data (i) Missing / Gap Analysis (ii) Stratification (iii) Isolated Outliers (iv) Classification (v) Ageing Analysis (vi) Round Number Analysis |
A. (i), (ii) and (iii) |
B. (i), (iii) and (iv) |
C. (ii), (iv) and (vi) |
D. (ii), (iv) and (v) |
d |
|
M1 |
65 |
|
M1 |
| 66.In the context of forensics, data is most analogous to ________. |
A. files and folders |
B. information |
C. digital evidence |
D. bits |
c |
|
M1 |
66 |
|
M1 |
| 67.____________________ is a generic term which refers to all the legal and regulator aspects of Internet and the World Wide Web |
A. Cyber Law |
B. Cyber Dyne |
C. Cyber Café |
D. Electronic Law |
a |
|
M1 |
67 |
|
M1 |
| 68.When was the first ever cybercrime recorded? |
A. 1820 by Joseph-Marie Jacquard, a textile manufacturer in France |
B. 1830 by Joseph-Marie Jacquard, a textile manufacturer in London |
C. 1850 by Joseph-Marie Jacquard, a textile manufacturer in Roam |
D. 1880 by Joseph-Marie Jacquard, a textile manufacturer in Japan |
a |
|
M1 |
68 |
|
M1 |
| 69.A system of checks and balances between management and all other interested parties with the aim of producing an effective, efficient, and law-abiding corporation is known as: |
A. Corporate governance |
B. Code of conduct |
C. Transparency |
D. Culture of compliance |
c |
|
M1 |
69 |
|
M1 |
| 70.Many indicators of fraud are circumstantial; that is, they can be caused by nonfraud factors. This fact can make convicting someone of fraud difficult. Which of the following types of evidence would be most helpful in proving that someone committed fraud? |
A. Missing documentation. |
B. Analytical relationships that don’t make sense. |
C. A repeated pattern of similar fraudulent acts. |
D. A general ledger that is out of balance. |
c |
|
M1 |
70 |
|
M1 |
| 71.All of the following are indicators of financial statement fraud except: |
E. Unusually rapid growth of profitability. |
F. Dependence on one or two products. |
G. Large amounts of available cash. |
H. Threat of a hostile takeover. |
c |
|
M1 |
71 |
|
M1 |
| 72.Disc imaging |
I. bit stream duplicate |
J. no alterations to original media |
K. verify integrity |
L. All of above |
d |
|
M1 |
72 |
|
M1 |
| 73.FTK's Known File Filter (KFF) can be used for which of the following purposes? i. Filter known program files from view ii. Calculate hash values of known files to evidence files. iii. Filter out evidence that doesn't relate to your investigation. Options : |
M. I and ii |
N. Ii and iii |
O. I and iii |
P. All of above |
b |
|
M1 |
73 |
|
M1 |
| 74.A ____ function is any well defined procedure or mathematical function for turning some kind of data into a relatively small integer. |
A. hash |
B. metadata |
C. encryption |
D. decryption |
a |
|
M1 |
74 |
|
M1 |
| 75.Which of the following are strategies used to attempt to minimize piracy of software or other intellectual property? |
A. Encryption |
B. Intellectual property laws |
C. Legal copyrighting |
D. All of the above |
d |
|
M1 |
75 |
|
M1 |
| 76.A denial of service attack occurs when the perpetrator: |
A. sends e-mail bombs |
B. eavesdrops |
C. installs a logic time bomb |
D. cracks a computer system |
a |
|
M1 |
76 |
|
M1 |
| 77.A fraud perpetrated by tricking a person into disclosing confidential information, such as a password, is called |
A. a Trojan horse |
B. hacking |
C. social engineering |
D. scavenging |
c |
|
M1 |
77 |
|
M1 |
| 78.Which of the following is a method used to embezzle money a small amount at a time from many different accounts? |
A. Data diddling |
B. Pretexting |
C. Spoofing |
D. Salami technique |
d |
|
M1 |
78 |
|
M1 |
| 79.A challenge relating to Cyber-crimes is the collection of ____________________ |
A. electronic evidence |
B. paper evidence |
C. mechanical evidence |
D. hardware evidence |
a |
|
M1 |
79 |
|
M1 |
| 80.Lie detector test does not include |
A. Polygraph Test |
B. Blood Group |
C. Blood Pressure |
D. Computer Analysis |
b |
|
M1 |
80 |
|
M1 |
| 81.the chronological documentation showing the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence |
A. chain of custody |
B. Documentary Evidence |
C. Demonstrative evidence |
D. None of these |
a |
|
M1 |
81 |
|
M1 |
| 82.You are suppose to maintain three types of records. Which answer is not a record? |
A. Chain of custody |
B. Documentation of the crime scene |
C. Searching the crime scene |
D. Document your actions |
c |
|
M1 |
82 |
|
M1 |
| 83.What is the best response of a forensic professional to an attorney who asks a hypothetical question? |
A. Provide the best answer possible given the evidence and appropriately emphasis the hypothetical nature of the question. |
B. Demonstrate anger and register a protest. |
C. Refuse to answer the question. |
D. *Blank Answer* |
a |
|
M1 |
83 |
|
M1 |
| 84.Which of the following is least likely to be considered a financial reporting fraud symptom, or red flag? |
A. Grey directors. |
B. Family relationships between directors or officers. |
C. Large increases in accounts receivable with no increase in sales. |
D. Size of the firm. |
c |
|
M1 |
84 |
|
M1 |
| 85.Customer fraud includes all of the following EXCEPT: |
A. Get something for nothing |
B. Do not pay for goods purchased |
C. Fraud perpetrated through collusion between buyers and vendors. |
D. Deceive organization into giving them something they should not |
c |
|
M1 |
85 |
|
M1 |
| 86.Which of the following is the indicator of deception while conducting Forensic Interview |
A. Quick, spontaneous answers |
B. Consistent strong denial |
C. Direct, brief answers |
D. Hesitant |
d |
|
M1 |
86 |
|
M1 |
| 87.Which of the following is NOT one of the major types of fraud classification schemes? |
A. Employee embezzlement |
B. Government fraud |
C. Investment scams |
D. Customer fraud |
b |
|
M1 |
87 |
|
M1 |
| 88.Which of the following is not a common type of fraud pressure? |
A. Pressure to outsmart peers |
B. Financial pressures |
C. Work-related pressures |
D. Vices |
b |
|
M1 |
88 |
|
M1 |
| 89. The Auditor’s Responsibilities Relating to fraud in an audit of Financial Statements are specified in : |
A. SA 240 |
B. SA 250 |
C. SA 300 |
D. SA 450 |
a |
|
M1 |
89 |
|
M1 |
| 90.Which of the following is not a characteristic of computer viruses? |
A. They can lie dormant for a time without doing damage |
B. They can mutate which increases their ability to do damage |
C. They can hinder system performance |
D. They are easy to detect and destroy |
d |
|
M1 |
90 |
|
M1 |
| 91.Which of the following is not a type of external fraud? |
A. Delivery of substandard goods at full price |
B. Creating phony vendors |
C. Phishing attacks |
D. Cheating on travel expense reports |
d |
|
M1 |
91 |
|
M1 |
| 92.Financial statement fraud is easiest to commit in organizations that: |
A.have democratic leadership. |
B.have a large internal audit department. |
C.have a board of directors comprised primarily of outsiders. |
D.have complex organizational structures |
d |
|
M1 |
92 |
|
M1 |
| 93.Accounts that can be manipulated in revenue fraud include all of the following except: |
A. Accounts Receivable. |
B. Inventory. |
C. Sales Discounts. |
D. Bad Debt Expense. |
b |
|
M1 |
93 |
|
M1 |
| 94.All of the following ratios are useful in detecting large revenue frauds except: |
A. Gross profit margin. |
B. Working capital turnover. |
C. Accounts receivable turnover. |
D. Current ratio. |
d |
|
M1 |
94 |
|
M1 |
| 95.The ratio that is computed by dividing the number of days in a period by the inventory turnover ratio is: |
A. accounts receivable turnover ratio. |
B. inventory turnover ratio. |
C. working capital turnover ratio. |
D. number of days' sales in inventory. |
d |
|
M1 |
95 |
|
M1 |
| 96.According to the opportunity part of the fraud triangle, a person may do all of the following acts except |
A. Convert the theft or misrepresentation for personal gain |
B. Control the fraud |
C. Commit the fraud |
D. Conceal the fraud |
b |
|
M1 |
96 |
|
M1 |
| 97.The most common account(s) manipulated when perpetrating financial statement fraud are: |
A. Inventory |
B. Expenses |
C. Revenues |
D. Accounts Payable |
c |
|
M1 |
97 |
|
M1 |
| 98.Which of the following is NOT a method that is used for identity theft? |
A. Dumpster diving |
B. Phishing |
C. Shoulder surfing |
D. Spamming |
d |
|
M1 |
98 |
|
M1 |
| 99.General financial statement fraud can be detected through |
A. audit |
B. Surprise audits /cash counts. |
C. Data mining |
D. All of the above |
d |
|
M1 |
99 |
|
M1 |
| 100. Which of the following is not a skill needed by a Forensic Accountant? |
A. Auditing Skills. |
B. Criminology. |
C. Sociology |
D. Information Technology |
c |
|
M1 |
100 |
|
M1 |
| 1 A red flag indicates that the alert is......... |
A. Old |
B. Follow up |
C. Urgent |
D. New |
d |
|
M2 |
101 |
|
M2 |
| 2 A fraud which is perpetrated by scrambling a company's files is a: |
A. data fraud |
B. output fraud |
C. computer instructions fraud |
D. Input fraud. |
a |
|
M2 |
102 |
|
M2 |
| 3 E-commerce is the commercial transaction of services in a/an ______________ |
A. mechanical format. |
B. electronic format |
C. Paper |
D. Stone |
b |
|
M2 |
103 |
|
M2 |
| 4 Which of the following refers to a business platform, involving a business entity and consumers? |
A. Business-to-consumer (B2C) |
B. Business-to-business (B2B) |
C. Consumer-to-business (C2B) |
D. Consumer-to-consumer (C2C) |
a |
|
M2 |
104 |
|
M2 |
| 5 ____________________ is a generic term which refers to all the legal and regulator aspects of Internet and the World Wide Web |
A. Cyber Law |
B. Cyber Dyne |
C. Cyber Café |
D. Electronic Law |
a |
|
M2 |
105 |
|
M2 |
| 6 . The physical Cheque tempering prevention method in which extremely small printing, too small to be read with naked eye becomes distorted when photocopied is called _______. |
A. High resolution microprinting |
B. Microline printing |
C. Watermark backers |
D. None of above |
b |
|
M2 |
106 |
|
M2 |
| 7 Which among the following are the three payroll fraud schemes i) Ghost employees ii) Temporary employees iii) Falsified overtime iv) Commission |
A. i , ii & iii |
B. i , iii & iv |
C. ii , iii & iv |
D. i , ii & iv |
d |
|
M2 |
107 |
|
M2 |
| 8 In which of the following is the computer incidental to the crime? |
A. Computer manipulation |
B. Money laundering |
C. Data alteration |
D. Theft of services |
c |
|
M2 |
108 |
|
M2 |
| 9 In which of the following is a computer not incidental to the crime? |
A. Computer manipulation |
B. Money laundering |
C. Criminal enterprises |
D. Sex crimes |
a |
|
M2 |
109 |
|
M2 |
| 10 Which Standard on Auditing among the following describes the importance of red flags: |
A. SA 240 |
B. SA 210 |
C. SA 250 |
D. SA 260 |
a |
|
M2 |
110 |
|
M2 |
| 11 Weak internal controls in an organization will affect which of the following elements of fraud? |
A. Motive |
B. Opportunity |
C. Rationalization |
D. None of the above |
b |
|
M2 |
111 |
|
M2 |
| 12 The most popular software forensic tools include all of the following except: |
A. Forensics Autopsy |
B. QUICKEN |
C. Forensics Toolkit |
D. SMART |
b |
|
M2 |
112 |
|
M2 |
| 13 Hash values are used for which of the following purposes? |
A. Determining file sizes |
B. Filtering known good files from potentially suspicious data |
C. Reconstruction file fragments |
D. Validating that the original data hasn’t changed. |
d |
|
M2 |
113 |
|
M2 |
| 14 The verification function does the following? |
A. Proves that a tool performs as intended |
B. Creates segmented files. |
C. Proves that two sets of data are identical via hash values |
D. Verifies hex editors. |
c |
|
M2 |
114 |
|
M2 |
| 15 What are the Characteristics of an Interview I. Establishing Rapport II. Careful listening III. Accusatory IV. Dominate the Conversation |
A. All (I), (II), (III) & (IV) above |
B. Both (I) and (II) above |
C. Both (III) and (IV) above |
D. None |
b |
|
M2 |
115 |
|
M2 |
| 16 Which of the following questions are interview based questions I. "Did you plan this fraud out for months and months in advance or did it pretty much happen on the spur of the moment?" II. “Were there any sales after office hours, before office hours?” III. “how are these cash memos generated?” IV. "What are your duties and responsibilities?“ |
A. All (I), (II), (III) & (IV) above |
B. Both (II) and (III) above |
C.(II) (III) and (IV)above |
D. None |
c |
|
M2 |
116 |
|
M2 |
| 17 The style of interviewer while handling fraud cases should be I. He should be friendly and easy-going like cracking jokes and asking about hobbies and favorite things because the information is easily extracted from the anyone whom he gets friendly to II. He should be strict, authoritative and accusatory because otherwise the suspect can take the investigator for granted and tell lies or not answer to what is being asked III. He should be the one who does most of the talking and asking questions to which the suspect answers in Yes or No IV. He should maintain a non-accusatory tone and firm demeanor during an interview. he should keep his questions brief and, whenever possible, elicit a narrative response from the subject |
A. Both (I) and (III) above |
B. Only (IV) above |
C. Only (II) above |
D. None |
b |
|
M2 |
117 |
|
M2 |
| 18 Most frauds involve three steps. These steps are: |
A. access, opportunity, need |
B. decrease assets, increase expenses, misappropriation |
C. theft, conversion, concealment |
D. input, processing, output |
c |
|
M2 |
118 |
|
M2 |
| 19 Three conditions are necessary for a fraud to occur. These three conditions are: |
A. need, dissatisfaction, and challenge |
B. pressure, opportunity, and rationalization |
C. no separation of duties, need, and no independent performance checks |
D. challenge, motivation, and failure to enforce internal controls |
b |
|
M2 |
119 |
|
M2 |
| 20 Which section of IT Act covers most of the common crimes arising out of “Unauthorised Access” |
A. Section 66 |
B. Section 67 |
C. Section 73 |
D. Section 74 |
a |
|
M2 |
120 |
|
M2 |
| 21 The imaginary location where the word of the parties meets in conversation is referred to as ________________. |
A. Cyberspace |
B. Space |
C. Cyberdyne |
D. Cybernet |
a |
|
M2 |
121 |
|
M2 |
| 22 Which of the following is not a method for stealing sales and receivables but a way of using skimmed money |
A. lon term skimming |
B. short term skimming |
C. Understated sales |
D. Unrecorded sales |
b |
|
M2 |
122 |
|
M2 |
| 23 Which of the following sentence is true? |
A. Lapping is the debiting one account and crediting of another account. |
B. The legal definition of forgery includes only the signing of another person’s name to a document with fraudulent intent. |
C. Lapping is the crediting of one account through abstraction of money from another account. |
D. None of the Above |
c |
|
M2 |
123 |
|
M2 |
| 24 __________ are those cheque tempering schemes in which an employee intercepts a company cheque intended for a third party and converts the cheque by signing the third party’s name on the endorsement line of cheque. |
A. Intercepted cheques |
B. Altered payee schemes |
C. Authorized maker scheme. |
D. Forged endorsement scheme. |
d |
|
M2 |
124 |
|
M2 |
| 25 . In the context of forensics, data is most analogous to ________. |
A. files and folders |
B. information |
C. digital evidence |
D. bits |
c |
|
M2 |
125 |
|
M2 |
| 26 Most frauds involve three steps. These steps are? |
A. access, opportunity, need |
B. decrease assets, increase expenses, misappropriation |
C. theft, conversion, concealment |
D. input, processing, output |
c |
|
M2 |
126 |
|
M2 |
| 27 Three conditions are necessary for a fraud to occur. These three conditions are |
A. need, dissatisfaction, and challenge |
B. pressure, opportunity, and rationalization |
C. no separation of duties, need, and no independent performance checks |
D. challenge, motivation, and failure to enforce internal controls |
b |
|
M2 |
127 |
|
M2 |
| 28 . Which of the following is an example of a crime associated with the prevalence of computers? |
A. Computer manipulation |
B. Money laundering |
C. Theft of services |
D. Intellectual property violations |
d |
|
M2 |
128 |
|
M2 |
| 29 Which of the following crimes targets a computer? |
A. Denial of service |
B. Money laundering |
C. Theft of services |
D. Intellectual property violations |
a |
|
M2 |
129 |
|
M2 |
| 30 Which of the following best defines computer abuse? |
A. Denial of service |
B. Money laundering |
C. An illegal act in which knowledge of computer technology is used to commit the act |
D. An intentional act involving a computer in which the perpetrator may have gained at the victim’s expense |
d |
|
M2 |
130 |
|
M2 |
| 31 A red flag is......... |
A. Indicator of fraud |
B. Indicator of situation of fraud |
C. A or B Both |
D. Neither A nor B |
b |
|
M2 |
131 |
|
M2 |
| 32 Direct Observation is to determine......... |
A. effect of red flag on organisation |
B. Cost of identified loss |
C. Potential loss |
D. Historical Loss |
a |
|
M2 |
132 |
|
M2 |
| 33 Costly types of fraud include |
A. Financial Statement Fraud |
B. Check Forgery |
C. Credit Card Fraud |
D. All of the above |
d |
|
M2 |
133 |
|
M2 |
| 34 Hashing, filtering and file header analysis make up which function of digital forensics tools? |
A. Validation and Verification |
B. Acquisition |
C. Extraction |
D. Reconstruction |
a |
|
M2 |
134 |
|
M2 |
| 35 What are the function of Extraction: |
A. GUI Acquisition |
B. Command line acquisition |
C. Carving |
D. Hashing |
c |
|
M2 |
135 |
|
M2 |
| 36 Disc imaging is used to: |
A. bit stream duplicate |
B. no alterations to original media |
C. verify integrity |
D. All of above |
b |
|
M2 |
136 |
|
M2 |
| 37 While interviewing/interrogating a suspect, an investigator should do the following: I. Listen only to what the suspect says and ignoring his behavioral attributes II. Don’t believe at all to what he says and concentrate only to his behavioral attributes III. Rely on the opinion of what others are talking about him (his supervisor, his colleagues and his juniors) and on his past history of manipulation. IV. Collect Documentary Evidence and corroborate it with explanation obtained while interviewing/interrogating considering their behavior attributes on non-judgmental basis |
A. Both (I) and (III) above |
B. Only (I) above |
C. Both (II) and (III) above |
D. Only (IV) above |
d |
|
M2 |
137 |
|
M2 |
| 38 While interviewing/interrogating an investigator should look for following outer personality/attributes in a person to conclude him as a suspect or a non-suspect I. Person’s dressing sense: the chances of the one being a suspect is more who dresses shabbily than the one who dresses immaculately II. Person’s Gender : the chances of the one being a suspect is more if he is a Male than the one who is a Female III. Other Characteristics like Race, Religion, Community, Color, Hierarchy, Age, Height Weight, no of years of service etc |
A. All (I), (II) and (III) above |
B. Only (III) above |
C. Both (I) and (II) above |
D. None |
d |
|
M2 |
138 |
|
M2 |
| 39 Which of the following is the indicator of deception while conducting Forensic Interview |
A. Quick, spontaneous answers |
B. Consistent strong denial |
C. Direct, brief answers |
D. Hesitant |
d |
|
M2 |
139 |
|
M2 |
| 40 If a company wishes to improve detection methods, they should do all of the following except: |
A. use forensic accountants |
B. conduct frequent audits |
C. encrypt data |
D. all of the above improve detection of fraud |
d |
|
M2 |
140 |
|
M2 |
| 41 In order for an act to be legally considered fraud it must be all of the following except: |
A. A material fact |
B. An injury or loss suffered by the victim |
C. A false statement |
D. No intend to deceive |
d |
|
M2 |
141 |
|
M2 |
| 42 According to the opportunity part of the fraud triangle, a person may do all of the following acts except: |
A. Convert the theft or misrepresentation for personal gain |
B. Control the fraud |
C. Commit the fraud |
D. Conceal the fraud |
b |
|
M2 |
142 |
|
M2 |
| 43 The World‟s first computer-specific statute was enacted in 1970, by the German state, in the form of a ___________________ . |
A. Data Protection Act. |
B. Cyber Law |
C. Copy right |
D. Patent right. |
a |
|
M2 |
143 |
|
M2 |
| 44 E-commerce is the commercial transaction of services in a/an ______________ |
A. Mechanical Format. |
B. Electronic Format |
C. Paper |
D. Stone |
b |
|
M2 |
144 |
|
M2 |
| 45 Which of the following should be covered in employee anti-fraud training? |
A. The exact procedures management uses to detect fraud |
B. A detailed explanation of the company’s anti-fraud control |
C. Examples of past transgressions and how they are handled |
D. All of the above |
c |
|
M2 |
145 |
|
M2 |
| 46 Jackson is a receiving clerk at a warehouse. His job is to count the number of units in incoming shipments, record the figures in receiving reports, and forward copies of the reports to the accounts payable department. One day, Jackson received a box of 20 laptop computers at the warehouse. His wife's computer just broke, so he stole one of the computers from the box. To conceal his scheme, Jackson sent a receiving report to accounts payable that 20 computers arrived, but he only recorded 19 on the copy of the receiving report used for the inventory records. What type of scheme did Jackson commit? |
A. An asset transfer scheme |
B. A purchasing and receiving scheme |
C. A non-cash larceny scheme |
D. None of the above |
b |
|
M2 |
146 |
|
M2 |
| 47 Which of the following schemes refers to the falsification of personnel or payroll records, causing paychecks to be generated to someone who does not actually work for the victim company? |
A. Falsified salary scheme |
B. Record alteration scheme |
C. Ghost employee scheme |
D. Inflated commission scheme |
c |
|
M2 |
147 |
|
M2 |
| 48 . On recent Windows installations, the standard location for storing critical system files is ________. |
A. C:/Program Files/ |
B. C:/System/ |
C. C:/Important/ |
D. C:/Windows/ |
d |
|
M2 |
148 |
|
M2 |
| 49 8. The intersection of a hard disk's sector and track is called a ________. |
A. block |
B. cluster |
C. byte |
D. bit |
b |
|
M2 |
149 |
|
M2 |
| 50 9. File system drivers impose limitations and boundaries, such as ________. |
A. file usage |
B. minimum file size |
C. file name length |
D. swap usability |
a |
|
M2 |
150 |
|
M2 |
| 51 . What is a “Hacktivist”? |
A) Politically motivated hacker |
B) Denial of service attacker |
C) A proponent of Napster |
D) A person engaging in an intentional act involving a computer in which the person may have gained at the victim’s expense |
b |
|
M2 |
151 |
|
M2 |
| 52 . Which of the following individuals developed one of the first systems to define computer crimes in 1976? |
A) David Carter |
B) Donn Parker |
C) Jay Nelson |
D) Robert Taylor |
b |
|
M2 |
152 |
|
M2 |
| 53 Which of the following is an example of a computer manipulation crime? |
A) An intruder removes valuable information from a computer system. |
B) Hacking |
C) A person alters payroll records to attain a higher rate of pay. |
D) Medical records are altered. |
c |
|
M2 |
153 |
|
M2 |
| 54 Employee life style changes (expensive car, jewelry) will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
a |
|
M2 |
154 |
|
M2 |
| 55 Employee’s significant personal debt & credit problems will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
b |
|
M2 |
155 |
|
M2 |
| 56 Employee’s behavioral changes (alcohol, gambling) will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
b |
|
M2 |
156 |
|
M2 |
| 57 Acquisition to ISO standard 27037, which of the following is an important factor in data acquisition? |
A. The DEFR’s Competency |
B. The DEFR’s skills in using the command lines |
C. Use of validated tools |
D. Condition at the acquisition setting |
a |
|
M2 |
157 |
|
M2 |
| 58 The reconstruction function is needed for which of the following purposes? |
A. Re create a suspect drive to show what happened |
B. Create a copy of a drive for other investigators |
C. Recover file headers |
D. Re create a drive compromised by malware |
a |
|
M2 |
158 |
|
M2 |
| 59 ___ is the set of instructions compiled into a program that performs a particular task. |
A. Software |
B. Hardware |
C. OS |
D. None of the above |
a |
|
M2 |
159 |
|
M2 |
| 60 Which of the following is Indicator of truth while conducting a forensic Interview |
A. Week Denials |
B. Direct Brief Answers |
C. Verbal attacks directed at Interviewer |
D. Answering with a different question |
b |
|
M2 |
160 |
|
M2 |
| 61 Lie detector test does not include |
A. Polygraph Test |
B. Blood Group |
C. Blood Pressure |
D. Computer Analysis |
b |
|
M2 |
161 |
|
M2 |
| 62 What is Voice Biometric |
A. Technology for Voice recognition while Conducting interviews telephonically |
B. Voice Recognition for Service Access |
C. Technology to authenticate a person’s voice |
D. All of the Above |
d |
|
M2 |
162 |
|
M2 |
| 63 Which of the following pressures are classified as Management Characteristics that can lead to financial statement fraud? |
A. High management and/or employee turnover |
B. Declining industry |
C. New regulatory requirements that impair financial stability or profitability |
D. Intense pressure to meet or exceed earnings expectations |
a |
|
M2 |
163 |
|
M2 |
| 64 The following firm is not involved in accounting scandals: |
A. Enron |
B. Larson andToubro |
C. Worldcom |
D. Satyam |
b |
|
M2 |
164 |
|
M2 |
| 65 Overstating revenues and understating liabilities and expenses typifies which of the following fraud schemes? |
A. Unconcealed larceny |
B. Purchase and sales Skimming |
C. Fraudulent statements |
D. Schemes |
c |
|
M2 |
165 |
|
M2 |
| 66 Which of the following is issued online for use over the Internet and is stored in an electronic device such as a chip card or computer memory? |
A. Hard Cash |
B. Business Card |
C. E-Cash |
D. E- Card |
c |
|
M2 |
166 |
|
M2 |
| 67 With a view to facilitate ___________________, it is proposed to provide for the use and acceptance of electronic records and digital signatures in the Govt. Offices and its agencies. |
A. Electronic Governance |
B. Paper Governance. |
C. Oral Testimony. |
D. Mechanical Governance. |
a |
|
M2 |
167 |
|
M2 |
| 68 Data, record or data generated image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche as per the [Sec., 2(t) of I.T. Act, 2000] means ______________________ |
A. Electronic Document. |
B. Electronic Record |
C. Hard Record |
D. Hard Document. |
b |
|
M2 |
168 |
|
M2 |
| 69 Of the following, who should conduct physical observations of a company's inventory in order to most effectively prevent inventory theft? |
A. Warehouse personal |
B. Purchasing agents |
C. Purchasing supervisor |
D. A sales representative |
d |
|
M2 |
169 |
|
M2 |
| 70 Which of the following fraudulent entries is most likely to be made to conceal the theft of an asset? |
A. debit expenses and credit the asset |
B. debit the asset, credit another asset account |
C. debit revenue , credit the asset |
D. debit another asset account and credit the asset |
a |
|
M2 |
170 |
|
M2 |
| 71 Corporate officers who knowingly violate certification requirements under criminal certifications (section 906) are subject to – |
A. fine of up to $1 million or up to 10 years imprisonment |
B. fine of up to $ 1 million and up to 10 years imprisonment, or both |
C. fine of up to $ 5 million or up to 20 years of imprisonment |
D. fine of up to $ 5 million and up to 20 years of imprisonment, or both. |
b |
|
M2 |
171 |
|
M2 |
| 72 Using metadata, forensics investigators can ________. (Select the three that apply) |
A. search for files that were created at a specific time |
B. filter files that do not contain evidence |
C. filter files by size |
D. search for file names that match patterns |
d |
|
M2 |
172 |
|
M2 |
| 73 On Linux and UNIX, the /home directory structure is the standard location for storing ________. |
A. user installed applications |
B. data specific to users |
C. critical system files |
D. temporarily deleted data |
b |
|
M2 |
173 |
|
M2 |
| 74 Which one of the following is a benefit of a RAID configuration of disks? |
A. Capacity |
B. Performance |
C. Redundancy |
D. All of the above |
d |
|
M2 |
174 |
|
M2 |
| 75 . An intruder removes valuable information from a computer system. What term describes this crime? |
A. Computer vandalism |
B. Hacking |
C. A person alters payroll records to attain a higher rate of pay. |
D. Data alteration |
b |
|
M2 |
175 |
|
M2 |
| 76 11. Which of the following is a computer crime that deprives the legitimate owner of a tangible asset? |
A. Hacking |
B. Money laundering |
C. Manipulating the price of a stock |
D. Salami slice |
d |
|
M2 |
176 |
|
M2 |
| 77 12. Which of the following is not a similarity between real-world stalking and cyber stalking? |
A) Most victims are women. |
B) Most stalkers are men. |
C) The stalker and victim are near to each other. |
D) Stalkers are generally motivated by the desire to control the victim. |
c |
|
M2 |
177 |
|
M2 |
| 78 High Employee turnover especially in areas vulnerable to fraud will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
c |
|
M2 |
178 |
|
M2 |
| 79 Refusal to take sick leave by employees will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
c |
|
M2 |
179 |
|
M2 |
| 80 Lack of segregation of duties in vulnerable area will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
a |
|
M2 |
180 |
|
M2 |
| 81 The type of forensics that involves examining malicious software |
a) Software forensics |
b) Hardware forensics |
c) Network forensics |
d) Digital forensics |
a |
|
M2 |
181 |
|
M2 |
| 82 FTK's Known File Filter (KFF) can be used for which of the following purposes? I. Filter known program files from view II. Calculate hash values of known files to evidence files. III. Filter out evidence that doesn't relate to your investigation. Options : |
A. I and ii |
B. Ii and iii |
C. I and iii |
D. All of above |
b |
|
M2 |
182 |
|
M2 |
| 83 Many password recovery tools have a feature for generating potential password lists for a(n) ____ attack. |
A. Password Dictionary |
B. Brute Force Attack |
C. Key Logger Attack |
D. *Blank Answer* |
b |
|
M2 |
183 |
|
M2 |
| 84 Voice Analysis can detect? |
A. Temperament of a person during the interview |
B. Whether person is lying |
C. Whether he is telling the facts |
D. All of the above |
d |
|
M2 |
184 |
|
M2 |
| 85 Forensic Interviewing Techniques does not include |
A. Investigation |
B. Polygraph test |
C. Physical Behaviour Analysis |
D. Disk Imaging |
d |
|
M2 |
185 |
|
M2 |
| 86 During the interview, what should be safety concerns must include |
A. Awareness |
B. Interview Location |
C. Physical Red Flags |
D. All of the above |
d |
|
M2 |
186 |
|
M2 |
| 87 The Sarbanes-Oxley Act is also called what? |
A. Corporate Fraud Protection Act of 2002 |
B. Public Corporation Accounting Oversight Act |
C. Public Company Accounting Reform and Investor Protection Act of 2002 |
D. Principles of Federal Prosecution of Business Organizations |
c |
|
M2 |
187 |
|
M2 |
| 88 The requirement to reimburse a company for any bonuses or other compensation received during the 12-month period following the restatement of financials as a result of misconduct is called: |
A. Disgorgement |
B. Executive penalty |
C. Insider trading |
D. Corporate accountability |
a |
|
M2 |
188 |
|
M2 |
| 89 A system of checks and balances between management and all other interested parties with the aim of producing an effective, efficient, and law-abiding corporation is known as: |
A. Corporate governance |
B. Code of conduct |
C. Transparency |
D. Culture of compliance |
a |
|
M2 |
189 |
|
M2 |
| 90 The _________________ provides for authentication of a document by means of digital signatures under Article 7. |
A. E-Commerce |
B. Model Law |
C. E-Law |
D. Dynamic Law. |
b |
|
M2 |
190 |
|
M2 |
| 91 According the IT act 2000, _______________ means a person who is intended by the originator to receive the electronic record but does not include any intermediary. |
A. “Address” |
B. “Affixing Digital Signature” |
C. “Computer Resource” |
D. "Data" |
a |
|
M2 |
191 |
|
M2 |
| 92 Section 301 of the SOX requires that the auditor should report directly to ______. |
A. Management |
B. Government |
C. Audit committee |
D. Stakeholders/ Owners/Investors |
c |
|
M2 |
192 |
|
M2 |
| 93 Data is organized as files mostly because ________. (Choose the best answer) |
A. computers cannot store very large files |
B. it is easier for the computer to store many smaller chunks of data than it is to store one large chunk of data |
C. it is easier for people to store many smaller chunks of data than it is to store one large chunk of data |
D. people need to store their data with labels to make retrieval easier |
a |
|
M2 |
193 |
|
M2 |
| 94 13. Which of the following crimes may be facilitated by the use of a computer? |
A. Loan-sharking |
B. Drug rings |
C. Prostitution rings |
D. All of the above |
d |
|
M2 |
194 |
|
M2 |
| 95 Weakness in internal control environment will lead which kind of fraud- |
A. Employee Red Flag |
B. Management Red Flag |
C. General Red Flag |
D. None of above |
b |
|
M2 |
195 |
|
M2 |
| 96 Which of the following is the Security feature provided by bank to its accountholders so that only authorized electronic transaction are allowed. |
A. ACH |
B. AHC |
C. CAH |
D. CHA |
a |
|
M2 |
196 |
|
M2 |
| 97 new process is always "called" or "created" as a result of ________. |
A. the process manager reading programs from disk media |
B. one process requesting a program to be loaded and executed |
C. system processes starting new services |
D. the memory manager reading the program file to start execution |
c |
|
M2 |
197 |
|
M2 |
| 98 Which two of the following answers do NOT describe the responsibility of the memory manager? |
A. Selecting which process to run |
B. Allocating memory to processes |
C. Swapping memory from RAM to Disk |
D. Formatting newly allocated memory |
d |
|
M2 |
198 |
|
M2 |
| 99 A computer's boot process begins when what event occurs? |
A. The computer BIOS turns on the processor. |
B. The operating system loads. |
C. The Master Boot Record is read. |
D. The computer is powered on. |
d |
|
M2 |
199 |
|
M2 |
| 100 Which of the following crimes is done using a computer as the instrument? |
A) Computer manipulation |
B) Money laundering |
C) Data alteration |
D) Theft of service |
d |
|
M2 |
200 |
|
M2 |
| 1. Most frauds involve three steps. These steps are: |
A. Access, opportunity, need |
B. Decrease assets, increase expenses, misappropriation |
C. Theft, conversion, concealment |
D. Input, processing, output |
c |
|
M3 |
201 |
|
M3 |
| 2. NIST is |
A. national institute of standard technology |
B. national institute of service technology |
C. national institute of security training |
D. None of these |
a |
|
M3 |
202 |
|
M3 |
| 3. Lie detector test does not include |
A. Polygraph Test |
B. Blood Group |
C. Blood Pressure |
D. Computer Analysis |
b |
|
M3 |
203 |
|
M3 |
| 4. Three conditions are necessary for a fraud to occur. These three conditions are: |
A. Need, dissatisfaction, and challenge |
B. Pressure, opportunity, and rationalization |
C. No separation of duties, need, and no independent performance checks |
D. Challenge, motivation, and failure to enforce internal controls |
b |
|
M3 |
204 |
|
M3 |
| 5. Section 301 of the SOX requires that the auditor should report directly to ______. |
A. Management |
B. Government |
C. Audit committee |
D. Stakeholders/ Owners/Investors |
c |
|
M3 |
205 |
|
M3 |
| 6. What is Voice Biometric |
A. Technology for Voice recognition while Conducting interviews telephonically |
B. Voice Recognition for Service Access |
C. Technology to authenticate a person’s voice |
D. All of the Above |
d |
|
M3 |
206 |
|
M3 |
| 7. A fraud which is perpetrated by scrambling a company's files is a: |
A. Data fraud |
B. Output fraud |
C. Computer instructions fraud |
D. Input fraud. |
a |
|
M3 |
207 |
|
M3 |
| 8. If a company wishes to improve detection methods, they should do all of the following except: |
A. Use forensic accountants |
B. Conduct frequent audits |
C. Encrypt data |
D. All of the above improve detection of fraud |
d |
|
M3 |
208 |
|
M3 |
| 9. In order for an act to be legally considered fraud it must be all of the following except: |
A. A material fact |
B. An injury or loss suffered by the victim |
C. A false statement |
D. No intend to deceive |
d |
|
M3 |
209 |
|
M3 |
| 10. According to the opportunity part of the fraud triangle, a person may do all of the following acts except: |
A. Convert the theft or misrepresentation for personal gain |
B. Control the fraud |
C. Commit the fraud |
D. Conceal the fraud |
b |
|
M3 |
210 |
|
M3 |
| 11. Which of the following pressures are classified as Management Characteristics that can lead to financial statement fraud? |
A. High management and/or employee turnover |
B. Declining industry |
C. New regulatory requirements that impair financial stability or profitability |
D. Intense pressure to meet or exceed earnings expectations |
a |
|
M3 |
211 |
|
M3 |
| 12. The following firm is not involved in accounting scandals: |
A. Enron |
B. Larson and Toubro |
C. Worldcom |
D. Satyam |
b |
|
M3 |
212 |
|
M3 |
| 13. Overstating revenues and understating liabilities and expenses typifies which of the following fraud schemes? |
A. Unconcealed larceny |
B. Purchase and sales Skimming |
C. Fraudulent statements |
D. Schemes |
c |
|
M3 |
213 |
|
M3 |
| 14. A system of checks and balances between management and all other interested parties with the aim of producing an effective, efficient, and law-abiding corporation is known as: |
A. Corporate governance |
B. Code of conduct |
C. Transparency |
D. Culture of compliance |
a |
|
M3 |
214 |
|
M3 |
| 15. “Suspicious” refers to which of the following: |
A. Inconsistent signatures on file. |
B. Driver’s license photo doesn’t match person. |
C. Inability to recall mother’s maiden name. |
D. Any and all of the above. |
d |
|
M3 |
215 |
|
M3 |
| 16. Red Flag procedures must be implemented by individual departments. That means: |
A. The procedures just have to be written and accessible to everyone. |
B. The procedures have to be written and everyone needs to be trained to use them. |
C. The procedure & policy will be drafted |
D. A & B Both |
b |
|
M3 |
216 |
|
M3 |
| 17. The Sarbanes-Oxley Act is also called what? |
A. Corporate Fraud Protection Act of 2002 |
B. Public Corporation Accounting Oversight Act |
C. Public Company Accounting Reform and Investor Protection Act of 2002 |
D. Principles of Federal Prosecution of Business Organizations |
c |
|
M3 |
217 |
|
M3 |
| 18. Which of the following fraudulent entries is most likely to be made to conceal the theft of an asset? |
A. debit expenses and credit the asset |
B. debit the asset, credit another asset account |
C. debit revenue , credit the asset |
D. debit another asset account and credit the asset |
a |
|
M3 |
218 |
|
M3 |
| 19. The requirement to reimburse a company for any bonuses or other compensation received during the 12-month period following the restatement of financials as a result of misconduct is called: |
A. Disgorgement |
B. Executive penalty |
C. Insider trading |
D. Corporate accountability |
a |
|
M3 |
219 |
|
M3 |
| 20. Financial statement fraud is often attributed to pressures, such as all of the following except: |
A. Investment losses |
B. Meeting analysts’ expectations |
C. Deadlines, and cutoffs |
D. Qualifying for bonuses |
a |
|
M3 |
220 |
|
M3 |
| 21. The interrelationship among auditing, fraud examination, and financial forensics is: |
A. Established and maintained by legal structures and justice processes |
B. Constant even while social and cultural pressures are exerted on it |
C. Cased on the SOX Act and SAS 99 |
D. Dynamic and changes over time |
d |
|
M3 |
221 |
|
M3 |
| 22. Employee’s behavioral changes (alcohol, gambling) will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
b |
|
M3 |
222 |
|
M3 |
| 23. Weakness in internal control environment will lead which kind of fraud- |
A. Employee Red Flag |
B. Management Red Flag |
C. General Red Flag |
D. None of above |
b |
|
M3 |
223 |
|
M3 |
| 24. Which of the following refers to a business platform, involving a business entity and consumers? |
A. Business-to-consumer (B2C) |
B. Business-to-business (B2B) |
C. Consumer-to-business (C2B) |
D. Consumer-to-consumer (C2C) |
a |
|
M3 |
224 |
|
M3 |
| 25. Which of the following is/are red flags for embezzlement: |
A. Carrying usually large sum of money |
B. Continuous rollover of loans |
C. Significant downsizing in a healthy market |
D. Photocopied or missing documents |
a |
|
M3 |
225 |
|
M3 |
| 26. Which of the following is not a required part of an Identity Theft Prevention Program? |
A. Reasonable policies and procedures to identify potential “red flags” |
B. A dedicated phone line for customers to call in identity theft reports. |
C. Specific procedures to detect the “red flags” identified as potential threats. |
D. A plan for regularly re-evaluating the program. |
b |
|
M3 |
226 |
|
M3 |
| 27. The Red Flag Rules apply to anyone who deals with- |
A. Financing and credit |
B. Retail merchants |
C. University healthcare practices |
D. All of above |
d |
|
M3 |
227 |
|
M3 |
| 28. Under the Red Flag Rules, all “covered accounts” must be marked |
A. Small red flag symbol |
B. Riskier red flag symbol |
C. Red flags indicating high impact on financial statement |
D. None of the above |
a |
|
M3 |
228 |
|
M3 |
| 29. Personal Identification Information (PII) includes: |
A. Any name or number. |
B. Any name or number, used alone or in conjunction with any other information. |
C. Any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual. |
D. None of the above. |
c |
|
M3 |
229 |
|
M3 |
| 30. After you have identified the red flags of ID Theft that you’re likely to come across in your business, what do you do next? |
A. Set up procedures to detect those red flags in your day-to-day operations. |
B. Train all employees who will use the procedures. |
C. Decide what actions to take when a red flag is detected. |
D. All of the above. |
d |
|
M3 |
230 |
|
M3 |
| 31. There are many threats to accounting information systems. Which of the following is an example of an Intentional Act |
A. War and attack by terrorists |
B. Hardware or software failure |
C. Computer fraud |
D. Logic errors |
c |
|
M3 |
231 |
|
M3 |
| 32. Which section of IT Act covers most of the common crimes arising out of “Unauthorised Access” |
A. Section 66 |
B. Section 67 |
C. Section 73 |
D. Section 74 |
a |
|
M3 |
232 |
|
M3 |
| 33. The imaginary location where the word of the parties meets in conversation is referred to as ________________. |
A. Cyberspace |
B. Space |
C. Cyberdyne |
D. Cybernet |
a |
|
M3 |
233 |
|
M3 |
| 34. E-commerce is the commercial transaction of services in a/an ______________ |
A. Mechanical format. |
B. Electronic format |
C. Paper |
D. Stone |
b |
|
M3 |
234 |
|
M3 |
| 35. The World‟s first computer-specific statute was enacted in 1970, by the German state, in the form of a ___________________ . |
A. Data Protection Act. |
B. Cyber Law |
C. Copy right |
D. Patent right. |
a |
|
M3 |
235 |
|
M3 |
| 36. Which of the following is issued online for use over the Internet and is stored in an electronic device such as a chip card or computer memory? |
A. Hard Cash |
B. Business Card |
C. E-Cash |
D. E- Card |
c |
|
M3 |
236 |
|
M3 |
| 37. With a view to facilitate ___________________, it is proposed to provide for the use and acceptance of electronic records and digital signatures in the Govt. Offices and its agencies. |
A. Electronic Governance |
B. Paper Governance. |
C. Oral Testimony. |
D. Mechanical Governance. |
a |
|
M3 |
237 |
|
M3 |
| 38. Data, record or data generated image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche as per the [Sec., 2(t) of I.T. Act, 2000] means ______________________ |
A. Electronic Document. |
B. Electronic Record |
C. Hard Record |
D. Hard Document. |
b |
|
M3 |
238 |
|
M3 |
| 39. ____________________ is a generic term which refers to all the legal and regulator aspects of Internet and the World Wide Web |
A. Cyber Law |
B. Cyber Dyne |
C. Cyber Café |
D. Electronic Law |
a |
|
M3 |
239 |
|
M3 |
| 40. The _________________ provides for authentication of a document by means of digital signatures under Article 7. |
A. E-Commerce |
B. Model Law |
C. E-Law |
D. Dynamic Law. |
b |
|
M3 |
240 |
|
M3 |
| 41. According the IT act 2000, _______________ means a person who is intended by the originator to receive the electronic record but does not include any intermediary. |
A. “Address” |
B. “Affixing Digital Signature” |
C. “Computer Resource” |
D. "Data" |
a |
|
M3 |
241 |
|
M3 |
| 42. When was the first ever cybercrime recorded? |
A. 1820 by Joseph-Marie Jacquard, a textile manufacturer in France |
B. 1830 by Joseph-Marie Jacquard, a textile manufacturer in London |
C. 1850 by Joseph-Marie Jacquard, a textile manufacturer in Roam |
D. 1880 by Joseph-Marie Jacquard, a textile manufacturer in Japan |
a |
|
M3 |
242 |
|
M3 |
| 43. A denial of service attack occurs when the perpetrator: |
A. Sends e-mail bombs |
B. Eavesdrops |
C. Installs a logic time bomb |
D. Cracks a computer system |
a |
|
M3 |
243 |
|
M3 |
| 44. A virus can infect a system by: |
A. Booting up a computer with an infected disk |
B. Running an infected program |
C. Opening a file on a disk that is infected |
D. All of the above |
d |
|
M3 |
244 |
|
M3 |
| 45. In the United States, approximately what percentage of software in use is pirated? |
A. 90% |
B. 75% |
C. 26% |
D. 10% |
c |
|
M3 |
245 |
|
M3 |
| 46. A fraud perpetrated by tricking a person into disclosing confidential information, such as a password, is called |
A. A Trojan horse |
B. Hacking |
C. social engineering |
D. scavenging |
c |
|
M3 |
246 |
|
M3 |
| 47. FTK's Known File Filter (KFF) can be used for which of the following purposes? I. Filter known program files from view II. Calculate hash values of known files to evidence files. III. Filter out evidence that doesn't relate to your investigation. Options : |
A. I and II |
B. II and III |
C. I and III |
D. All of above |
b |
|
M3 |
247 |
|
M3 |
| 48. Many password recovery tools have a feature for generating potential password lists for a(n) ____ attack. |
A. Password Dictionary |
B. Brute Force Attack |
C. Key Logger Attack |
D. None of these |
a |
|
M3 |
248 |
|
M3 |
| 49. Is the science of ________________ is the science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer media. |
A. Anonymous remailing |
B. Digital forensic analysis |
C. Using a firewall |
D. None of the above |
b |
|
M3 |
249 |
|
M3 |
| 50. Which of the following techniques is most effective in preventing computer crime? |
A. Backups |
B. Digital forensic analysis |
C. Using a firewall |
D. None of the above |
a |
|
M3 |
250 |
|
M3 |
| 51. Which of the following describes a firewall? |
A. A copy of data |
B. Data that cannot be lost |
C. Digital forensic analysis |
D. Device or software that acts as a checkpoint between a network or stand-alone computer and the Internet |
d |
|
M3 |
251 |
|
M3 |
| 52. Which of the following techniques do not help prevent computer crime? |
A. Backups |
B. Digital forensic analysis |
C. Firewalls |
D. Encryption |
b |
|
M3 |
252 |
|
M3 |
| 53. The type of forensics that involves analyzing information stored in a storage media such as a hard drive |
A. Disc Forensics |
B. Network Forensics |
C. Live forensics |
D. Internet forensics |
a |
|
M3 |
253 |
|
M3 |
| 54. the chronological documentation showing the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence |
A. chain of custody |
B. Documentary Evidence |
C. Demonstrative evidence |
D. None of these |
a |
|
M3 |
254 |
|
M3 |
| 55. When performing forensics work, which of the guidelines below should be followed? I. You should make a copy of a suspect's drive and interact with the copy instead of the original II. If you take the evidence home with you, carry it in a locked briefcase. III. You should only document those tests that provide information that can be used in court. IV. The location and use of the evidence from the point it was seized until the moment it is shown in court must be known. |
A. I and II |
B. I and III |
C. I and IV |
D. All of above |
a |
|
M3 |
255 |
|
M3 |
| 56. There are three c's in computer forensics. Which is one of the three? |
A. Control |
B. Chance |
C. Chains |
D. Core |
a |
|
M3 |
256 |
|
M3 |
| 57. The investigator-in-charge is suppose to Identifying and _____________ e-evidence. |
A. Collecting |
B. Classification |
C. Analyzing |
D. None of these |
a |
|
M3 |
257 |
|
M3 |
| 58. You are suppose to maintain three types of records. Which answer is not a record? |
A. Chain of custody |
B. Documentation of the crime scene |
C. Searching the crime scene |
D. Document your actions |
c |
|
M3 |
258 |
|
M3 |
| 59. __________ are those cheque tempering schemes in which an employee intercepts a company cheque intended for a third party and converts the cheque by signing the third party’s name on the endorsement line of cheque. |
A. Intercepted cheques |
B. Altered payee schemes |
C. Authorized maker scheme. |
D. Forged endorsement scheme. |
d |
|
M3 |
259 |
|
M3 |
| 60. Which of the following should be covered in employee anti-fraud training? |
A. The exact procedures management uses to detect fraud |
B. A detailed explanation of the company’s anti-fraud control |
C. Examples of past transgressions and how they are handled |
D. All of the above |
c |
|
M3 |
260 |
|
M3 |
| 61. Jackson is a receiving clerk at a warehouse. His job is to count the number of units in incoming shipments, record the figures in receiving reports, and forward copies of the reports to the accounts payable department. One day, Jackson received a box of 20 laptop computers at the warehouse. His wife's computer just broke, so he stole one of the computers from the box. To conceal his scheme, Jackson sent a receiving report to accounts payable that 20 computers arrived, but he only recorded 19 on the copy of the receiving report used for the inventory records. What type of scheme did Jackson commit? |
A. An asset transfer scheme |
B. A purchasing and receiving scheme |
C. A non-cash larceny scheme |
D. None of the above |
b |
|
M3 |
261 |
|
M3 |
| 62. Which of the following schemes refers to the falsification of personnel or payroll records, causing paychecks to be generated to someone who does not actually work for the victim company? |
A. Falsified salary scheme |
B. Record alteration scheme |
C. Ghost employee scheme |
D. Inflated commission scheme |
c |
|
M3 |
262 |
|
M3 |
| 63. Of the following, who should conduct physical observations of a company's inventory in order to most effectively prevent inventory theft? |
A. Warehouse personal |
B. Purchasing agents |
C. Purchasing supervisor |
D. A sales representative |
d |
|
M3 |
263 |
|
M3 |
| 64. Corporate officers who knowingly violate certification requirements under criminal certifications (section 906) are subject to – |
A. fine of up to $1 million or up to 10 years imprisonment |
B. fine of up to $ 1 million and up to 10 years imprisonment, or both |
C. fine of up to $ 5 million or up to 20 years of imprisonment |
D. fine of up to $ 5 million and up to 20 years of imprisonment, or both. |
b |
|
M3 |
264 |
|
M3 |
| 65. The process by which several bidders conspire to split contracts up and ensure each gets a certain amount of work is called |
A. Bid pooling |
B. Fictitious suppliers |
C. Kickback payments |
D. Bidding agreements |
a |
|
M3 |
265 |
|
M3 |
| 66. Bribery schemes generally fall into two broad categories which are- I. Kickbacks II. Overbilling schemes III. Bid rigging schemes IV. Extortions |
A. I and II |
B. I and III |
C. II and IV |
D. II and III |
b |
|
M3 |
266 |
|
M3 |
| 67. Which of the following is the indicator of deception while conducting Forensic Interview |
A. Quick, spontaneous answers |
B. Consistent strong denial |
C. Direct, brief answers |
D. Hesitant |
d |
|
M3 |
267 |
|
M3 |
| 68. Which of the following is Indicator of truth while conducting a forensic Interview |
A. Week Denials |
B. Direct Brief Answers |
C. Verbal attacks directed at Interviewer |
D. Answering with a different question |
b |
|
M3 |
268 |
|
M3 |
| 69. Voice Analysis can detect? |
A. Temperament of a person during the interview |
B. Whether person is lying |
C. Whether he is telling the facts |
D. All of the above |
d |
|
M3 |
269 |
|
M3 |
| 70. Forensic Interviewing Techniques does not include |
A. Investigation |
B. Polygraph test |
C. Physical Behaviour Analysis |
D. Disk Imaging |
d |
|
M3 |
270 |
|
M3 |
| 71. During the interview, what should be safety concerns must include |
A. Awareness |
B. Interview Location |
C. Physical Red Flags |
D. All of the above |
d |
|
M3 |
271 |
|
M3 |
| 72. Confrontational Interviews and recording of any interviews should be done |
A. With the advice of legal counsel only if there is need to prosecute the fraudster later. |
B. With the advice of legal counsel to get proper legal guidance to protect the interviewer, the Company, Directors/Management and prosecute the fraudster later if needed. |
C. Without the advice of legal counsel since the confidentiality of strategy is compromised. |
D. Without the advice of legal counsel since they have no role to play till the fraud is established. |
b |
|
M3 |
272 |
|
M3 |
| 73. The possible profiles of a fraud perpetrator are |
A. Very friendly, but self centered and egoistic |
B. Unfriendly and an introvert |
C. Surly and angry but good in work |
D. Very slow in work that he/she is used to doing for years together |
b |
|
M3 |
273 |
|
M3 |
| 74. Secretly recording a suspect’s interview will : |
A. assist you as electronic notes since it is not possible to always make comprehensive handwritten notes |
B. assist you to confront the suspect later if he/she changes his/her stand or denies certain information given earlier |
C. assist you, to limited extent, to build up evidence against the suspect in a court of law |
D. all the above |
d |
|
M3 |
274 |
|
M3 |
| 75. Which one of the following would be considered an informal written communication? |
A. An electronic document such as a spreadsheet that is attached to an email update to an attorney |
B. An email that updates a peer investigator on the status of a particular case |
C. A disk image that is sent to a peer investigator for review |
D. An email that notifies an attorney that all evidence has been reviewed and analysed |
b |
|
M3 |
275 |
|
M3 |
| 76. Forensic reports are written to answer questions about which one of the following topics? (Select the BEST answer) |
A. Forensic investigations involving computer crime |
B. All forensic investigations |
C. Intrusion/Incident response and vulnerability assessment |
D. All incidents involving investigations, vulnerability assessment, and intrusion response |
d |
|
M3 |
276 |
|
M3 |
| 77. What is the basic purpose of any digital forensic report? (Select the BEST response) |
A. Report who did what and when. |
B. Report the conclusion of the investigation. |
C. Report what was done and what was found. |
D. List or itemize the evidence. |
b |
|
M3 |
277 |
|
M3 |
| 78. What is the best response of a forensic professional to an attorney who asks a hypothetical question? |
A. Provide the best answer possible given the evidence and appropriately emphasis the hypothetical nature of the question. |
B. Demonstrate anger and register a protest. |
C. Refuse to answer the question. |
D. Politely inform the attorney that the question is not relevant. |
a |
|
M3 |
278 |
|
M3 |
| 79. The process of providing answers to the legal system is called ________. |
A. Investigation |
B. Evidence reporting |
C. Question answering |
D. Deposition |
b |
|
M3 |
279 |
|
M3 |
| 80. Which one of the following question answers would NOT be found in the executive summary portion of the forensic report? |
A. Why the investigation was initiated |
B. What forensic challenges were faced and overcome in the investigation |
C. Who authorized the investigation |
D. What significant results were found |
b |
|
M3 |
280 |
|
M3 |
| 81. Which one of the following would NOT be included in the "full documentation" of evidence collected? |
A. Who collected the evidence |
B. What evidence was collected |
C. The version of software that produced the evidence |
D. The procedure followed to collect the evidence |
b |
|
M3 |
281 |
|
M3 |
| 82. Which one of the following definitions best describes informal reports for digital forensic investigations? |
A. All written or electronic reports that document results from a digital forensic investigation |
B. Reports on investigations that are not made directly to a judge or jury |
C. All oral reports that are presented to court in addition to all written or electronic documents resulting from an investigation. |
D. Reports on digital investigations made in casual attire to a board of directors or one's employers |
b |
|
M3 |
282 |
|
M3 |
| 83. Why would a digital forensic expert be expected to write "absolutely nothing unless it is a fact supported by evidence"? |
A. It may confuse the forensic reporter who produces the final written report years after the investigation concludes. |
B. It is a principle of computer forensics to think through all statements before committing them to paper or electronic document. |
C. The evidence may later be excluded from the investigation. |
D. It may be disclosed in discovery and inadvertently cast a shadow of doubt on the case. |
d |
|
M3 |
283 |
|
M3 |
| 84. Which one of the following is an example of formal oral reporting for a crime involving digital computers? |
A. Swearing-In |
B. Record |
C. Deposition |
D. Testimony |
b |
|
M3 |
284 |
|
M3 |
| 85. Which officer in a company is most likely to be the perpetrator of financial statement fraud? |
A. Chief financial officer (CFO). |
B. Chief operating officer (COO). |
C. Chief executive officer (CEO). |
D. Controller. |
c |
|
M3 |
285 |
|
M3 |
| 86. When looking for financial statement fraud, auditors should look for indicators of fraud by: |
A. Evaluating changes in financial statements. |
B. Examining relationships the company has with other parties. |
C. Examining operating characteristics of the company. |
D. All of the above. |
d |
|
M3 |
286 |
|
M3 |
| 87. The three aspects of management that a fraud examiner needs to be aware of include all of the following except: |
A. Their backgrounds. |
B. Their religious convictions. |
C. Their influence in making decisions for the organization. |
D. Their motivations. |
b |
|
M3 |
287 |
|
M3 |
| 88. Which of the following is least likely to be considered a financial reporting fraud symptom, or red flag? |
A. Grey directors. |
B. Family relationships between directors or officers. |
C. Large increases in accounts receivable with no increase in sales. |
D. Size of the firm. |
c |
|
M3 |
288 |
|
M3 |
| 89. Many indicators of fraud are circumstantial; that is, they can be caused by nonfraud factors. This fact can make convicting someone of fraud difficult. Which of the following types of evidence would be most helpful in proving that someone committed fraud? |
A. Missing documentation. |
B. Analytical relationships that don’t make sense. |
C. A repeated pattern of similar fraudulent acts. |
D. A general ledger that is out of balance. |
c |
|
M3 |
289 |
|
M3 |
| 90. In the Phar-Mor fraud case, several different methods were used for manipulating the financial statements. These included all of the following except: |
A. Funneling losses into unaudited subsidiaries. |
B. Recognizing revenue that should have been deferred. |
C. Overstating inventory. |
D. Manipulating accounts. |
a |
|
M3 |
290 |
|
M3 |
| 91. Most financial statement frauds occur in smaller organizations with simple management structures, rather than in large, historically profitable organizations. This is because: |
A. It is easier to implement good internal controls in a small organization. |
B. Management fraud is more difficult to commit when there is a more formal organizational structure of management. |
C. People in large organizations are more honest. |
D. Smaller organizations do not have investors. |
b |
|
M3 |
291 |
|
M3 |
| 92. Management fraud is usually committed on behalf of the organization rather than against it. Which of the following would not be a motivation of fraud on behalf of an organization? |
A. CEO needs a new car. |
B. Pressure to meet expected earnings. |
C. Restructure debt covenants that can’t be met. |
D. A highly competitive industry. |
a |
|
M3 |
292 |
|
M3 |
| 93. All of the following are indicators of financial statement fraud except: |
A. Unusually rapid growth of profitability. |
B. Dependence on one or two products. |
C. Large amounts of available cash. |
D. Threat of a hostile takeover. |
c |
|
M3 |
293 |
|
M3 |
| 94. During an audit, an auditor considers the conditions of the auditee and plans the audit accordingly. This is an example of which of the following? |
A. Zero-order reasoning. |
B. First-order reasoning. |
C. Fraudulent reasoning. |
D. High-order reasoning. |
b |
|
M3 |
294 |
|
M3 |
| 95. In the context of strategic reasoning, if an auditor only follows the established audit plan and does not consider other factors relating to the auditee, then this is an example of which of the following? |
A. Zero-order reasoning. |
B. First-order reasoning. |
C. Fraudulent reasoning. |
D. Higher-order reasoning. |
a |
|
M3 |
295 |
|
M3 |
| 96. In recent years, many SEC investigations have taken place on the improper issuance of stock options to corporate executives. These practices increase executive compensation at the expense of shareholders. This practice is known as: |
A. Backdrafting stock options. |
B. Stock option reversals. |
C. Stock option extensions. |
D. Backdating stock options. |
d |
|
M3 |
296 |
|
M3 |
| 97. Backdating is: |
A. Deliberately changing stock options for the purpose of securing extra pay for management. |
B. Using insider information to profit from stock trading. |
C. Using "bucket" accounts rather than recording cost of goods sold. |
D. Banks providing favorable loans to companies in return for the opportunity to make money from other transactions and fees. |
a |
|
M3 |
297 |
|
M3 |
| 98. Generally accepted accounting principles (GAAP): |
A. Tend to be more principles-based than standards in other countries. |
B. Enable companies to find specific rules to support their fraudulent transactions. |
C. Tend to be more objectives-based than standards in other countries. |
D. Allow for companies to exploit loopholes in the standards. |
d |
|
M3 |
298 |
|
M3 |
| 99. Committing financial statement fraud is easiest: |
A. In large, historically-profitable organizations. |
B. When decision making is done by one or two individuals. |
C. When three or more people work together to cover up the fraud. |
D. With an active audit committee and board of directors. |
b |
|
M3 |
299 |
|
M3 |
| 100. Customer fraud includes all of the following EXCEPT: |
A. Get something for nothing |
B. Do not pay for goods purchased |
C. Fraud perpetrated through collusion between buyers and vendors. |
D. Deceive organization into giving them something they should not |
c |
|
M3 |
300 |
|
M3 |
| 1. Who are the primary victims of financial statement fraud? |
A. Middle management |
B. Organizations that buy goods or services |
C. Analysts |
D. Stockholders |
d |
|
M4 |
|
|
M4 |
| 2. The type of forensics that involves examining malicious software |
A. Software forensics |
B. Hardware forensics |
C. Network forensics |
D. Digital forensics |
a |
|
M4 |
|
|
M4 |
| 3. A forensics certification provides _________. |
A. a reason for continuing education |
B. external validation of one's forensics skills |
C. breadth in the computer industry |
D. depth in a particular subject |
b |
|
M4 |
|
|
M4 |
| 4. Which of the following describes a firewall? |
A. A copy of data |
B. Data that cannot be lost |
C. Digital forensic analysis |
D. Device or software that acts as a checkpoint between a network or stand-alone computer and the Internet |
d |
|
M4 |
|
|
M4 |
| 5. General financial statement fraud can be detected through |
A. Internal audit |
B. Surprise audits /cash counts. |
C. Data mining |
D. All of the above |
d |
|
M4 |
|
|
M4 |
| 6. Which is not a red flag among following: |
A. Negative Cash flows |
B. Significant sales to related parties |
C. Sudden above-average profits for specific quarters |
D. Paid dividend according to dividend payout ratio |
d |
|
M4 |
|
|
M4 |
| 7. Payment to vendors who aren’t on an approved vendor list, a- |
A. Management Red flag |
B. Red flag in purchasing |
C. Red flag in payroll |
D. Red flag in account receivable |
b |
|
M4 |
|
|
M4 |
| 8. Sudden activity in a dormant banking account, a- |
A. Management Red flag |
B. Red flag in purchasing |
C. Red flag in payroll |
D. Red flag in cash/ account receivable |
d |
|
M4 |
|
|
M4 |
| 9. What is the most cost-effective way to minimize the cost of fraud? |
A. Prevention |
B. Detection |
C. Investigation |
D. Prosecution |
a |
|
M4 |
|
|
M4 |
| 10. If pressures and opportunities are high and personal integrity is low, the chance of fraud is: |
A. High |
B. Medium |
C. Very Low |
D. Low |
a |
|
M4 |
|
|
M4 |
| 11. How frequently do most people rationalize? |
A. Sometimes |
B. Often |
C. Never |
D. Rarely |
b |
|
M4 |
|
|
M4 |
| 12. Which of the following statements is most correct regarding errors and fraud? |
A. An error is unintentional, whereas fraud is intentional. |
B. Frauds occur more often than errors in financial statements. |
C. Errors are always fraud and frauds are always errors. |
D. Auditors have more responsibility for finding fraud than errors. |
a |
|
M4 |
|
|
M4 |
| 13. Fraudulent financial reporting is most likely to be committed by whom? |
A. Line employees of the company |
B. Outside members of the company’s board of directors |
C. Company management |
D. The company’s auditors |
c |
|
M4 |
|
|
M4 |
| 14. Who Commits Financial Statement Fraud: |
A. Senior Management |
B. Middle and lower level employees |
C. Organized Criminals |
D. All the above |
d |
|
M4 |
|
|
M4 |
| 15. The Auditor’s Responsibilities Relating to fraud in an audit of Financial Statements are specified in : |
A. SA 240 |
B. SA 250 |
C. SA 300 |
D. SA 450 |
a |
|
M4 |
|
|
M4 |
| 16. SA 250 related to: |
A. Auditor’s Responsibilities Relating to fraud in an audit of Financial Statements |
B. Consideration of Laws and Regulations in an Audit of Financial Statements |
C. Both A and B |
D. None of the above |
b |
|
M4 |
|
|
M4 |
| 17. Maximum Imprisonment Punishment for fraud for criminal liability as per Section 447 of Companies Act, 2013. |
A. 3 Years |
B. 5 Year |
C. 7 Year |
D. 10 Year |
d |
|
M4 |
|
|
M4 |
| 18. Why Do People Commit Financial Statement Fraud |
A. To conceal true business performance |
B. To preserve personal status/control |
C. To maintain personal income/wealth |
D. All the above |
d |
|
M4 |
|
|
M4 |
| 19. The use of _____________________ may be particularly valuable in cases of white-collar crime. |
A. Fingerprint examiners |
B. Forensic photography |
C. Forensic accountants |
D. None of the above |
c |
|
M4 |
|
|
M4 |
| 20. Hashing, filtering and file header analysis make up which function of digital forensics tools? |
A. Validation and Verification |
B. Acquisition |
C. Extraction |
D. Reconstruction |
a |
|
M4 |
|
|
M4 |
| 21. The reconstruction function is needed for which of the following purposes? |
A. Re create a suspect drive to show what happened |
B. Create a copy of a drive for other investigators |
C. Recover file headers |
D. Re create a drive compromised by malware |
a |
|
M4 |
|
|
M4 |
| 22. ___ is the set of instructions compiled into a program that performs a particular task. |
A. Software |
B. Hardware |
C. OS |
D. None of these |
a |
|
M4 |
|
|
M4 |
| 23. While interviewing/interrogating an investigator should look for following outer personality/attributes in a person to conclude him as a suspect or a non-suspect I. Person’s dressing sense: the chances of the one being a suspect is more who dresses shabbily than the one who dresses immaculately II. Person’s Gender : the chances of the one being a suspect is more if he is a Male than the one who is a Female III. Other Characteristics like Race, Religion, Community, Color, Hierarchy, Age, Height Weight, no of years of service etc |
A. All (I), (II) and (III) above |
B. Only (III) above |
C. Both (I) and (II) above |
D. None |
d |
|
M4 |
|
|
M4 |
| 24. The following is used as forensic software except ____. |
A. The Coroner’s Toolkit |
B. Outlook |
C. ILook |
D. Forensic Toolkit |
b |
|
M4 |
|
|
M4 |
| 25. When conducting _________ analysis, the first step is to recover undeleted files. |
A. Research |
B. Forensic |
C. Process |
D. Security |
b |
|
M4 |
|
|
M4 |
| 26. The purpose of the Red Flags Rule is: |
A. To detect the warning signs – or “red flags” – of identity theft in day-to-day operations |
B. take steps to prevent the crime |
C. Mitigate the damage it inflicts. |
D. All of the above |
c |
|
M4 |
|
|
M4 |
| 27. Because the federal Red Flag Rules are so comprehensive, Minnesota’s state laws concerning identity theft prevention no longer apply. |
A. True |
B. False |
C. Depends on situation of identity theft |
D. Can’t say |
b |
|
M4 |
|
|
M4 |
| 28. Among the following which would be the red flags for payroll – |
A. Overtime time charged during a slack period |
B. Excessive or unjustified transactions |
C. Large no. of Write- off of accounts |
D. All of the above |
a |
|
M4 |
|
|
M4 |
| 29. Theft of an employer’s property which was not entrusted to employee will be defined as- |
A. Lapping |
B. Larceny |
C. Check kitting |
D. None of the above |
b |
|
M4 |
|
|
M4 |
| 30. A “habitual criminal” who steals for the sake of stealing is known as- |
A. Psychotic |
B. Egocentric |
C. Ideological |
D. Economic |
a |
|
M4 |
|
|
M4 |
| 31. A Personal prestige, goal achievement is termed as |
A. Psychotic |
B. Egocentric |
C. Ideological |
D. Economic |
b |
|
M4 |
|
|
M4 |
| 32. Which of the following statements is CORRECT: As per Beneish Model: |
A. A score less than -2.22 indicates a strong likelihood of a firm being a manipulator. |
B. A score greater than -2.22 indicates a strong likelihood of a firm being a manipulator. |
C. A score between -2.22 and +2.22 indicates a strong likelihood of a firm being a manipulator. |
D. A score between -2.22 and +7.88 indicates a strong likelihood of a firm being a manipulator. |
b |
|
M4 |
|
|
M4 |
| 33. Ideological means- |
A. Personal prestige, goal achievement. |
B. Cause is morally superior, justified in making other victims |
C. Desperate need for money, greed, economic achievement |
D. None of the above |
b |
|
M4 |
|
|
M4 |
| 34. What is a telephone “phreaker”? |
A. People who obtain free cellular phone service through theft or forgery of subscriber information or through employee collusion. |
B. People who exploit weaknesses in the cellular network’s technology to defraud the cellular service provider. |
C. People who stalk others on the Internet. |
D. People who trick telephone systems into believing that long-distance and airtime are being legitimately purchased. |
c |
|
M4 |
|
|
M4 |
| 35. Which of the following is not a tool utilized by computer criminals? |
A. NMAP |
B. ToneLoc |
C. Cyber-stalker |
D. Cryptanalysis |
c |
|
M4 |
|
|
M4 |
| 36. What is the purpose of cryptanalysis software? |
A. Breaking encryption |
B. Taking advantage of a security hole |
C. Impairing or destroying function in a computer |
D. Delivering attack software |
c |
|
M4 |
|
|
M4 |
| 37. What is the delivery vehicle of choice for exploit software? |
A. NMAP |
B. Cryptanalysis |
C. Tone Loc |
D. Trojan Horse Programs |
d |
|
M4 |
|
|
M4 |
| 38. What is the primary distinction between viruses and worms? |
A. Worms do not rely on a host program to infect. |
B. Worms masquerade as legitimate while causing damage. |
C. Viruses do not rely on a host program to infect. |
D. A computer virus is active without a host. |
a |
|
M4 |
|
|
M4 |
| 39. Which of the following is not a feature of a “cookie”? |
A. It is saved on the user’s hard drive. |
B. It tracks which sites a computer has visited. |
C. It may assist in an investigation. |
D. They are evil programs that scan the hard drive of a computer. |
d |
|
M4 |
|
|
M4 |
| 40. Which of the following describes the demographic profile of a hacker? |
A. White male |
B. 14 to 25 years of age |
C. Highly intelligent, yet an underachiever in school |
D. All of the above |
d |
|
M4 |
|
|
M4 |
| 41. ________________ is the science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer media. |
A. Anonymous remailing |
B. Digital forensic analysis |
C. Using a firewall |
D. None of the above |
a |
|
M4 |
|
|
M4 |
| 42. Which of the following techniques is most effective in preventing computer crime? |
A. Backups |
B. Digital forensic analysis |
C. Using a firewall |
D. None of the above |
b |
|
M4 |
|
|
M4 |
| 43. The term disk geometry refers to ________. |
A. the physical dimensions of the storage media |
B. the number of blocks on the disk |
C. the total size and number of cylinders, heads, and sectors |
D. the number of bits that can be stored on the disk |
c |
|
M4 |
|
|
M4 |
| 44. The stored bits of flash media are located in ________. |
A. rooms |
B. cells |
C. sectors |
D. blocks |
b |
|
M4 |
|
|
M4 |
| 45. Which of the following are challenges to data recovery for "highly available" memory? |
A. The data is distributed across several physical disks. |
B. The data is encrypted. |
C. The "highly available" solution contains unusually large and un-wieldy capacity. |
D. The data cannot be made unavailable for any length of time and therefore proper. |
a |
|
M4 |
|
|
M4 |
| 46. Which of the following statements is true about a computer's boot process? |
A. The boot process begins when the Central Processing Unit is initialized. |
B. The user can accelerate the boot process by pressing "Windows" key (also known as the turbo button). |
C. The first process in Linux is called 'kernel'. |
D. A Power-On Self-Test is performed once firmware is loaded |
d |
|
M4 |
|
|
M4 |
| 47. Which one of the following questions is NOT one to be answered by the investigation plan? |
A. Where is the evidence likely to be located? |
B. What age is the suspect? |
C. What local laws and court processes will affect this investigation? |
D. What skills are needed to extract the evidence? |
b |
|
M4 |
|
|
M4 |
| 48. Vulnerability assessment experts will perform the task of ________. (Select the three that apply) |
A. assessing the prevalence of a known weakness by scanning entire networks |
B. assessing the damage and impact of an exploited vulnerability |
C. scanning hosts for known weaknesses and vulnerabilities |
D. validating the integrity of the host or network equipment |
b |
|
M4 |
|
|
M4 |
| 49. Which three of the following would help investigators set the scope for strategies to extract evidence from acquired images? |
A. The password of the suspect |
B. The type of files that are not sought by a warrant |
C. The question or questions to be answered by the evidence |
D. Items found in pockets of clothing owned by the suspect |
a |
|
M4 |
|
|
M4 |
| 50. A process is best described as a _______. |
A. list of steps to complete a procedure |
B. list of steps which together complete a single task or part of a task for a forensics investigation |
C. list of tasks which together complete a forensics investigation |
D. list of tasks that together complete one step in a procedure |
b |
|
M4 |
|
|
M4 |
| 51. Separation of duties within an investigation describes how _______ and _______ should be accomplished by different staff. |
A. collection of physical evidence / collection of digital evidence |
B. extraction / acquisition |
C. acquisition / validation |
D. All of the above |
d |
|
M4 |
|
|
M4 |
| 52. In order to maintain the _________, both a single-evidence form and a multi-evidence form are used to document and catalog evidence. |
A. proper signatures |
B. evidence validation |
C. image reconstruction |
D. chain of custody |
d |
|
M4 |
|
|
M4 |
| 53. According to the Federal Rules for Evidence (FRE) section 702, the opinion of an expert witness can be based on all of the following EXCEPT ________. |
A. the product of consultations from peers with other expertise |
B. sufficient facts or data |
C. the product of accepted and reliable principles or methods |
D. application of accepted and reliable principles or methods |
a |
|
M4 |
|
|
M4 |
| 54.Which one of the following factors can sabotage the quality of digital evidence reports between the investigation and the presentation of the evidence to a court? |
A. A forensic professional reporting the work of a retired forensic investigator. |
B. The promotion of the detective who had been leading a criminal investigation. |
C. The procedures used to analyze the data may have been invalidated by court. |
D. All of the above |
a |
|
M4 |
|
|
M4 |
| 55. The best evidence rule of a case is the expectation that the evidence of a case ________. |
A. is the prime evidence that prove the theory of an attorney |
B. has been collected with the best and most current software tools available |
C. is the best and most scientific evidence collection procedures for that case |
D. is the best available evidence given the nature of the case |
c |
|
M4 |
|
|
M4 |
| 56. Which three "off-the-job" characteristics below are used to determine the "quality" of an expert witness? |
A. Income level of the expert |
B. The nature of the expert's morals |
C. Compliance with laws expected of average citizens |
D. Compliance with ethic standards for average citizens |
b |
|
M4 |
|
|
M4 |
| 57. Examination can be described as telling a story that ________. |
A. uses digital forensic investigators to support facts of the story with evidence |
B. disproves alternative theories when necessary |
C. presents evidence by asking digital forensic investigators to provide "question answers" |
D. All of the above |
d |
|
M4 |
|
|
M4 |
| 58.Employee embezzlement can be direct or indirect. Indirect fraud occurs when: |
A. an employee uses company assets to run his/her private business |
B. employees establish dummy companies and have their employers pay for goods that are not actually delivered |
C. an employee receives a kickback from a vendor |
D. an employee steals company cash, inventory, tools, or other assets |
c |
|
M4 |
|
|
M4 |
| 59.Which of the following is NOT one of the major types of fraud classification schemes? |
A. Employee embezzlement |
B. Government fraud |
C. Investment scams |
D. Customer fraud |
b |
|
M4 |
|
|
M4 |
| 60. Which of the following is not a common type of fraud pressure? |
A. Pressure to outsmart peers |
B. Financial pressures |
C. Work-related pressures |
D. Vices |
b |
|
M4 |
|
|
M4 |
| 61. Which of the following is NOT a way in which fraud can be committed? |
A. By false representation |
B. By failing to disclose information |
C. By abuse of position |
D. By obtaining property by deception |
d |
|
M4 |
|
|
M4 |
| 62. All of the following are methods that organization can adopt to proactively eliminate fraud opportunities EXCEPT: |
A. Accurately identifying sources and measuring risks |
B. Implementing appropriate preventative and detective controls |
C. Creating widespread monitoring by employees |
D. Eliminating protections for whistle blowers |
d |
|
M4 |
|
|
M4 |
| 63. Audits, public record searches, and net worth calculations are used to gather what type of evidence in fraud investigation? |
A. Testimonial |
B. Forensic |
C. Documentary |
D. Observation |
c |
|
M4 |
|
|
M4 |
| 64. Which of the following is NOT a part of the evidence square? |
A. Management evidence |
B. Documentary evidence |
C. Testimonial evidence |
D. Physical evidence |
a |
|
M4 |
|
|
M4 |
| 65. Which financial ratio is not useful in detecting revenue-related fraud? |
A. Gross profit margin ratio |
B. Account receivable ratio |
C. Asset turnover ratio |
D. All of the above |
d |
|
M4 |
|
|
M4 |
| 66. Section 447 of the Companies Act, 2013 defines fraud - Any act/ omission/ concealment of any fact committed by any person or other person (third party) with connivance in any manner with intent to deceive/ gain undue advantage or to injure interest of: |
A. Company |
B. Shareholders |
C. Creditors |
D. All the Above. |
d |
|
M4 |
|
|
M4 |
| 67. Fine/Penalty Punishment for fraud for civil liability as per Section 447 of Companies Act, 2013 |
A. Equal to the amount of fraud |
B. 2 times of amount of fraud |
C. 3 times of amount of fraud |
D. 4 times of amount of fraud |
c |
|
M4 |
|
|
M4 |
| 68.Which of the following is an example of the crime of counterfeit credit card fraud? |
A. An illegally obtained credit card is used to pay for a purchase |
B. An illegally created credit card is used to pay for a purchase |
C. An illegally altered credit card is used to pay for a purchase |
D. A credit card is obtained and used based on false application information |
b |
|
M4 |
|
|
M4 |
| 69.Which of the following is not an example of an antishoplifting technique? |
A. “Scarecrooks” |
B. “Anne Droid” |
C. Trojan Horse |
D. Ponzi scheme |
d |
|
M4 |
|
|
M4 |
| 70.Which of the following recommendations may prevent identity fraud? |
A. Patrol residential areas on trash collection days |
B. Enforce trespass laws at dump sites |
C. Advise citizens to shred documents |
D. All of the above |
d |
|
M4 |
|
|
M4 |
| 71. A computer crime that involves attacking phone lines is: |
A. data diddling |
B. phreaking |
C. phishing |
D. pharming |
b |
|
M4 |
|
|
M4 |
| 72. Hackers use all of the techniques except: |
A. war dialing |
B. war driving |
C. war chalking |
D. war walking |
d |
|
M4 |
|
|
M4 |
| 73. Social engineering facilitates what type of computer fraud? |
A. Click fraud |
B. Identity theft |
C. Spoofing |
D. Dictionary attacks |
b |
|
M4 |
|
|
M4 |
| 74. The computer crime of piggybacking |
A. involves the clandestine use of another user's WIFI |
B. usually results from spamming |
C. requires the permission of another user to gain access |
D. None of the above |
a |
|
M4 |
|
|
M4 |
| 75. A network of computers used in a denial-of-service (DoS) attack is called a (an): |
A. Worm |
B. Botnet |
C. Rootkit |
D. Splog |
b |
|
M4 |
|
|
M4 |
| 76. Spyware infections came from: |
A. worms/viruses |
B. drive-by downloads |
C. file-sharing programs |
D. All of the above |
d |
|
M4 |
|
|
M4 |
| 77. Which of the following is not a characteristic of computer viruses? |
A. They can lie dormant for a time without doing damage |
B. They can mutate which increases their ability to do damage |
C. They can hinder system performance |
D. They are easy to detect and destroy |
d |
|
M4 |
|
|
M4 |
| 78. Which of the following is a method used to embezzle money a small amount at a time from many different accounts? |
A. Data diddling |
B. Pretexting |
C. Spoofing |
D. Salami technique |
d |
|
M4 |
|
|
M4 |
| 79. Which of the following is NOT a method that is used for identity theft? |
A. Dumpster diving |
B. Phishing |
C. Shoulder surfing |
D. Spamming |
d |
|
M4 |
|
|
M4 |
| 80. A computer fraud and abuse technique that steals information, trade secrets, and intellectual property. |
A. Cyber-extortion |
B. Data diddling |
C. Economic espionage |
D. Skimming |
c |
|
M4 |
|
|
M4 |
| 81. Which of the following is a threat that organizations need to take account of in cyberspace? |
A. Password |
B. Objectionable content filter |
C. Denial of service attack |
D. Firewall |
c |
|
M4 |
|
|
M4 |
| 82. Desperate need for money, greed, economic achievement termed as- |
A. Psychotic |
B. Egocentric |
C. Ideological |
D. Economic |
d |
|
M4 |
|
|
M4 |
| 83. Stealing money from one customer account & crediting into another customer account is known as- |
A. Lapping |
B. Larceny |
C. Check kitting |
D. None of the above |
a |
|
M4 |
|
|
M4 |
| 84. Which among the following will not be an example of Green flag- |
A. Auditee nice behavior with auditor during audit (eg. Offering drinks during lunch) |
B. Auditee is too much friendly with staff and vendors |
C. Regular receipt of material of same qty |
D. Employee with few or no payroll deductions |
d |
|
M4 |
|
|
M4 |
| 85. Factors contributing to red flag includes- |
A. Poor Internal Controls |
B. Management overrides Internal Control |
C. Collusion between employees & third party |
D. All of the above |
d |
|
M4 |
|
|
M4 |
| 86. Management Red Flags is/are- |
A. Management decisions are dominated by an individual or small group |
B. Managers engage in frequent disputes with auditors |
C. Reluctance to provide information to auditors |
D. All of the above |
d |
|
M4 |
|
|
M4 |
| 87. Common Types of Fraud in School Districts would be- |
A. Unreimbursed personal calls |
B. Theft of inventory items. |
C. Inappropriate charges to a travel or account payable voucher |
D. All of the above |
d |
|
M4 |
|
|
M4 |
| 88. Employees with duplicate social security numbers, names and addresses, a- |
A. Management Red flag |
B. Red flag in purchasing |
C. Red flag in payroll |
D. Red flag in cash/ account receivable |
d |
|
M4 |
|
|
M4 |
| 89. Excessive number of year end transaction, a |
A. Management Red flag |
B. Red flag in purchasing |
C. Red flag in payroll |
D. Red flag in cash/ account receivable |
c |
|
M4 |
|
|
M4 |
| 90. The most popular software forensic tools include all of the following except: |
A. Forensics Autopsy |
B. QUICKEN |
C. Forensics Toolkit |
D. SMART |
a |
|
M4 |
|
|
M4 |
| 91. Hash values are used for which of the following purposes? |
A. Determining file sizes |
B. Filtering known good files from potentially suspicious data |
C. Reconstruction file fragments |
D. Validating that the original data hasn’t changed. |
d |
|
M4 |
|
|
M4 |
| 92. The verification function does the following? |
A. Proves that a tool performs as intended |
B. Creates segmented files. |
C. Proves that two sets of data are identical via hash values |
D. Verifies hex editors. |
c |
|
M4 |
|
|
M4 |
| 93. What are the function of Extraction: |
A. GUI Acquisition |
B. Command line acquisition |
C. Carving |
D. Hashing |
c |
|
M4 |
|
|
M4 |
| 94. Disc imaging |
A. bit stream duplicate |
B. no alterations to original media |
C. verify integrity |
D. All of above |
d |
|
M4 |
|
|
M4 |
| 95. Acquisition to ISO standard 27037, which of the following is an important factor in data acquisition? |
A. The DEFR’s Competency |
B. The DEFR’s skills in using the command lines |
C. Use of validated tools |
D. Condition at the acquisition setting |
a |
|
M4 |
|
|
M4 |
| 96. The physical Cheque tempering prevention method in which extremely small printing, too small to be read with naked eye becomes distorted when photocopied is called _______. |
A. High resolution microprinting |
B. Microline printing |
C. Watermark backers |
D. None of above |
b |
|
M4 |
|
|
M4 |
| 97. Which among the following are the three payroll fraud schemes I. Ghost employees II. Temporary employees III. Falsified overtime IV. Commission Option: |
A. I , II & III |
B. I , III & IV |
C. II , III & IV |
D. I , II & IV |
d |
|
M4 |
|
|
M4 |
| 98. Which of the following is the Security feature provided by bank to its accountholders so that only authorized electronic transaction are allowed. |
A. ACH |
B. AHC |
C. CAH |
D. CHA |
a |
|
M4 |
|
|
M4 |
| 99. The style of interviewer while handling fraud cases should be I. He should be friendly and easy-going like cracking jokes and asking about hobbies and favorite things because the information is easily extracted from the anyone whom he gets friendly to II. He should be strict, authoritative and accusatory because otherwise the suspect can take the investigator for granted and tell lies or not answer to what is being asked III. He should be the one who does most of the talking and asking questions to which the suspect answers in Yes or No IV. He should maintain a non-accusatory tone and firm demeanor during an interview. he should keep his questions brief and, whenever possible, elicit a narrative response from the subject |
A. Both (I) and (III) above |
B. Only (IV) above |
C. Only (II) above |
D. None |
b |
|
M4 |
|
|
M4 |
| 100. While interviewing/interrogating a suspect, an investigator should do the following: I. Listen only to what the suspect says and ignoring his behavioral attributes II. Don’t believe at all to what he says and concentrate only to his behavioral attributes III. Rely on the opinion of what others are talking about him (his supervisor, his colleagues and his juniors) and on his past history of manipulation. IV. Collect Documentary Evidence and corroborate it with explanation obtained while interviewing/interrogating considering their behavior attributes on non-judgmental basis |
A. Both (I) and (III) above |
B. Only (I) above |
C. Both (II) and (III) above |
D. Only (IV) above |
d |
|
M4 |
|
|
M4 |
| 1. Employee’s behavioral changes (alcohol, gambling) will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
B |
|
M1 |
|
|
M1 |
| 2. The purpose of the Red Flags Rule is: |
A. To detect the warning signs – or “red flags” – of identity theft in day-to-day operations |
B. take steps to prevent the crime |
C. Mitigate the damage it inflicts. |
D. All of the above |
C |
|
M1 |
|
|
M1 |
| 3. The interrelationship among auditing, fraud examination, and financial forensics is: |
A. Established and maintained by legal structures and justice processes |
B. Constant even while social and cultural pressures are exerted on it |
C. Cased on the SOX Act and SAS 99 |
D. Dynamic and changes over time |
E |
|
M1 |
|
|
M1 |
| 4. What is one of the primary differences between a Financial Statement auditor and a Forensic Accountant? |
A. Financial statement auditors are likely to follow leads suggested by immaterial items whereas Forensic Accountants often must restrict their efforts to searching for material misstatements. |
B. Forensic Accountants are likely to follow leads suggested by immaterial items whereas .financial statement auditors often must restrict their efforts to searching for material misstatements |
C. .Forensic Accountants must focus on specific legal areas that produce fraud charges under the courts of law whereas financial statement auditors focus their attention on the Generally Accepted Accounting Principles. |
D. Forensic Accountants are likely to ask individuals to fix discrepancies found in financial statements whereas financial statement auditors will fail a corporations financial statement certification, therefore having repercussions with the SEC. |
B |
|
M1 |
|
|
M1 |
| 5. Among the following which would be the red flags for payroll – |
A. Overtime time charged during a slack period |
B. Excessive or unjustified transactions |
C. Large no. of Write- off of accounts |
D. All of the above |
A |
|
M1 |
|
|
M1 |
| 6. If pressures and opportunities are high and personal integrity is low, the chance of fraud is: |
A. High |
B. Medium |
C. Very Low |
D. Low |
A |
|
M1 |
|
|
M1 |
| 7. Which is not a red flag among following: |
A. Negative Cash flows |
B. Significant sales to related parties |
C. Sudden above-average profits for specific quarters |
D. Paid dividend according to dividend payout ratio |
D |
|
M1 |
|
|
M1 |
| 8. At a minimum, professional skepticism: |
A. is supportive of client’s claim of fraud |
B. is a neutral but disciplined approach to detection and investigation |
C. assumes that the management is dishonest and therefore must “pull every loose thread” to find the evidence and fraud |
D. assumes unquestioned loyalty by newer and younger employees |
B |
|
M1 |
|
|
M1 |
| 9. Which of the following techniques is most effective in preventing computer crime? |
A. Backups |
B. Digital forensic analysis |
C. Using a firewall |
D. None of the above |
A |
|
M1 |
|
|
M1 |
| 10. Which of the following types of organizations typically use Forensic Accountants? |
A. Publicly held corporations. |
B. Private/non-profit corporations. |
C. Federal/State Agencies. |
D. All of the above. |
D |
|
M1 |
|
|
M1 |
| 11. Which of the following is not a common type of fraud pressure? |
A. Pressure to outsmart peers |
B. Financial pressures |
C. Work-related pressures |
D. Vices |
B |
|
M1 |
|
|
M1 |
| 12. In comparing management fraud with employee fraud, the auditor’s risk of failing to discover the fraud is: |
A. greater for management fraud because managers are inherently more deceptive than employees |
B. greater for management fraud because of management’s ability to override existing internal controls |
C. greater for employee fraud because of the higher crime rate among blue collar workers |
D. greater for employee fraud because of the larger number of employees in the organization |
B |
|
M1 |
|
|
M1 |
| 13. ____ is the science of writing hidden messages I such a way that no one apart from th sender and intended recipient even realizes there is a hidden message. |
A. decryption |
B. obfuscation |
C. stenography |
D. encryption |
C |
|
M1 |
|
|
M1 |
| 14. Why is it recommended not to put a password in your EnCase? |
A. because you will secure your information |
B. it’s to many steps |
C. if you forget you are out of luck |
D. it cannot be encrypted |
C |
|
M1 |
|
|
M1 |
| 15. All of the following are methods that organization can adopt to proactively eliminate fraud opportunities EXCEPT: |
A. Accurately identifying sources and measuring risks |
B. Implementing appropriate preventative and detective controls |
C. Creating widespread monitoring by employees |
D. Eliminating protections for whistle blowers |
D |
|
M1 |
|
|
M1 |
| 16. Overstating revenues and understating liabilities and expenses typifies which of the following fraud schemes? |
A. Unconcealed larceny |
B. Purchase and sales Skimming |
C. Fraudulent statements |
D. Schemes |
C |
|
M1 |
|
|
M1 |
| 17. From the statements below select the most correct. |
A. Prevention and deterrence are typically more costly than attempting to remediate a fraud that has already occurred. |
B. Fraud deterrence refers to creating environments in which people are prohibited from committing fraud. |
C. Fraud detection refers to the process of preventing and discovering the presence of fraud. |
D. Prevention and deterrence are typically more cost beneficial than attempting to remediate a fraud that has already occurred. |
D |
|
M1 |
|
|
M1 |
| 18. when working on computer forensics always work from of the evidence and never from the original to prevent damage to the evidence. |
A. Original hard drive |
B. Live computer |
C. Remote desktop |
D. An image |
D |
|
M1 |
|
|
M1 |
| 19. Financial statement fraud is easiest to commit in organizations that: |
A. have democratic leadership. |
B. have a large internal audit department. |
C. have a board of directors comprised primarily of outsiders. |
D. have complex organizational structures. |
D |
|
M1 |
|
|
M1 |
| 20. Customer fraud includes all of the following EXCEPT: |
A. Get something for nothing |
B. Do not pay for goods purchased |
C. Fraud perpetrated through collusion between buyers and vendors. |
D. Deceive organization into giving them something they should not |
C |
|
M1 |
|
|
M1 |
| 21. What is the most cost-effective way to minimize the cost of fraud? |
A. Prevention |
B. Detection |
C. Investigation |
D. Prosecution |
A |
|
M1 |
|
|
M1 |
| 22. The Fraud Exposure Rectangle includes: |
A. Rationalization |
B. perceived pressure |
C. relationships with others |
D. All of the choices are included in the Fraud Exposure Rectangle |
C |
|
M1 |
|
|
M1 |
| 23. Which of the following statements is most correct regarding errors and fraud? |
A. An error is unintentional, whereas fraud is intentional. |
B. Frauds occur more often than errors in financial statements. |
C. Errors are always fraud and frauds are always errors. |
D. Auditors have more responsibility for finding fraud than errors. |
A |
|
M1 |
|
|
M1 |
| 24. You are suppose to maintain three types of records. Which answer is not a record? |
A. Chain of custody |
B. Documentation of the crime scene |
C. Searching the crime scene |
D. Document your actions |
C |
|
M1 |
|
|
M1 |
| 25. Forensic Interviewing Techniques does not include |
A. Investigation |
B. Polygraph test |
C. Physical Behaviour Analysis |
D. Disk Imaging |
D |
|
M1 |
|
|
M1 |
| 26. When performing forensics work, which of the guidelines below should be followed? i. You should make a copy of a suspect's drive and interact with the copy instead of the original ii. If you take the evidence home with you, carry it in a locked briefcase. iii. You should only document those tests that provide information that can be used in court. iv. The location and use of the evidence from the point it was seized until the moment it is shown in court must be known. |
A. i and ii |
B. i and iii |
C. i and iv |
D. All of above |
A |
|
M1 |
|
|
M1 |
| 27. Which financial ratio is not useful in detecting revenue-related fraud? |
A. Gross profit margin ratio |
B. Account receivable ratio |
C. Asset turnover ratio |
D. All of the above |
D |
|
M1 |
|
|
M1 |
| 28. Phishing attackers use –––––––––––––––––– to commit their crimes. |
A. Email |
B. SMS |
C. Courier |
D. Whatsapp |
A |
|
M1 |
|
|
M1 |
| 29. The possible profiles of a fraud perpetrator are |
A. Very friendly, but self centered and egoistic |
B. Unfriendly and an introvert |
C. Surly and angry but good in work |
D. Very slow in work that he/she is used to doing for years together |
B |
|
M1 |
|
|
M1 |
| 30. Steganography is |
A. graph of sales to technological spending |
B. the science of hiding information |
C. graph of mails sent to mails received |
D. the science of generating random passwords |
B |
|
M1 |
|
|
M1 |
| 31. Tools for imaging: (a) Dossier (b) Tableau (c) Encase & FTK (d) ACL |
A. (a), (b) & (c) only |
B. (b) & (c) only |
C. (a) & (b) only |
D. All of the above |
A |
|
M1 |
|
|
M1 |
| 32. most popular software forensic tools include all of the following except: |
A. Forensics Autopsy |
B. QUICKEN |
C. Forensics Toolkit |
D. SMART |
B |
|
M1 |
|
|
M1 |
| 33. One very well-known software used for forensic analysis is . |
A. IBM |
B. Google |
C. Encase |
D. Forensic-ripper |
C |
|
M1 |
|
|
M1 |
| 34. Three conditions are necessary for a fraud to occur. These three conditions are: |
A. need, dissatisfaction, and challenge |
B. pressure, opportunity, and rationalization |
C. no separation of duties, need, and no independent performance checks |
D. challenge, motivation, and failure to enforce internal controls |
B |
|
M1 |
|
|
M1 |
| 35. If a company wishes to improve detection methods, they should do all of the following except: |
A. use forensic accountants |
B. conduct frequent audits |
C. encrypt data |
D. all of the above improve detection of fraud |
D |
|
M1 |
|
|
M1 |
| 36. Refusal to take sick leave by employees will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
C |
|
M1 |
|
|
M1 |
| 37. MS Excel has an Auditing Formula function known as : |
A. Track Formula |
B. Trace Dependents |
C. Trace Formula |
D. Track Reliability |
B |
|
M1 |
|
|
M1 |
| 38. A Forensic Auditor is not given any specific written mandate but a general consent to investigate into a fraud for accounting manipulation in Customer accounts. After completion of work, a note on which of the following aspect should NOT be included in a Forensic Audit Report |
A. Objectives that the Forensic Auditor has perceived and pursued during the course of the investigation. |
B. Severe deficiencies in the internal control mechanism observed by him with regard to Vendor accounts which has immaterial relevance to the subject fraud |
C. A recommendation for volume/ quantum of punishment to be reprimanded to the erring accountant against whom the Forensic Auditor has an explicit evidence. |
D. A limiting condition where certain file of important document for a specific period that was not made available to the Forensic Auditor despite several requests. |
C |
|
M1 |
|
|
M1 |
| 39. Which of the following is not a required part of an Identity Theft Prevention Program? |
A. Reasonable policies and procedures to identify potential “red flags” |
B. A dedicated phone line for customers to call in identity theft reports. |
C. Specific procedures to detect the “red flags” identified as potential threats. |
D. A plan for regularly re-evaluating the program. |
B |
|
M1 |
|
|
M1 |
| 40. A forensics lab will have dedicated areas for each of the following functions EXCEPT _________. |
A. forensics examination workspace |
B. a secured locker area |
C. a continuing education training centre |
D. well-stocked inventory |
B |
|
M1 |
|
|
M1 |
| 41. The journal of a forensics specialist or expert will contain entries that provide the following functions EXCEPT _______. |
A. the description of WHO did WHAT and WHEN |
B. the results of the examination |
C. any actions taken to examine the evidence |
D. any theories that result from the examination |
D |
|
M1 |
|
|
M1 |
| 42. Weakness in internal control environment will lead which kind of fraud- |
A. Employee Red Flag |
B. Management Red Flag |
C. General Red Flag |
D. None of above |
B |
|
M1 |
|
|
M1 |
| 43. Which of the following is not an example of an antishoplifting technique? |
A. “Scarecrooks” |
B. “Anne Droid” |
C. Trojan Horse |
D. Ponzi scheme |
D |
|
M1 |
|
|
M1 |
| 44. Lack of segregation of duties in vulnerable area will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
A |
|
M1 |
|
|
M1 |
| 45. Suspicious” refers to which of the following: |
A. Inconsistent signatures on file. |
B. Driver’s license photo doesn’t match person. |
C. Inability to recall mother’s maiden name. |
D. Any and all of the above |
D |
|
M1 |
|
|
M1 |
| 46. Acquisition to ISO standard 27037, which of the following is an important factor in data acquisition? |
A. The DEFR’s Competency |
B. The DEFR’s skills in using the command lines |
C. Use of validated tools |
D. Condition at the acquisition setting |
A |
|
M1 |
|
|
M1 |
| 47. Computer forensics does not involves …. |
A. Interpretation, |
B. Preservation, |
C. Delimitation |
D. Documentation |
A |
|
M1 |
|
|
M1 |
| 48. Secretly recording a suspect’s interview will : |
A. assist you as electronic notes since it is not possible to always make comprehensive handwritten notes |
B. assist you to confront the suspect later if he/she changes his/her stand or denies certain information given earlier |
C. assist you, to limited extent, to build up evidence against the suspect in a court of law |
D. all the above |
D |
|
M1 |
|
|
M1 |
| 49. In the context of forensics, data is most analogous to ________. |
A. files and folders |
B. information |
C. digital evidence |
D. bits |
C |
|
M1 |
|
|
M1 |
| 50. The use of _____________________ may be particularly valuable in cases of white- collar crime. |
A. Fingerprint examiners |
B. Forensic photography |
C. Forensic accountants |
D. None of the above |
C |
|
M1 |
|
|
M1 |
| 51.Which of the following is a not a power under PMLA? |
A. Confiscation |
B. Abatement of crime |
C. Search & Seizure |
D. Arrest |
B |
|
M1 |
|
|
M1 |
| 52.Social engineering facilitates what type of computer fraud? |
A. Click fraud |
B. Identity theft |
C. Spoofing |
D. Dictionary attacks |
B |
|
M1 |
|
|
M1 |
| 53.……………………………... gives the expected frequencies of the digits in tabulated data. |
A. Benford’s Law |
B. Beneish Model |
C. Relative Size Factor |
|
A |
|
M1 |
|
|
M1 |
| 54.While interviewing/interrogating an investigator should look for following outer personality/attributes in a person to conclude him as a suspect or a non-suspect I. Person’s dressing sense: the chances of the one being a suspect is more who dresses shabbily than the one who dresses immaculately II. Person’s Gender : the chances of the one being a suspect is more if he is a Male than the one who is a Female III. Other Characteristics like Race, Religion, Community, Color, Hierarchy, Age, Height Weight, no of years of service etc |
A. All (I), (II) and (III) above |
B. Only (III) above |
C. Both (I) and (II) above |
D. None |
D |
|
M1 |
|
|
M1 |
| 55.The following firm is not involved in accounting scandals: |
A. Enron |
B. Larson and Toubro |
C. Worldcom |
D. Satyam |
B |
|
M1 |
|
|
M1 |
| 56.Weak internal controls in an organization will affect which of the following elements of fraud? |
A. Motive |
B. Opportunity |
C. Rationalization |
D. None of the above |
B |
|
M1 |
|
|
M1 |
| 57.Financial statement auditors, under SAS 99, are required to make inquires about possible fraudulent activity of all of the following parties except: |
A.bond holders. |
B.audit committee members. |
C.management. |
D.internal auditors. |
A |
|
M1 |
|
|
M1 |
| 58.Accounts that can be manipulated in revenue fraud include all of the following except: |
A. Accounts Receivable. |
B. Inventory. |
C. Sales Discounts. |
D. Bad Debt Expense |
B |
|
M1 |
|
|
M1 |
| 59.Which of the following statement related to Fraud Risk Assessment (FRA) is INCORRECT: |
A. Evaluate whether identified fraud risk controls are operating effectively. |
B. It is a one-time activity, not required to be performed on periodic basis. |
C. Identify and map existing preventive and detective controls to the relevant fraud risk. |
D. Identify and evaluate residual fraud risk resulting from ineffective or non-existent controls. |
B |
|
M1 |
|
|
M1 |
| 60.After you have identified the red flags of ID Theft that you’re likely to come across in your business, what do you do next? |
A. Set up procedures to detect those red flags in your day-to-day operations. |
B. Train all employees who will use the procedures. |
C. Decide what actions to take when a red flag is detected. |
D. All of the above |
D |
|
M1 |
|
|
M1 |
| 61.One of the key success driver of Data Analysis is the ability to keep shuffling between the bird’s eye view (i.e macro overview) vis-à-vis the ant’s view (i.e micro view) of the data. In that context, which of the following techniques are useful for Forensic Auditor to get Bird’s Eyeview Or Macro overview of the Data (i) Missing / Gap Analysis (ii) Stratification (iii) Isolated Outliers (iv) Classification (v) Ageing Analysis (vi) Round Number Analysis |
A. (i), (ii) and (iii) |
B. (i), (iii) and (iv) |
C. (ii), (iv) and (vi) |
D. (ii), (iv) and (v) |
D |
|
M1 |
|
|
M1 |
| 62.____________________ is a generic term which refers to all the legal and regulator aspects of Internet and the World Wide Web |
A. Cyber Law |
B. Cyber Dyne |
C. Cyber Café |
D. Electronic Law |
A |
|
M1 |
|
|
M1 |
| 63.When was the first ever cybercrime recorded? |
A. 1820 by Joseph-Marie Jacquard, a textile manufacturer in France |
B. 1830 by Joseph-Marie Jacquard, a textile manufacturer in London |
C. 1850 by Joseph-Marie Jacquard, a textile manufacturer in Roam |
D. 1880 by Joseph-Marie Jacquard, a textile manufacturer in Japan |
A |
|
M1 |
|
|
M1 |
| 64.A system of checks and balances between management and all other interested parties with the aim of producing an effective, efficient, and law-abiding corporation is known as: |
A. Corporate governance |
B. Code of conduct |
C. Transparency |
D. Culture of compliance |
A |
|
M1 |
|
|
M1 |
| 65.Many indicators of fraud are circumstantial; that is, they can be caused by nonfraud factors. This fact can make convicting someone of fraud difficult. Which of the following types of evidence would be most helpful in proving that someone committed fraud? |
A. Missing documentation. |
B. Analytical relationships that don’t make sense. |
C. A repeated pattern of similar fraudulent acts. |
D. A general ledger that is out of balance. |
C |
|
M1 |
|
|
M1 |
| 66.All of the following are indicators of financial statement fraud except: |
A. Unusually rapid growth of profitability. |
B. Dependence on one or two products. |
C. Large amounts of available cash. |
D. Threat of a hostile takeover. |
C |
|
M1 |
|
|
M1 |
| 67.Disc imaging |
A. bit stream duplicate |
B. no alterations to original media |
C. verify integrity |
D. All of above |
D |
|
M1 |
|
|
M1 |
| 68.FTK's Known File Filter (KFF) can be used for which of the following purposes? i. Filter known program files from view ii. Calculate hash values of known files to evidence files. iii. Filter out evidence that doesn't relate to your investigation. |
A. I and ii |
B. Ii and iii |
C. I and iii |
D. All of above |
B |
|
M1 |
|
|
M1 |
| 69.A ____ function is any well defined procedure or mathematical function for turning some kind of data into a relatively small integer. |
A. hash |
B. metadata |
C. encryption |
D. decryption |
A |
|
M1 |
|
|
M1 |
| 70.Which of the following are strategies used to attempt to minimize piracy of software or other intellectual property? |
A. Encryption |
B. Intellectual property laws |
C. Legal copyrighting |
D. All of the above |
D |
|
M1 |
|
|
M1 |
| 71.A denial of service attack occurs when the perpetrator: |
A. sends e-mail bombs |
B. eavesdrops |
C. installs a logic time bomb |
D. cracks a computer system |
A |
|
M1 |
|
|
M1 |
| 72.A fraud perpetrated by tricking a person into disclosing confidential information, such as a password, is called |
A. a Trojan horse |
B. hacking |
C. social engineering |
D. scavenging |
C |
|
M1 |
|
|
M1 |
| 73.Which of the following is a method used to embezzle money a smallamount at a time from many different accounts? |
A. Data diddling |
B. Pretexting |
C. Spoofing |
D. Salami technique |
D |
|
M1 |
|
|
M1 |
| 74.A challenge relating to Cyber-crimes is the collection of ____________________ |
A. electronic evidence |
B. paper evidence |
C. mechanical evidence |
D. hardware evidence |
A |
|
M1 |
|
|
M1 |
| 75.Lie detector test does not include |
A. Polygraph Test |
B. Blood Group |
C. Blood Pressure |
D. Computer Analysis |
B |
|
M1 |
|
|
M1 |
| 76.the chronological documentation showing the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence |
A. chain of custody |
B. Documentary Evidence |
C. Demonstrative evidence |
D. None of these |
A |
|
M1 |
|
|
M1 |
| 77.What is the best response of a forensic professional to an attorney who asks a hypothetical question? |
A. Provide the best answer possible given the evidence and appropriately emphasis the hypothetical nature of the question. |
B. Demonstrate anger and register a protest. |
C. Refuse to answer the question. |
|
A |
|
M1 |
|
|
M1 |
| 78.Which of the following is least likely to be considered a financial reporting fraud symptom, or red flag? |
A. Grey directors. |
B. Family relationships between directors or officers. |
C. Large increases in accounts receivable with no increase in sales. |
D. Size of the firm. |
C |
|
M1 |
|
|
M1 |
| 79.Which of the following is the indicator of deception while conducting Forensic Interview |
A. Quick, spontaneous answers |
B. Consistent strong denial |
C. Direct, brief answers |
D. Hesitant |
D |
|
M1 |
|
|
M1 |
| 80.Which of the following is NOT one of the major types of fraud classification schemes? |
A. Employee embezzlement |
B. Government fraud |
C. Investment scams |
D. Customer fraud |
B |
|
M1 |
|
|
M1 |
| 81. The Auditor’s Responsibilities Relating to fraud in an audit of Financial Statements are specified in : |
A. SA 240 |
B. SA 250 |
C. SA 300 |
D. SA 450 |
A |
|
M1 |
|
|
M1 |
| 82.Which of the following is not a characteristic of computer viruses? |
A. They can lie dormant for a time without doing damage |
B. They can mutate which increases their ability to do damage |
C. They can hinder system performance |
D. They are easy to detect and destroy |
D |
|
M1 |
|
|
M1 |
| 83.Which of the following is not a type of external fraud? |
A. Delivery of substandard goods at full price |
B. Creating phony vendors |
C. Phishing attacks |
D. Cheating on travel expense reports |
D |
|
M1 |
|
|
M1 |
| 84.All of the following ratios are useful in detecting large revenue frauds except: |
A. Gross profit margin. |
B. Working capital turnover. |
C. Accounts receivable turnover. |
D. Current ratio. |
D |
|
M1 |
|
|
M1 |
| 85.The ratio that is computed by dividing the number of days in a period by the inventory turnover ratio is: |
A. accounts receivable turnover ratio. |
B. inventory turnover ratio. |
C. working capital turnover ratio. |
D. number of days' sales in inventory. |
D |
|
M1 |
|
|
M1 |
| 86.According to the opportunity part of the fraud triangle, a person may do all of the following acts except |
A. Convert the theft or misrepresentation for personal gain |
B. Control the fraud |
C. Commit the fraud |
D. Conceal the fraud |
B |
|
M1 |
|
|
M1 |
| 87.The most common account(s) manipulated when perpetrating financial statement fraud are: |
A. Inventory |
B. Expenses |
C. Revenues |
D. Accounts Payable |
C |
|
M1 |
|
|
M1 |
| 88.Which of the following is NOT a method that is used for identity theft? |
A. Dumpster diving |
B. Phishing |
C. Shoulder surfing |
D. Spamming |
D |
|
M1 |
|
|
M1 |
| 89.General financial statement fraud can be detected through |
A. audit |
B. Surprise audits /cash counts. |
C. Data mining |
D. All of the above |
D |
|
M1 |
|
|
M1 |
| 90.Which of the following is not a skill needed by a Forensic Accountant? |
A. Auditing Skills. |
B. Criminology. |
C. Sociology |
D. Information Technology |
C |
|
M1 |
|
|
M1 |
| 1 A red flag indicates that the alert is......... |
A. Old |
B. Follow up |
C. Urgent |
D. New |
D |
|
M2 |
|
|
M2 |
| 2 A fraud which is perpetrated by scrambling a company's files is a: |
A. data fraud |
B. output fraud |
C. computer instructions fraud |
D. Input fraud. |
A |
|
M2 |
|
|
M2 |
| 3 E-commerce is the commercial transaction of services in a/an ______________ |
A. mechanical format. |
B. electronic format |
C. Paper |
D. Stone |
B |
|
M2 |
|
|
M2 |
| 4 Which of the following refers to a business platform, involving a business entity and consumers? |
A. Business-to-consumer (B2C) |
B. Business-to-business (B2B) |
C. Consumer-to-business (C2B) |
D. Consumer-to-consumer (C2C) |
A |
|
M2 |
|
|
M2 |
| 5 . The physical Cheque tempering prevention method in which extremely small printing, too small to be read with naked eye becomes distorted when photocopied is called _______. |
A. High resolution microprinting |
B. Microline printing |
C. Watermark backers |
D. None of above |
B |
|
M2 |
|
|
M2 |
| 6 Which among the following are the three payroll fraud schemes i) Ghost employees ii) Temporary employees iii) Falsified overtime iv) Commission |
A. i , ii & iii |
B. i , iii & iv |
C. ii , iii & iv |
D. i , ii & iv |
D |
|
M2 |
|
|
M2 |
| 7 In which of the following is the computer incidental to the crime? |
A. Computer manipulation |
B. Money laundering |
C. Data alteration |
D. Theft of services |
C |
|
M2 |
|
|
M2 |
| 8 In which of the following is a computer not incidental to the crime? |
A. Computer manipulation |
B. Money laundering |
C. Criminal enterprises |
D. Sex crimes |
A |
|
M2 |
|
|
M2 |
| 9 Which Standard on Auditing among the following describes the importance of red flags: |
A. SA 240 |
B. SA 210 |
C. SA 250 |
D. SA 260 |
A |
|
M2 |
|
|
M2 |
| 10 The most popular software forensic tools include all of the following except: |
A. Forensics Autopsy |
B. QUICKEN |
C. Forensics Toolkit |
D. SMART |
B |
|
M2 |
|
|
M2 |
| 11 Hash values are used for which of the following purposes? |
A. Determining file sizes |
B. Filtering known good files from potentially suspicious data |
C. Reconstruction file fragments |
D. Validating that the original data hasn’t changed. |
D |
|
M2 |
|
|
M2 |
| 12 The verification function does the following? |
A. Proves that a tool performs as intended |
B. Creates segmented files. |
C. Proves that two sets of data are identical via hash values |
D. Verifies hex editors. |
C |
|
M2 |
|
|
M2 |
| 13 What are the Characteristics of an Interview I. Establishing Rapport II. Careful listening III. Accusatory IV. Dominate the Conversation |
A. All (I), (II), (III) & (IV) above |
B. Both (I) and (II) above |
C. Both (III) and (IV) above |
D. None |
B |
|
M2 |
|
|
M2 |
| 14 Which of the following questions are interview based questions I. "Did you plan this fraud out for months and months in advance or did it pretty much happen on the spur of the moment?" II. “Were there any sales after office hours, before office hours?” III. “how are these cash memos generated?” IV. "What are your duties and responsibilities?“ |
A. All (I), (II), (III) & (IV) above |
B. Both (II) and (III) above |
C. (II) (III) and (IV)above |
D. None |
C |
|
M2 |
|
|
M2 |
| 15 The style of interviewer while handling fraud cases should be I. He should be friendly and easy-going like cracking jokes and asking about hobbies and favorite things because the information is easily extracted from the anyone whom he gets friendly to II. He should be strict, authoritative and accusatory because otherwise the suspect can take the investigator for granted and tell lies or not answer to what is being asked III. He should be the one who does most of the talking and asking questions to which the suspect answers in Yes or No IV. He should maintain a non-accusatory tone and firm demeanor during an interview. he should keep his questions brief and, whenever possible, elicit a narrative response from the subject |
A. Both (I) and (III) above |
B. Only (IV) above |
C. Only (II) above |
D. None |
B |
|
M2 |
|
|
M2 |
| 16 Most frauds involve three steps. These steps are: |
A. access, opportunity, need |
B. decrease assets, increase expenses, misappropriation |
C. theft, conversion, concealment |
D. input, processing, output |
C |
|
M2 |
|
|
M2 |
| 17 Which section of IT Act covers most of the common crimes arising out of “Unauthorised Access” |
A. Section 66 |
B. Section 67 |
C. Section 73 |
D. Section 74 |
A |
|
M2 |
|
|
M2 |
| 18 The imaginary location where the word of the parties meets in conversation is referred to as ________________. |
A. Cyberspace |
B. Space |
C. Cyberdyne |
D. Cybernet |
A |
|
M2 |
|
|
M2 |
| 19 Which of the following is not a method for stealing sales and receivables but a way of using skimmed money |
A. lon term skimming |
B. short term skimming |
C. Understated sales |
D. Unrecorded sales |
B |
|
M2 |
|
|
M2 |
| 20 Which of the following sentence is true? |
A. Lapping is the debiting one account and crediting of another account. |
B. The legal definition of forgery includes only the signing of another person’s name to a document with fraudulent intent. |
C. Lapping is the crediting of one account through abstraction of money from another account. |
D. None of the Above |
C |
|
M2 |
|
|
M2 |
| 21 __________ are those cheque tempering schemes in which an employee intercepts a company cheque intended for a third party and converts the cheque by signing the third party’s name on the endorsement line of cheque. |
A. Intercepted cheques |
B. Altered payee schemes |
C. Authorized maker scheme. |
D. Forged endorsement scheme. |
D |
|
M2 |
|
|
M2 |
| 22 . Which of the following is an example of a crime associated with the prevalence of computers? |
A. Computer manipulation |
B. Money laundering |
C. Theft of services |
D. Intellectual property violations |
D |
|
M2 |
|
|
M2 |
| 23 Which of the following crimes targets a computer? |
A. Denial of service |
B. Money laundering |
C. Theft of services |
D. Intellectual property violations |
A |
|
M2 |
|
|
M2 |
| 24 Which of the following best defines computer abuse? |
A. Denial of service |
B. Money laundering |
C. An illegal act in which knowledge of computer technology is used to commit the act |
D. An intentional act involving a computer in which the perpetrator may have gained at the victim’s expense |
D |
|
M2 |
|
|
M2 |
| 25 A red flag is......... |
A. Indicator of fraud |
B. Indicator of situation of fraud |
C. A or B Both |
D. Neither A nor B |
B |
|
M2 |
|
|
M2 |
| 26 Direct Observation is to determine......... |
A. effect of red flag on organisation |
B. Cost of identified loss |
C. Potential loss |
D. Historical Loss |
A |
|
M2 |
|
|
M2 |
| 27 Costly types of fraud include |
A. Financial Statement Fraud |
B. Check Forgery |
C. Credit Card Fraud |
D. All of the above |
D |
|
M2 |
|
|
M2 |
| 28 Hashing, filtering and file header analysis make up which function of digital forensics tools? |
A. Validation and Verification |
B. Acquisition |
C. Extraction |
D. Reconstruction |
A |
|
M2 |
|
|
M2 |
| 29 What are the function of Extraction: |
A. GUI Acquisition |
B. Command line acquisition |
C. Carving |
D. Hashing |
C |
|
M2 |
|
|
M2 |
| 30 Disc imaging is used to: |
A. bit stream duplicate |
B. no alterations to original media |
C. verify integrity |
D. All of above |
B |
|
M2 |
|
|
M2 |
| 31 While interviewing/interrogating a suspect, an investigator should do the following: I. Listen only to what the suspect says and ignoring his behavioral attributes II. Don’t believe at all to what he says and concentrate only to his behavioral attributes III. Rely on the opinion of what others are talking about him (his supervisor, his colleagues and his juniors) and on his past history of manipulation. IV. Collect Documentary Evidence and corroborate it with explanation obtained while interviewing/interrogating considering their behavior attributes on non-judgmental basis |
A. Both (I) and (III) above |
B. Only (I) above |
C. Both (II) and (III) above |
D. Only (IV) above |
D |
|
M2 |
|
|
M2 |
| 32 In order for an act to be legally considered fraud it must be all of the following except: |
A. A material fact |
B. An injury or loss suffered by the victim |
C. A false statement |
D. No intend to deceive |
D |
|
M2 |
|
|
M2 |
| 33 The World‟s first computer-specific statute was enacted in 1970, by the German state, in the form of a ___________________ . |
A. Data Protection Act. |
B. Cyber Law |
C. Copy right |
D. Patent right. |
A |
|
M2 |
|
|
M2 |
| 34 Which of the following should be covered in employee anti-fraud training? |
A. The exact procedures management uses to detect fraud |
B. A detailed explanation of the company’s anti-fraud control |
C. Examples of past transgressions and how they are handled |
D. All of the above |
C |
|
M2 |
|
|
M2 |
| 35 Jackson is a receiving clerk at a warehouse. His job is to count the number of units in incoming shipments, record the figures in receiving reports, and forward copies of the reports to the accounts payable department. One day, Jackson received a box of 20 laptop computers at the warehouse. His wife's computer just broke, so he stole one of the computers from the box. To conceal his scheme, Jackson sent a receiving report to accounts payable that 20 computers arrived, but he only recorded 19 on the copy of the receiving report used for the inventory records. What type of scheme did Jackson commit? |
A. An asset transfer scheme |
B. A purchasing and receiving scheme |
C. A non-cash larceny scheme |
D. None of the above |
B |
|
M2 |
|
|
M2 |
| 36 Which of the following schemes refers to the falsification of personnel or payroll records, causing paychecks to be generated to someone who does not actually work for the victim company? |
A. Falsified salary scheme |
B. Record alteration scheme |
C. Ghost employee scheme |
D. Inflated commission scheme |
C |
|
M2 |
|
|
M2 |
| 37 . On recent Windows installations, the standard location for storing critical system files is ________. |
A. C:/Program Files/ |
B. C:/System/ |
C. C:/Important/ |
D. C:/Windows/ |
D |
|
M2 |
|
|
M2 |
| 38 8. The intersection of a hard disk's sector and track is called a ________. |
A. block |
B. cluster |
C. byte |
D. bit |
B |
|
M2 |
|
|
M2 |
| 39 9. File system drivers impose limitations and boundaries, such as ________. |
A. file usage |
B. minimum file size |
C. file name length |
D. swap usability |
A |
|
M2 |
|
|
M2 |
| 40 . What is a “Hacktivist”? |
A) Politically motivated hacker |
B) Denial of service attacker |
C) A proponent of Napster |
D) A person engaging in an intentional act involving a computer in which the person may have gained at the victim’s expense |
B |
|
M2 |
|
|
M2 |
| 41 . Which of the following individuals developed one of the first systems to define computer crimes in 1976? |
A) David Carter |
B) Donn Parker |
C) Jay Nelson |
D) Robert Taylor |
B |
|
M2 |
|
|
M2 |
| 42 Which of the following is an example of a computer manipulation crime? |
A) An intruder removes valuable information from a computer system. |
B) Hacking |
C) A person alters payroll records to attain a higher rate of pay. |
D) Medical records are altered. |
C |
|
M2 |
|
|
M2 |
| 43 Employee life style changes (expensive car, jewelry) will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
A |
|
M2 |
|
|
M2 |
| 44 Employee’s significant personal debt & credit problems will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
B |
|
M2 |
|
|
M2 |
| 45 The reconstruction function is needed for which of the following purposes? |
A. Re create a suspect drive to show what happened |
B. Create a copy of a drive for other investigators |
C. Recover file headers |
D. Re create a drive compromised by malware |
A |
|
M2 |
|
|
M2 |
| 46 ___ is the set of instructions compiled into a program that performs a particular task. |
A. Software |
B. Hardware |
C. OS |
D. None of the above |
A |
|
M2 |
|
|
M2 |
| 47 Which of the following is Indicator of truth while conducting a forensic Interview |
A. Week Denials |
B. Direct Brief Answers |
C. Verbal attacks directed at Interviewer |
D. Answering with a different question |
B |
|
M2 |
|
|
M2 |
| 48 What is Voice Biometric |
A. Technology for Voice recognition while Conducting interviews telephonically |
B. Voice Recognition for Service Access |
C. Technology to authenticate a person’s voice |
D. All of the Above |
D |
|
M2 |
|
|
M2 |
| 49 Which of the following pressures are classified as Management Characteristics that can lead to financial statement fraud? |
A. High management and/or employee turnover |
B. Declining industry |
C. New regulatory requirements that impair financial stability or profitability |
D. Intense pressure to meet or exceed earnings expectations |
A |
|
M2 |
|
|
M2 |
| 50 Which of the following is issued online for use over the Internet and is stored in an electronic device such as a chip card or computer memory? |
A. Hard Cash |
B. Business Card |
C. E-Cash |
D. E- Card |
C |
|
M2 |
|
|
M2 |
| 51 With a view to facilitate ___________________, it is proposed to provide for the use and acceptance of electronic records and digital signatures in the Govt. Offices and its agencies. |
A. Electronic Governance |
B. Paper Governance. |
C. Oral Testimony. |
D. Mechanical Governance. |
A |
|
M2 |
|
|
M2 |
| 52 Data, record or data generated image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche as per the [Sec., 2(t) of I.T. Act, 2000] means ______________________ |
A. Electronic Document. |
B. Electronic Record |
C. Hard Record |
D. Hard Document. |
B |
|
M2 |
|
|
M2 |
| 53 Of the following, who should conduct physical observations of a company's inventory in order to most effectively prevent inventory theft? |
A. Warehouse personal |
B. Purchasing agents |
C. Purchasing supervisor |
D. A sales representative |
D |
|
M2 |
|
|
M2 |
| 54 Which of the following fraudulent entries is most likely to be made to conceal the theft of an asset? |
A. debit expenses and credit the asset |
B. debit the asset, credit another asset account |
C. debit revenue , credit the asset |
D. debit another asset account and credit the asset |
A |
|
M2 |
|
|
M2 |
| 55 Corporate officers who knowingly violate certification requirements under criminal certifications (section 906) are subject to – |
A. fine of up to $1 million or up to 10 years imprisonment |
B. fine of up to $ 1 million and up to 10 years imprisonment, or both |
C. fine of up to $ 5 million or up to 20 years of imprisonment |
D. fine of up to $ 5 million and up to 20 years of imprisonment, or both. |
B |
|
M2 |
|
|
M2 |
| 56 Using metadata, forensics investigators can ________. (Select the three that apply) |
A. search for files that were created at a specific time |
B. filter files that do not contain evidence |
C. filter files by size |
D. search for file names that match patterns |
D |
|
M2 |
|
|
M2 |
| 57 On Linux and UNIX, the /home directory structure is the standard location for storing ________. |
A. user installed applications |
B. data specific to users |
C. critical system files |
D. temporarily deleted data |
B |
|
M2 |
|
|
M2 |
| 58 Which one of the following is a benefit of a RAID configuration of disks? |
A. Capacity |
B. Performance |
C. Redundancy |
D. All of the above |
D |
|
M2 |
|
|
M2 |
| 59 . An intruder removes valuable information from a computer system. What term describes this crime? |
A. Computer vandalism |
B. Hacking |
C. A person alters payroll records to attain a higher rate of pay. |
D. Data alteration |
B |
|
M2 |
|
|
M2 |
| 60 11. Which of the following is a computer crime that deprives the legitimate owner of a tangible asset? |
A. Hacking |
B. Money laundering |
C. Manipulating the price of a stock |
D. Salami slice |
D |
|
M2 |
|
|
M2 |
| 61 12. Which of the following is not a similarity between real-world stalking and cyber stalking? |
A) Most victims are women. |
B) Most stalkers are men. |
C) The stalker and victim are near to each other. |
D) Stalkers are generally motivated by the desire to control the victim. |
C |
|
M2 |
|
|
M2 |
| 62 High Employee turnover especially in areas vulnerable to fraud will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. Can’t Say |
C |
|
M2 |
|
|
M2 |
| 63 The type of forensics that involves examining malicious software |
A) Software forensics |
B) Hardware forensics |
C) Network forensics |
D) Digital forensics |
A |
|
M2 |
|
|
M2 |
| 64 Many password recovery tools have a feature for generating potential password lists for a(n) ____ attack. |
A. Password Dictionary |
B. Brute Force Attack |
C. Key Logger Attack |
|
B |
|
M2 |
|
|
M2 |
| 65 Voice Analysis can detect? |
A. Temperament of a person during the interview |
B. Whether person is lying |
C. Whether he is telling the facts |
D. All of the above |
D |
|
M2 |
|
|
M2 |
| 66 During the interview, what should be safety concerns must include |
A. Awareness |
B. Interview Location |
C. Physical Red Flags |
D. All of the above |
D |
|
M2 |
|
|
M2 |
| 67 The Sarbanes-Oxley Act is also called what? |
A. Corporate Fraud Protection Act of 2002 |
B. Public Corporation Accounting Oversight Act |
C. Public Company Accounting Reform and Investor Protection Act of 2002 |
D. Principles of Federal Prosecution of Business Organizations |
C |
|
M2 |
|
|
M2 |
| 68 The requirement to reimburse a company for any bonuses or other compensation received during the 12-month period following the restatement of financials as a result of misconduct is called: |
A. Disgorgement |
B. Executive penalty |
C. Insider trading |
D. Corporate accountability |
A |
|
M2 |
|
|
M2 |
| 69 The _________________ provides for authentication of a document by means of digital signatures under Article 7. |
A. E-Commerce |
B. Model Law |
C. E-Law |
D. Dynamic Law. |
B |
|
M2 |
|
|
M2 |
| 70 According the IT act 2000, _______________ means a person who is intended by the originator to receive the electronic record but does not include any intermediary. |
A. “Address” |
B. “Affixing Digital Signature” |
C. “Computer Resource” |
D. "Data" |
A |
|
M2 |
|
|
M2 |
| 71 Section 301 of the SOX requires that the auditor should report directly to ______. |
A. Management |
B. Government |
C. Audit committee |
D. Stakeholders/ Owners/Investors |
C |
|
M2 |
|
|
M2 |
| 72 Data is organized as files mostly because ________. (Choose the best answer) |
A. computers cannot store very large files |
B. it is easier for the computer to store many smaller chunks of data than it is to store one large chunk of data |
C. it is easier for people to store many smaller chunks of data than it is to store one large chunk of data |
D. people need to store their data with labels to make retrieval easier |
A |
|
M2 |
|
|
M2 |
| 73 13. Which of the following crimes may be facilitated by the use of a computer? |
A. Loan-sharking |
B. Drug rings |
C. Prostitution rings |
D. All of the above |
D |
|
M2 |
|
|
M2 |
| 74 Which of the following is the Security feature provided by bank to its accountholders so that only authorized electronic transaction are allowed. |
A. ACH |
B. AHC |
C. CAH |
D. CHA |
A |
|
M2 |
|
|
M2 |
| 75 new process is always "called" or "created" as a result of ________. |
A. the process manager reading programs from disk media |
B. one process requesting a program to be loaded and executed |
C. system processes starting new services |
D. the memory manager reading the program file to start execution |
C |
|
M2 |
|
|
M2 |
| 76 Which two of the following answers do NOT describe the responsibility of the memory manager? |
A. Selecting which process to run |
B. Allocating memory to processes |
C. Swapping memory from RAM to Disk |
D. Formatting newly allocated memory |
D |
|
M2 |
|
|
M2 |
| 77 A computer's boot process begins when what event occurs? |
A. The computer BIOS turns on the processor. |
B. The operating system loads. |
C. The Master Boot Record is read. |
D. The computer is powered on. |
D |
|
M2 |
|
|
M2 |
| 78 Which of the following crimes is done using a computer as the instrument? |
A) Computer manipulation |
B) Money laundering |
C) Data alteration |
D) Theft of services |
D |
|
M2 |
|
|
M2 |
| I. NIST is |
A. national institute of standard technology |
B. national institute of service technology |
C. national institute of security training |
D. None of these |
A |
|
M3 |
|
|
M3 |
| II. “Suspicious” refers to which of the following: |
A. Inconsistent signatures on file. |
B. Driver’s license photo doesn’t match person. |
C. Inability to recall mother’s maiden name. |
D. Any and all of the above. |
D |
|
M3 |
|
|
M3 |
| III. Red Flag procedures must be implemented by individual departments. That means: |
A. The procedures just have to be written and accessible to everyone. |
B. The procedures have to be written and everyone needs to be trained to use them. |
C. The procedure & policy will be drafted |
D. A & B Both |
B |
|
M3 |
|
|
M3 |
| IV. Financial statement fraud is often attributed to pressures, such as all of the following except: |
A. Investment losses |
B. Meeting analysts’ expectations |
C. Deadlines, and cutoffs |
D. Qualifying for bonuses |
A |
|
M3 |
|
|
M3 |
| V. Which of the following is/are red flags for embezzlement: |
A. Carrying usually large sum of money |
B. Continuous rollover of loans |
C. Significant downsizing in a healthy market |
D. Photocopied or missing documents |
A |
|
M3 |
|
|
M3 |
| VI. Which of the following is not a required part of an Identity Theft Prevention Program? |
A. Reasonable policies and procedures to identify potential “red flags” |
B. A dedicated phone line for customers to call in identity theft reports. |
C. Specific procedures to detect the “red flags” identified as potential threats. |
D. A plan for regularly re-evaluating the program. |
B |
|
M3 |
|
|
M3 |
| VII. The Red Flag Rules apply to anyone who deals with- |
A. Financing and credit |
B. Retail merchants |
C. University healthcare practices |
D. All of above |
D |
|
M3 |
|
|
M3 |
| VIII. Under the Red Flag Rules, all “covered accounts” must be marked |
A. Small red flag symbol |
B. Riskier red flag symbol |
C. Red flags indicating high impact on financial statement |
D. None of the above |
A |
|
M3 |
|
|
M3 |
| IX. Personal Identification Information (PII) includes: |
A. Any name or number. |
B. Any name or number, used alone or in conjunction with any other information. |
C. Any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual. |
D. None of the above. |
C |
|
M3 |
|
|
M3 |
| X. There are many threats to accounting information systems. Which of the following is an example of an Intentional Act |
A. War and attack by terrorists |
B. Hardware or software failure |
C. Computer fraud |
D. Logic errors |
C |
|
M3 |
|
|
M3 |
| XI. The _________________ provides for authentication of a document by means of digital signatures under Article 7. |
A. E-Commerce |
B. Model Law |
C. E-Law |
D. Dynamic Law. |
B |
|
M3 |
|
|
M3 |
| XII. A virus can infect a system by: |
A. Booting up a computer with an infected disk |
B. Running an infected program |
C. Opening a file on a disk that is infected |
D. All of the above |
D |
|
M3 |
|
|
M3 |
| XIII. In the United States, approximately what percentage of software in use is pirated? |
A. 90% |
B. 75% |
C. 26% |
D. 10% |
C |
|
M3 |
|
|
M3 |
| XIV. Is the science of ________________ is the science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer media. |
A. Anonymous remailing |
B. Digital forensic analysis |
C. Using a firewall |
D. None of the above |
B |
|
M3 |
|
|
M3 |
| XV. Which of the following describes a firewall? |
A. A copy of data |
B. Data that cannot be lost |
C. Digital forensic analysis |
D. Device or software that acts as a checkpoint between a network or stand-alone computer and the Internet |
D |
|
M3 |
|
|
M3 |
| XVI. Which of the following techniques do not help prevent computer crime? |
A. Backups |
B. Digital forensic analysis |
C. Firewalls |
D. Encryption |
B |
|
M3 |
|
|
M3 |
| XVII. The type of forensics that involves analyzing information stored in a storage media such as a hard drive |
A. Disc Forensics |
B. Network Forensics |
C. Live forensics |
D. Internet forensics |
A |
|
M3 |
|
|
M3 |
| XVIII. There are three c's in computer forensics. Which is one of the three? |
A. Control |
B. Chance |
C. Chains |
D. Core |
A |
|
M3 |
|
|
M3 |
| XIX. The investigator-in-charge is suppose to Identifying and _____________ e-evidence. |
A. Collecting |
B. Classification |
C. Analyzing |
D. None of these |
A |
|
M3 |
|
|
M3 |
| XX. __________ are those cheque tempering schemes in which an employee intercepts a company cheque intended for a third party and converts the cheque by signing the third party’s name on the endorsement line of cheque. |
A. Intercepted cheques |
B. Altered payee schemes |
C. Authorized maker scheme. |
D. Forged endorsement scheme. |
D |
|
M3 |
|
|
M3 |
| XXI. Of the following, who should conduct physical observations of a company's inventory in order to most effectively prevent inventory theft? |
A. Warehouse personal |
B. Purchasing agents |
C. Purchasing supervisor |
D. A sales representative |
D |
|
M3 |
|
|
M3 |
| XXII. The process by which several bidders conspire to split contracts up and ensure each gets a certain amount of work is called |
A. Bid pooling |
B. Fictitious suppliers |
C. Kickback payments |
D. Bidding agreements |
A |
|
M3 |
|
|
M3 |
| XXIII. Bribery schemes generally fall into two broad categories which are- I. Kickbacks II. Overbilling schemes III. Bid rigging schemes IV. Extortions |
A. I and II |
B. I and III |
C. II and IV |
D. II and III |
B |
|
M3 |
|
|
M3 |
| XXIV. Which of the following is Indicator of truth while conducting a forensic Interview |
A. Week Denials |
B. Direct Brief Answers |
C. Verbal attacks directed at Interviewer |
D. Answering with a different question |
B |
|
M3 |
|
|
M3 |
| XXV. Confrontational Interviews and recording of any interviews should be done |
A. With the advice of legal counsel only if there is need to prosecute the fraudster later. |
B. With the advice of legal counsel to get proper legal guidance to protect the interviewer, the Company, Directors/Management and prosecute the fraudster later if needed. |
C. Without the advice of legal counsel since the confidentiality of strategy is compromised. |
D. Without the advice of legal counsel since they have no role to play till the fraud is established. |
B |
|
M3 |
|
|
M3 |
| XXVI. The possible profiles of a fraud perpetrator are |
A. Very friendly, but self centered and egoistic |
B. Unfriendly and an introvert |
C. Surly and angry but good in work |
D. Very slow in work that he/she is used to doing for years together |
B |
|
M3 |
|
|
M3 |
| XXVII. Which one of the following would be considered an informal written communication? |
A. An electronic document such as a spreadsheet that is attached to an email update to an attorney |
B. An email that updates a peer investigator on the status of a particular case |
C. A disk image that is sent to a peer investigator for review |
D. An email that notifies an attorney that all evidence has been reviewed and analysed |
B |
|
M3 |
|
|
M3 |
| XXVIII. Forensic reports are written to answer questions about which one of the following topics? (Select the BEST answer) |
A. Forensic investigations involving computer crime |
B. All forensic investigations |
C. Intrusion/Incident response and vulnerability assessment |
D. All incidents involving investigations, vulnerability assessment, and intrusion response |
D |
|
M3 |
|
|
M3 |
| XXIX. What is the basic purpose of any digital forensic report? (Select the BEST response) |
A. Report who did what and when. |
B. Report the conclusion of the investigation. |
C. Report what was done and what was found. |
D. List or itemize the evidence. |
B |
|
M3 |
|
|
M3 |
| XXX. The process of providing answers to the legal system is called ________. |
A. Investigation |
B. Evidence reporting |
C. Question answering |
D. Deposition |
B |
|
M3 |
|
|
M3 |
| XXXI. Which one of the following question answers would NOT be found in the executive summary portion of the forensic report? |
A. Why the investigation was initiated |
B. What forensic challenges were faced and overcome in the investigation |
C. Who authorized the investigation |
D. What significant results were found |
B |
|
M3 |
|
|
M3 |
| XXXII. Which one of the following would NOT be included in the "full documentation" of evidence collected? |
A. Who collected the evidence |
B. What evidence was collected |
C. The version of software that produced the evidence |
D. The procedure followed to collect the evidence |
B |
|
M3 |
|
|
M3 |
| XXXIII. Which one of the following definitions best describes informal reports for digital forensic investigations? |
A. All written or electronic reports that document results from a digital forensic investigation |
B. Reports on investigations that are not made directly to a judge or jury |
C. All oral reports that are presented to court in addition to all written or electronic documents resulting from an investigation. |
D. Reports on digital investigations made in casual attire to a board of directors or one's employers |
B |
|
M3 |
|
|
M3 |
| XXXIV. Why would a digital forensic expert be expected to write "absolutely nothing unless it is a fact supported by evidence"? |
A. It may confuse the forensic reporter who produces the final written report years after the investigation concludes. |
B. It is a principle of computer forensics to think through all statements before committing them to paper or electronic document. |
C. The evidence may later be excluded from the investigation. |
D. It may be disclosed in discovery and inadvertently cast a shadow of doubt on the case. |
D |
|
M3 |
|
|
M3 |
| XXXV. Which one of the following is an example of formal oral reporting for a crime involving digital computers? |
A. Swearing-In |
B. Record |
C. Deposition |
D. Testimony |
D |
|
M3 |
|
|
M3 |
| XXXVI. Which officer in a company is most likely to be the perpetrator of financial statement fraud? |
A. Chief financial officer (CFO). |
B. Chief operating officer (COO). |
C. Chief executive officer (CEO). |
D. Controller. |
C |
|
M3 |
|
|
M3 |
| XXXVII. When looking for financial statement fraud, auditors should look for indicators of fraud by: |
A. Evaluating changes in financial statements. |
B. Examining relationships the company has with other parties. |
C. Examining operating characteristics of the company. |
D. All of the above. |
D |
|
M3 |
|
|
M3 |
| XXXVIII. The three aspects of management that a fraud examiner needs to be aware of include all of the following except: |
A. Their backgrounds. |
B. Their religious convictions. |
C. Their influence in making decisions for the organization. |
D. Their motivations. |
B |
|
M3 |
|
|
M3 |
| XXXIX. In the Phar-Mor fraud case, several different methods were used for manipulating the financial statements. These included all of the following except: |
A. Funneling losses into unaudited subsidiaries. |
B. Recognizing revenue that should have been deferred. |
C. Overstating inventory. |
D. Manipulating accounts. |
A |
|
M3 |
|
|
M3 |
| XL. Most financial statement frauds occur in smaller organizations with simple management structures, rather than in large, historically profitable organizations. This is because: |
A. It is easier to implement good internal controls in a small organization. |
B. Management fraud is more difficult to commit when there is a more formal organizational structure of management. |
C. People in large organizations are more honest. |
D. Smaller organizations do not have investors. |
B |
|
M3 |
|
|
M3 |
| XLI. Management fraud is usually committed on behalf of the organization rather than against it. Which of the following would not be a motivation of fraud on behalf of an organization? |
A. CEO needs a new car. |
B. Pressure to meet expected earnings. |
C. Restructure debt covenants that can’t be met. |
D. A highly competitive industry. |
A |
|
M3 |
|
|
M3 |
| XLII. During an audit, an auditor considers the conditions of the auditee and plans the audit accordingly. This is an example of which of the following? |
A. Zero-order reasoning. |
B. First-order reasoning. |
C. Fraudulent reasoning. |
D. High-order reasoning. |
B |
|
M3 |
|
|
M3 |
| XLIII. In the context of strategic reasoning, if an auditor only follows the established audit plan and does not consider other factors relating to the auditee, then this is an example of which of the following? |
A. Zero-order reasoning. |
B. First-order reasoning. |
C. Fraudulent reasoning. |
D. Higher-order reasoning. |
A |
|
M3 |
|
|
M3 |
| XLIV. In recent years, many SEC investigations have taken place on the improper issuance of stock options to corporate executives. These practices increase executive compensation at the expense of shareholders. This practice is known as: |
A. Backdrafting stock options. |
B. Stock option reversals. |
C. Stock option extensions. |
D. Backdating stock options. |
D |
|
M3 |
|
|
M3 |
| XLV. Backdating is: |
A. Deliberately changing stock options for the purpose of securing extra pay for management. |
B. Using insider information to profit from stock trading. |
C. Using "bucket" accounts rather than recording cost of goods sold. |
D. Banks providing favorable loans to companies in return for the opportunity to make money from other transactions and fees. |
A |
|
M3 |
|
|
M3 |
| XLVI. Generally accepted accounting principles (GAAP): |
A. Tend to be more principles-based than standards in other countries. |
B. Enable companies to find specific rules to support their fraudulent transactions. |
C. Tend to be more objectives-based than standards in other countries. |
D. Allow for companies to exploit loopholes in the standards. |
D |
|
M3 |
|
|
M3 |
| XLVII. Committing financial statement fraud is easiest: |
A. In large, historically-profitable organizations. |
B. When decision making is done by one or two individuals. |
C. When three or more people work together to cover up the fraud. |
D. With an active audit committee and board of directors. |
B |
|
M3 |
|
|
M3 |
| 1. Who are the primary victims of financial statement fraud? |
A. Middle management |
B. Organizations that buy goods or services |
C. Analysts |
D. Stockholders |
D |
|
M4 |
|
|
M4 |
| 2. A forensics certification provides _________. |
A. a reason for continuing education |
B. external validation of one's forensics skills |
C. breadth in the computer industry |
D. depth in a particular subject |
B |
|
M4 |
|
|
M4 |
| 3. Payment to vendors who aren’t on an approved vendor list, a - |
A. Management Red flag |
B. Red flag in purchasing |
C. Red flag in payroll |
D. Red flag in account receivable |
B |
|
M4 |
|
|
M4 |
| 4. Sudden activity in a dormant banking account, a- |
A. Management Red flag |
B. Red flag in purchasing |
C. Red flag in payroll |
D. Red flag in cash/ account receivable |
D |
|
M4 |
|
|
M4 |
| 5. How frequently do most people rationalize? |
A. Sometimes |
B. Often |
C. Never |
D. Rarely |
B |
|
M4 |
|
|
M4 |
| 6. Fraudulent financial reporting is most likely to be committed by whom? |
A. Line employees of the company |
B. Outside members of the company’s board of directors |
C. Company management |
D. The company’s auditors |
C |
|
M4 |
|
|
M4 |
| 7. Who Commits Financial Statement Fraud: |
A. Senior Management |
B. Middle and lower level employees |
C. Organized Criminals |
D. All the above |
D |
|
M4 |
|
|
M4 |
| 8. SA 250 related to: |
A. Auditor’s Responsibilities Relating to fraud in an audit of Financial Statements |
B. Consideration of Laws and Regulations in an Audit of Financial Statements |
C. Both A and B |
D. None of the above |
B |
|
M4 |
|
|
M4 |
| 9. Maximum Imprisonment Punishment for fraud for criminal liability as per Section 447 of Companies Act, 2013. |
A. 3 Years |
B. 5 Year |
C. 7 Year |
D. 10 Year |
D |
|
M4 |
|
|
M4 |
| 10. Why Do People Commit Financial Statement Fraud |
A. To conceal true business performance |
B. To preserve personal status/control |
C. To maintain personal income/wealth |
D. All the above |
D |
|
M4 |
|
|
M4 |
| 11. The reconstruction function is needed for which of the following purposes? |
A. Re create a suspect drive to show what happened |
B. Create a copy of a drive for other investigators |
C. Recover file headers |
D. Re create a drive compromised by malware |
A |
|
M4 |
|
|
M4 |
| 12. The following is used as forensic software except ____. |
A. The Coroner’s Toolkit |
B. Outlook |
C. ILook |
D. Forensic Toolkit |
B |
|
M4 |
|
|
M4 |
| 13. When conducting _________ analysis, the first step is to recover undeleted files. |
A. Research |
B. Forensic |
C. Process |
D. Security |
B |
|
M4 |
|
|
M4 |
| 14. Because the federal Red Flag Rules are so comprehensive, Minnesota’s state laws concerning identity theft prevention no longer apply. |
A. True |
B. False |
C. Depends on situation of identity theft |
D. Can’t say |
B |
|
M4 |
|
|
M4 |
| 15. Theft of an employer’s property which was not entrusted to employee will be defined as- |
A. Lapping |
B. Larceny |
C. Check kitting |
D. None of the above |
B |
|
M4 |
|
|
M4 |
| 16. A “habitual criminal” who steals for the sake of stealing is known as- |
A. Psychotic |
B. Egocentric |
C. Ideological |
D. Economic |
A |
|
M4 |
|
|
M4 |
| 17. A Personal prestige, goal achievement is termed as |
A. Psychotic |
B. Egocentric |
C. Ideological |
D. Economic |
B |
|
M4 |
|
|
M4 |
| 18. Which of the following statements is CORRECT: As per Beneish Model: |
A. A score less than -2.22 indicates a strong likelihood of a firm being a manipulator. |
B. A score greater than -2.22 indicates a strong likelihood of a firm being a manipulator. |
C. A score between -2.22 and +2.22 indicates a strong likelihood of a firm being a manipulator. |
D. A score between -2.22 and +7.88 indicates a strong likelihood of a firm being a manipulator. |
B |
|
M4 |
|
|
M4 |
| 19. Ideological means- |
A. Personal prestige, goal achievement. |
B. Cause is morally superior, justified in making other victims |
C. Desperate need for money, greed, economic achievement |
D. None of the above |
B |
|
M4 |
|
|
M4 |
| 20. What is a telephone “phreaker”? |
A. People who obtain free cellular phone service through theft or forgery of subscriber information or through employee collusion. |
B. People who exploit weaknesses in the cellular network’s technology to defraud the cellular service provider. |
C. People who stalk others on the Internet. |
D. People who trick telephone systems into believing that long-distance and airtime are being legitimately purchased. |
C |
|
M4 |
|
|
M4 |
| 21. Which of the following is not a tool utilized by computer criminals? |
A. NMAP |
B. ToneLoc |
C. Cyber-stalker |
D. Cryptanalysis |
C |
|
M4 |
|
|
M4 |
| 22. What is the purpose of cryptanalysis software? |
A. Breaking encryption |
B. Taking advantage of a security hole |
C. Impairing or destroying function in a computer |
D. Delivering attack software |
C |
|
M4 |
|
|
M4 |
| 23. What is the delivery vehicle of choice for exploit software? |
A. NMAP |
B. Cryptanalysis |
C. Tone Loc |
D. Trojan Horse Programs |
D |
|
M4 |
|
|
M4 |
| 24. What is the primary distinction between viruses and worms? |
A. Worms do not rely on a host program to infect. |
B. Worms masquerade as legitimate while causing damage. |
C. Viruses do not rely on a host program to infect. |
D. A computer virus is active without a host. |
A |
|
M4 |
|
|
M4 |
| 25. Which of the following is not a feature of a “cookie”? |
A. It is saved on the user’s hard drive. |
B. It tracks which sites a computer has visited. |
C. It may assist in an investigation. |
D. They are evil programs that scan the hard drive of a computer. |
D |
|
M4 |
|
|
M4 |
| 26. Which of the following describes the demographic profile of a hacker? |
A. White male |
B. 14 to 25 years of age |
C. Highly intelligent, yet an underachiever in school |
D. All of the above |
D |
|
M4 |
|
|
M4 |
| 27. ________________ is the science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer media. |
A. Anonymous remailing |
B. Digital forensic analysis |
C. Using a firewall |
D. None of the above |
A |
|
M4 |
|
|
M4 |
| 28. The term disk geometry refers to ________. |
A. the physical dimensions of the storage media |
B. the number of blocks on the disk |
C. the total size and number of cylinders, heads, and sectors |
D. the number of bits that can be stored on the disk |
C |
|
M4 |
|
|
M4 |
| 29. The stored bits of flash media are located in ________. |
A. rooms |
B. cells |
C. sectors |
D. blocks |
B |
|
M4 |
|
|
M4 |
| 30. Which of the following are challenges to data recovery for "highly available" memory? |
A. The data is distributed across several physical disks. |
B. The data is encrypted. |
C. The "highly available" solution contains unusually large and un-wieldy capacity. |
D. The data cannot be made unavailable for any length of time and therefore proper. |
A |
|
M4 |
|
|
M4 |
| 31. Which of the following statements is true about a computer's boot process? |
A. The boot process begins when the Central Processing Unit is initialized. |
B. The user can accelerate the boot process by pressing "Windows" key (also known as the turbo button). |
C. The first process in Linux is called 'kernel'. |
D. A Power-On Self-Test is performed once firmware is loaded |
D |
|
M4 |
|
|
M4 |
| 32. Which one of the following questions is NOT one to be answered by the investigation plan? |
A. Where is the evidence likely to be located? |
B. What age is the suspect? |
C. What local laws and court processes will affect this investigation? |
D. What skills are needed to extract the evidence? |
B |
|
M4 |
|
|
M4 |
| 33. Vulnerability assessment experts will perform the task of ________. (Select the three that apply) |
A. assessing the prevalence of a known weakness by scanning entire networks |
B. assessing the damage and impact of an exploited vulnerability |
C. scanning hosts for known weaknesses and vulnerabilities |
D. validating the integrity of the host or network equipment |
B |
|
M4 |
|
|
M4 |
| 34. Which three of the following would help investigators set the scope for strategies to extract evidence from acquired images? |
A. The password of the suspect |
B. The type of files that are not sought by a warrant |
C. The question or questions to be answered by the evidence |
D. Items found in pockets of clothing owned by the suspect |
A |
|
M4 |
|
|
M4 |
| 35. A process is best described as a _______. |
A. list of steps to complete a procedure |
B. list of steps which together complete a single task or part of a task for a forensics investigation |
C. list of tasks which together complete a forensics investigation |
D. list of tasks that together complete one step in a procedure |
B |
|
M4 |
|
|
M4 |
| 36. Separation of duties within an investigation describes how _______ and _______ should be accomplished by different staff. |
A. collection of physical evidence / collection of digital evidence |
B. extraction / acquisition |
C. acquisition / validation |
D. All of the above |
D |
|
M4 |
|
|
M4 |
| 37. In order to maintain the _________, both a single-evidence form and a multi-evidence form are used to document and catalog evidence. |
A. proper signatures |
B. evidence validation |
C. image reconstruction |
D. chain of custody |
D |
|
M4 |
|
|
M4 |
| 38. According to the Federal Rules for Evidence (FRE) section 702, the opinion of an expert witness can be based on all of the following EXCEPT ________. |
A. the product of consultations from peers with other expertise |
B. sufficient facts or data |
C. the product of accepted and reliable principles or methods |
D. application of accepted and reliable principles or methods |
A |
|
M4 |
|
|
M4 |
| 39.Which one of the following factors can sabotage the quality of digital evidence reports between the investigation and the presentation of the evidence to a court? |
A. A forensic professional reporting the work of a retired forensic investigator. |
B. The promotion of the detective who had been leading a criminal investigation. |
C. The procedures used to analyze the data may have been invalidated by court. |
D. All of the above |
A |
|
M4 |
|
|
M4 |
| 40. The best evidence rule of a case is the expectation that the evidence of a case ________. |
A. is the prime evidence that prove the theory of an attorney |
B. has been collected with the best and most current software tools available |
C. is the best and most scientific evidence collection procedures for that case |
D. is the best available evidence given the nature of the case |
C |
|
M4 |
|
|
M4 |
| 41. Which three "off-the-job" characteristics below are used to determine the "quality" of an expert witness? |
A. Income level of the expert |
B. The nature of the expert's morals |
C. Compliance with laws expected of average citizens |
D. Compliance with ethic standards for average citizens |
B |
|
M4 |
|
|
M4 |
| 42. Examination can be described as telling a story that ________. |
A. uses digital forensic investigators to support facts of the story with evidence |
B. disproves alternative theories when necessary |
C. presents evidence by asking digital forensic investigators to provide "question answers" |
D. All of the above |
D |
|
M4 |
|
|
M4 |
| 43.Employee embezzlement can be direct or indirect. Indirect fraud occurs when: |
A. an employee uses company assets to run his/her private business |
B. employees establish dummy companies and have their employers pay for goods that are not actually delivered |
C. an employee receives a kickback from a vendor |
D. an employee steals company cash, inventory, tools, or other assets |
C |
|
M4 |
|
|
M4 |
| 44. Which of the following is NOT a way in which fraud can be committed? |
A. By false representation |
B. By failing to disclose information |
C. By abuse of position |
D. By obtaining property by deception |
D |
|
M4 |
|
|
M4 |
| 45. Audits, public record searches, and net worth calculations are used to gather what type of evidence in fraud investigation? |
A. Testimonial |
B. Forensic |
C. Documentary |
D. Observation |
C |
|
M4 |
|
|
M4 |
| 46. Which of the following is NOT a part of the evidence square? |
A. Management evidence |
B. Documentary evidence |
C. Testimonial evidence |
D. Physical evidence |
A |
|
M4 |
|
|
M4 |
| 47. Section 447 of the Companies Act, 2013 defines fraud - Any act/ omission/ concealment of any fact committed by any person or other person (third party) with connivance in any manner with intent to deceive/ gain undue advantage or to injure interest of: |
A. Company |
B. Shareholders |
C. Creditors |
D. All the Above. |
D |
|
M4 |
|
|
M4 |
| 48. Fine/Penalty Punishment for fraud for civil liability as per Section 447 of Companies Act, 2013 |
A. Equal to the amount of fraud |
B. 2 times of amount of fraud |
C. 3 times of amount of fraud |
D. 4 times of amount of fraud |
C |
|
M4 |
|
|
M4 |
| 49.Which of the following is an example of the crime of counterfeit credit card fraud? |
A. An illegally obtained credit card is used to pay for a purchase |
B. An illegally created credit card is used to pay for a purchase |
C. An illegally altered credit card is used to pay for a purchase |
D. A credit card is obtained and used based on false application information |
B |
|
M4 |
|
|
M4 |
| 50.Which of the following recommendations may prevent identity fraud? |
A. Patrol residential areas on trash collection days |
B. Enforce trespass laws at dump sites |
C. Advise citizens to shred documents |
D. All of the above |
D |
|
M4 |
|
|
M4 |
| 51. A computer crime that involves attacking phone lines is: |
A. data diddling |
B. phreaking |
C. phishing |
D. pharming |
B |
|
M4 |
|
|
M4 |
| 52. Hackers use all of the techniques except: |
A. war dialing |
B. war driving |
C. war chalking |
D. war walking |
D |
|
M4 |
|
|
M4 |
| 53. The computer crime of piggybacking |
A. involves the clandestine use of another user's WIFI |
B. usually results from spamming |
C. requires the permission of another user to gain access |
D. None of the above |
A |
|
M4 |
|
|
M4 |
| 54. A network of computers used in a denial-of-service (DoS) attack iscalled a (an): |
A. Worm |
B. Botnet |
C. Rootkit |
D. Splog |
B |
|
M4 |
|
|
M4 |
| 55. Spyware infections came from: |
A. worms/viruses |
B. drive-by downloads |
C. file-sharing programs |
D. All of the above |
D |
|
M4 |
|
|
M4 |
| 56. Which of the following is a method used to embezzle money a smallamount at a time from many different accounts? |
A. Data diddling |
B. Pretexting |
C. Spoofing |
D. Salamitechnique |
D |
|
M4 |
|
|
M4 |
| 57. A computer fraud and abuse technique that steals information, tradesecrets, and intellectual property. |
A. Cyber-extortion |
B. Data diddling |
C. Economic espionage |
D. Skimming |
C |
|
M4 |
|
|
M4 |
| 58. Which of the following is a threat that organizations need to take account of in cyberspace? |
A. Password |
B. Objectionable content filter |
C. Denial of service attack |
D. Firewall |
C |
|
M4 |
|
|
M4 |
| 59. Desperate need for money, greed, economic achievement termed as- |
A. Psychotic |
B. Egocentric |
C. Ideological |
D. Economic |
D |
|
M4 |
|
|
M4 |
| 60. Stealing money from one customer account & crediting into another customer account is known as- |
A. Lapping |
B. Larceny |
C. Check kitting |
D. None of the above |
A |
|
M4 |
|
|
M4 |
| 61. Which among the following will not be an example of Green flag- |
A. Auditee nice behavior with auditor during audit (eg. Offering drinks during lunch) |
B. Auditee is too much friendly with staff and vendors |
C. Regular receipt of material of same qty |
D. Employee with few or no payroll deductions |
D |
|
M4 |
|
|
M4 |
| 62. Factors contributing to red flag includes- |
A. Poor Internal Controls |
B. Management overrides Internal Control |
C. Collusion between employees & third party |
D. All of the above |
D |
|
M4 |
|
|
M4 |
| 63. Management Red Flags is/are- |
A. Management decisions are dominated by an individual or small group |
B. Managers engage in frequent disputes with auditors |
C. Reluctance to provide information to auditors |
D. All of the above |
D |
|
M4 |
|
|
M4 |
| 64. Common Types of Fraud in School Districts would be- |
A. Unreimbursed personal calls |
B. Theft of inventory items. |
C. Inappropriate charges to a travel or account payable voucher |
D. All of the above |
D |
|
M4 |
|
|
M4 |
| 65. Employees with duplicate social security numbers, names and addresses, a- |
A. Management Red flag |
B. Red flag in purchasing |
C. Red flag in payroll |
D. Red flag in cash/ account receivable |
C |
|
M4 |
|
|
M4 |
| 66. Excessive number of year end transaction, a |
A. Management Red flag |
B. Red flag in purchasing |
C. Red flag in payroll |
D. Red flag in cash/ account receivable |
A |
|
M4 |
|
|
M4 |
| 1. The process of dividing large data and rearranging it into logical groups is called |
A. Encryption |
B. Sampling |
C. Stratification |
D. Steganography |
C |
|
DarkGreen |
|
|
DarkGreen |
| 2. The First step in data analytics is |
A. Data classification |
B. Data cleansing |
C. Data Stratification |
D. Data Analysis |
B |
|
DarkGreen |
|
|
DarkGreen |
| 3. The function (in Excel) which is useful in fetching value from another database; and also useful for linking two databases is: |
A. Sum if |
B. V Lookup |
C. H Lookup |
D. Transpose |
B |
|
DarkGreen |
|
|
DarkGreen |
| 4. Which of the following is (are) success factor(s) in auditing huge voluminous data in electronic form? |
A. Balance and effective use of both CAT-Tool and CAT-Technique |
B. Only use of CAT-Tool |
C. Only use of CAT-Technique |
D. None of the above |
A |
|
DarkGreen |
|
|
DarkGreen |
| 5. In detecting fraud, CAATTs are indispensable because of which of the following reasons |
A. Increasing Audit Regulations |
B. Scarce Resources |
C. Data Volume and paperless records |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 6. Which of the following are Database Functions? |
A. IF’ in Combination with ‘AND’ & ‘OR’ |
B. Pivot Table |
C. All of the above |
D. None of the above |
C |
|
DarkGreen |
|
|
DarkGreen |
| 7. Flaws in data provided for audit can be detected through which of the following? |
A. Detecting Missing/Gaps |
B. Finding Duplicates |
C. Both of the above |
D. None of the above |
C |
|
DarkGreen |
|
|
DarkGreen |
| 8. The process of arranging data into homogenous group or classes according to some common characteristics present in the data is called__________ |
A. Classification |
B. Steganography |
C. Encryption |
D. Data recovery |
A |
|
DarkGreen |
|
|
DarkGreen |
| 9. Pivot Table is useful for which of the following? |
A. Expanding and collapsing levels to focus on results, drill-downs to details from the summary |
B. Subtotaling and aggregating numeric data, summarizing data by categories and subcategories, and creating custom calculations and formulae. |
C. Filtering, sorting, grouping and Moving rows to column or vice-versa; see different summaries |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 10. Which of the following are (is) CAAT – Tool(s)? |
A. Generalized audit software such as ACL, Active Data |
B. Common software such as MS Excel, Lotus |
C. All of the above |
D. None of the above |
C |
|
DarkGreen |
|
|
DarkGreen |
| 11. In a fraud investigation assignment, which of the following is (are) matter(s) of concern? |
A. Green flag |
B. Red flags |
C. All of the above |
D. None of the above |
C |
|
DarkGreen |
|
|
DarkGreen |
| 12. Which of the following is NOT correct with regard to Benford’s law? |
A. It is a mathematical tool to help detecting possible fraud |
B. It suggests an expected digit frequency |
C. The records should represent the sizes of factors or events |
D. All the records should be sequentially numbered such as roll numbers of students in a class |
D |
|
DarkGreen |
|
|
DarkGreen |
| 13. Which of the following are EXPECTATIONS from forensic audit? |
A. Identify wrongdoer and monetary Impact |
B. Collect Evidences as admissible in legal proceedings. |
C. Identify the control weakness and advise for corrective actions. |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 14. A Forensic Auditor would focus on which of the following? |
A. Data beyond documents |
B. Reality checking |
C. All of the above |
D. None of the above |
C |
|
DarkGreen |
|
|
DarkGreen |
| 15. Which of the following is/are NOT a useful technique(s) in fraud detection? |
A. Distrust the obvious |
B. Juxta position |
C. 3-D Vision |
D. Encryption |
D |
|
DarkGreen |
|
|
DarkGreen |
| 16. To be successful, the Forensic team as a whole should have knowledge of which of the following domains? |
A. Law |
B. Criminology |
C. Accounting and investigative auditing |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 17. Which of the following is Not a good quality of an effective forensic auditor? |
A. Having specialized knowledge in accounting, audit, law and criminology domains |
B. Possessing Communicative skills, Absolute clear thinking and Open mindedness |
C. Deceit and distrust |
D. Demonstrating tactic and investigative skills |
C |
|
DarkGreen |
|
|
DarkGreen |
| 18. Which of the following methods are employed to solicit information about a person’s honesty? |
A. Interview |
B. Graphology |
C. Voice Stress Test & Polygraphs |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 19. Which of the following is the CENTRAL purpose of the interview? |
A. Threatening the suspect |
B. Forcing the suspect to agree to the pre-defined purpose |
C. Find evidence to suspend the employee on disciplinary grounds |
D. Gathering and assimilating relevant facts |
D |
|
DarkGreen |
|
|
DarkGreen |
| 20. Which of the following is(are) interviewing technique(s)? |
A. Kinesics |
B. Cognitive |
C. Both |
D. None |
C |
|
DarkGreen |
|
|
DarkGreen |
| 21. Which of the following is NOT a characteristic of a successful Interview? |
A. Objective in scope |
B. Aimed at gathering information in fair and impartial manner |
C. Being of sufficient ‘length and depth’ |
D. Ending on a negative note |
D |
|
DarkGreen |
|
|
DarkGreen |
| 22. People in crises demonstrate the following sequence of reactions? |
A. Denial |
B. Rationalisation |
C. Acceptance |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 23. Depending on the type of interviewees, they should be dealt with differently. Which of the following describes the type(s) of interviewees? |
A. Friendly |
B. Neutral |
C. Hostile |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 24. The forensic audit team should include all the below mentioned EXCEPT- |
A. Legal expert |
B. Data Analyst |
C. Accountant |
D. Fraudster |
D |
|
DarkGreen |
|
|
DarkGreen |
| 25. Which of the below mentioned elements of conversation does NOT inhibit and facilitate effective communication? |
A. Showing courtesy and Respect |
B. Threatening Demeanor |
C. Being an Active Listener |
D. Being thorough but remain relevant |
B |
|
DarkGreen |
|
|
DarkGreen |
| 26. Which of the following is NOT an effective Mechanism while for a successful interview? |
A. Taking notes |
B. Maintaining eye contact |
C. Maintaining Privacy |
D. Making overall opinions or impressions of a witness |
D |
|
DarkGreen |
|
|
DarkGreen |
| 27. Which of the following is (are) types of questions that can be used in an interview? |
A. Informational |
B. Assessment |
C. Admission seeking |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 28. Which of the following is NOT a red flag: |
A. Negative Cash flows |
B. Paid dividend per payout ratio |
C. Significant sales to related parties |
D. Sudden increase in profits for specific quarters |
B |
|
DarkGreen |
|
|
DarkGreen |
| 29. The most cost-effective way to minimize the total cost of fraud is |
A. Investigation |
B. Detection |
C. Prevention |
D. Prosecution |
C |
|
DarkGreen |
|
|
DarkGreen |
| 30. The chances of fraud would be HIGH if: |
A. Pressures and opportunities are high and personal integrity is low |
B. Pressures and opportunities are low and personal integrity is high |
C. Both A&B |
D. Neither A Nor B |
A |
|
DarkGreen |
|
|
DarkGreen |
| 31. Which of the following statements is most correct regarding errors and fraud? |
A. Frauds occur more often than errors in financial statements. |
B. Errors are always fraud and frauds are always errors. |
C. An error is unintentional, whereas fraud is intentional. |
D. Auditors have more responsibility for finding fraud than errors. |
C |
|
DarkGreen |
|
|
DarkGreen |
| 32. Which of the following is the single largest source for fraud detection? |
A. Inspections by Regulatory authorities |
B. Statutory Audit |
C. Tips |
D. Internal Audit |
C |
|
DarkGreen |
|
|
DarkGreen |
| 33. SA 250 is related to: |
A. Auditor’s Responsibilities Relating to fraud in an audit of Financial Statements |
B. Consideration of Laws and Regulations in an Audit of Financial Statements |
C. Both A and B |
D. None of the above |
A |
|
DarkGreen |
|
|
DarkGreen |
| 34. Sec. 25 of the IPC defines term fraudulently as Intent to defraud. Which of the following form(s) element(s) of ‘Defraud’? |
A. Deceit or intention to deceive |
B. Actual or possible injury |
C. Both (A) & (B) |
D. Neither A nor B |
A |
|
DarkGreen |
|
|
DarkGreen |
| 35. FATF works to |
A. Conducts trial of those whose involvement is suspected in the anti-money laundering (AML) and counter-terrorist financing (CTF) areas. |
B. Formulates rules and regulations to govern international stock exchanges to improve transparency for better governance of market related activities |
C. Formulates standards and defines procedures for manufacturers of electronic equipment to ensure consumers get the compatible products across the globe and thereby reduce cybercrime |
D. Generate the necessary political will to bring about national legislative and regulatory reforms in the anti-money laundering (AML) and counter-terrorist financing (CTF) areas. |
D |
|
DarkGreen |
|
|
DarkGreen |
| 36. Which of the following significant features of the Prevention of Anti Money Laundering Act (PMLA) is NOT true? |
A. The Act Overrides contrary provisions of other laws |
B. CPC Not to be followed by Adjudicating Authority, Appellate Authority and Special Courts |
C. Offences are non-cognizable and bailable |
D. Onus to prove not guilty lies on the person charged |
C |
|
DarkGreen |
|
|
DarkGreen |
| 37. Which of the following categories of entities are obliged to comply with the requirements under the Prevention of Anti Money Laundering Act (PMLA)? |
A. Banking Companies |
B. Financial Institutions |
C. Intermediaries |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 38. Which of the following \obligations are covered under the Prevention of Anti Money Laundering Act (PMLA)? |
A. Maintenance of Records |
B. Furnishing of information |
C. Verification of identity of the clients. |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 39. Why Do People Commit Financial Statement Fraud? |
A. To show better business performance on paper |
B. To preserve / improve market perception |
C. To show compliance with certain loan covenants |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 40. Which of the following is (are) used as forensic software(s) ? |
A. The Coroner’s Toolkit |
B. ILook |
C. Forensic Toolkit |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 41. Which of the following represent(s) payroll related red flag(s) |
A. Large no. of Write- off of accounts |
B. Overtime time charged during a slack period |
C. Excessive or unjustified transactions |
D. None of the above |
B |
|
DarkGreen |
|
|
DarkGreen |
| 42. Which of the following statements is CORRECT: As per Beneish Model: |
A. A score between -2.22 and +7.88 indicates a strong likelihood of a firm being a manipulator. |
B. A score greater than -2.22 indicates a strong likelihood of a firm being a manipulator. |
C. A score between -2.22 and +2.22 indicates a strong likelihood of a firm being a manipulator. |
D. A score less than -2.22 indicates a strong likelihood of a firm being a manipulator. |
B |
|
DarkGreen |
|
|
DarkGreen |
| 43. Distinction between viruses and worms is.. |
A. Worms do not rely on a host program to infect. |
B. Worms masquerade as legitimate while causing damage. |
C. Viruses do not rely on a host program to infect. |
D. A computer virus is active without a host. |
A |
|
DarkGreen |
|
|
DarkGreen |
| 44. Which of the following statements is true about a computer's boot process? |
A. The boot process begins when the Central Processing Unit is initialized. |
B. The user can accelerate the boot process by pressing "Windows" key (also known as the turbo button). |
C. The first process in Linux is called 'kernel'. |
D. A Power-On Self-Test is performed once firmware is loaded |
D |
|
DarkGreen |
|
|
DarkGreen |
| 45. Assessing the damage and impact of an exploited vulnerability is the task performed by: |
A. Vulnerability assessment experts |
B. System architects |
C. Computer operators |
D. Application development programmers |
A |
|
DarkGreen |
|
|
DarkGreen |
| 46. In order to maintain the _________, both a single-evidence form and a multi-evidence form are used to document and catalog evidence. |
A. Proper signatures |
B. Evidence validation |
C. Image reconstruction |
D. Chain of custody |
D |
|
DarkGreen |
|
|
DarkGreen |
| 47. As per the Report to the Nations 2014, issued by the ACFE, impact of the Fraud (Globally) is estimated as: |
A. 0.5% |
B. 2.5% |
C. 5% |
D. None of the above |
C |
|
DarkGreen |
|
|
DarkGreen |
| 48. Audits, public record searches, and net worth calculations are used to gather what type of evidence in fraud investigation? |
A. Testimonial |
B. Forensic |
C. Documentary |
D. Observation |
C |
|
DarkGreen |
|
|
DarkGreen |
| 49. Which of the following is NOT a part of the evidence square? |
A. Management evidence |
B. Documentary evidence |
C. Testimonial evidence |
D. Physical evidence |
A |
|
DarkGreen |
|
|
DarkGreen |
| 50. Section 447 of the Companies Act, 2013 defines fraud - Any act/ omission/ concealment of any fact committed by any person or other person (third party) with connivance in any manner with intent to deceive/ gain undue advantage or to injure interest of: |
A. Company |
B. Shareholders |
C. Creditors |
D. All of the Above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 51. Which of the following is an example of the crime of counterfeit credit card fraud? |
A. An illegally obtained credit card is used to pay for a purchase |
B. An illegally created credit card is used to pay for a purchase |
C. An illegally altered credit card is used to pay for a purchase |
D. A credit card is obtained and used based on false application information |
B |
|
DarkGreen |
|
|
DarkGreen |
| 52. A computer crime that involves attacking phone lines is: |
A. Data Mining |
B. Phreaking |
C. Data Didling |
D. Spamming |
B |
|
DarkGreen |
|
|
DarkGreen |
| 53. Hackers use all of the techniques except: |
A. war dialing |
B. war driving |
C. war chalking |
D. war walking |
D |
|
DarkGreen |
|
|
DarkGreen |
| 54. Social engineering facilitates what type of computer fraud? |
A. Piggy backing |
B. Identity theft |
C. Spoofing |
D. Shoulder surfing |
B |
|
DarkGreen |
|
|
DarkGreen |
| 55. The computer crime of piggybacking |
A. involves the clandestine use of another user's WIFI |
B. usually results from spamming |
C. requires the permission of another user to gain access |
D. None of the above |
A |
|
DarkGreen |
|
|
DarkGreen |
| 56. A network of computers used in a denial-of-service (DoS) attack is called a (an): |
A. Worm |
B. Botnet |
C. Key logger |
D. Virus |
B |
|
DarkGreen |
|
|
DarkGreen |
| 57. Which of the following is a method used to embezzle money a small amount at a time from many different accounts? |
A. Data diddling |
B. Pretexting |
C. Spoofing |
D. Salami technique |
D |
|
DarkGreen |
|
|
DarkGreen |
| 58. Which of the following is NOT a method that is used for identity theft? |
A. Dumpster diving |
B. Phishing |
C. Shoulder surfing |
D. Spamming |
D |
|
DarkGreen |
|
|
DarkGreen |
| 59. Stealing money from one customer account & crediting into another customer account is known as- |
A. Skimming |
B. Lapping |
C. Larceny |
D. None of the above |
B |
|
DarkGreen |
|
|
DarkGreen |
| 60. Factors contributing to red flag include- |
A. Poor Internal Controls |
B. Management overrides Internal Control |
C. Collusion between employees & third party |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 61. Values that are used for validating that the original data hasn’t changed and proves that two sets of data are identical are called: |
A. Hash totals |
B. Sub-totals |
C. Batch totals |
D. Encrypted values |
A |
|
DarkGreen |
|
|
DarkGreen |
| 62. Fraud Triangle talks about which of the following? |
A. Rationalisation |
B. Pressure |
C. Opportunity |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 63. Section 301 of the SOX requires that the auditor should report directly to ______. |
A. Management |
B. Government |
C. Audit committee |
D. Regulatory inspectors |
B |
|
DarkGreen |
|
|
DarkGreen |
| 64. According to the opportunity part of the fraud triangle, a person may do all of the following acts except: |
A. Convert the theft or misrepresentation for personal gain |
B. Control the fraud |
C. Commit the fraud |
D. Conceal the fraud |
C |
|
DarkGreen |
|
|
DarkGreen |
| 65. A system of checks and balances between management and all other interested parties with the aim of producing an effective, efficient, and law-abiding corporation is known as: |
A. Process efficiency |
B. Performance improvement |
C. Code of conduct |
D. Corporate governance |
D |
|
DarkGreen |
|
|
DarkGreen |
| 66. The Sarbanes-Oxley Act is also known as? |
A. Corporate Fraud Protection Act of 2002 |
B. Public Corporation Accounting Oversight Act |
C. Public Company Accounting Reform and Investor Protection Act of 2002 |
D. Principles of Federal Prosecution of Business Organizations |
A |
|
DarkGreen |
|
|
DarkGreen |
| 67. Which of the following fraudulent entries is most likely to be made to conceal the theft of an asset? |
A. Debit expenses and credit the asset |
B. Debit the asset, credit another asset account |
C. Debit revenue , credit the asset |
D. Debit another asset account and credit the asset |
A |
|
DarkGreen |
|
|
DarkGreen |
| 68. Employee’s behavioral changes (alcohol, gambling) will come under which component of Fraud Triangle? |
A. Opportunity |
B. Pressure |
C. Rationality |
D. None of the above |
B |
|
DarkGreen |
|
|
DarkGreen |
| 69. Personal Identification Information (PII) includes: |
A. Any name or number. |
B. Any name or number, used alone or in conjunction with any other information. |
C. Any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual. |
D. None of the above. |
C |
|
DarkGreen |
|
|
DarkGreen |
| 70. Which of the following need(s) to be performed after the red flags of ID theft is identified? |
A. Set up procedures to detect those red flags in your day-to-day operations. |
B. Train all employees who will use the procedures. |
C. Decide what actions to take when a red flag is detected. |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 71. E-commerce is the commercial transaction of services in a/an ______________ format |
A. Mechanical format. |
B. Electronic format |
C. Paper |
D. None of the above |
B |
|
DarkGreen |
|
|
DarkGreen |
| 72. The World‟s first computer-specific statute was enacted in 1970, by the German state, in the form of a ___________________ . |
A. Data Protection Act. |
B. Cyber Law |
C. Copy right |
D. Patent right. |
A |
|
DarkGreen |
|
|
DarkGreen |
| 73. ____________________ is a generic term which refers to all the legal and regulator aspects of Internet and the World Wide Web |
A. Merchant Law |
B. Cyber Café |
C. Cyber Law |
D. Electronic Law |
C |
|
DarkGreen |
|
|
DarkGreen |
| 74. A virus can infect a system by: |
A. Booting up a computer with an infected disk |
B. Running an infected program |
C. Opening a file on a disk that is infected |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 75. Which of the following are relevant/related to the area of fraud and forensics? |
A. FATF recommendations (OECD) |
B. FCPA (USA) |
C. SoX (USA) |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 76. For a thing to be termed as ‘counterfeit’, there should be some sort of resemblance sufficient to cause deception. Which of the following are the main ingredients of the term ‘counterfeit’ as laid down under Section 28 of IPC |
A. Causing one thing to resemble another thing. |
B. Intending by means of such resemblance to practice deception. |
C. Knowing it to be likely that deception will thereby be practiced |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 77. A case of mischief under Section 425 is essentially governed with a criminal intent to cause wrongful loss or damage to a person, or a criminal intent to commit any offence to intimidate any person in possession of a property. Which of the following are the essential ingredients of the term? |
A. Intention or knowledge of the likelihood to cause wrongful loss or damage to the public or to any person. |
B. Causing the destruction of some property or any change in it or in its situation |
C. Such destruction or change must destroy or diminish its value |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 78. Which of the following construed(s) reason(s) for suspicion for a bank under the Prevention of Anti Money Laundering Act (PMLA)? |
A. Sudden activity in dormant accounts |
B. Identification documents which could not be verified within reasonable time |
C. Both A & B |
D. Neither A nor B |
C |
|
DarkGreen |
|
|
DarkGreen |
| 79. Which of the following construed(s) reason(s) for suspicion for a bank under the Prevention of Anti Money Laundering Act (PMLA)? |
A. Value just under the reporting threshold amount in an apparent attempt to avoid reporting |
B. Frequent purchases of drafts or other negotiable instruments with cash |
C. Both A & B |
D. Neither A nor B |
C |
|
DarkGreen |
|
|
DarkGreen |
| 80. The Foreign Corrupt Practices ACT (FCPA) of the USA permits small facilitation payments to secure performance of non-discretionary foreign government services vide its 1988 amendments. These payments are called__________ |
A. Watergate payments |
B. Handshake payments |
C. Grease payments |
D. Corrupt payments |
C |
|
DarkGreen |
|
|
DarkGreen |
| 81. Which of the following is NOT the term relevant/related to cyber-attacks? |
A. Logic bombs |
B. Trojan horse |
C. Money mules |
D. Denial of Service |
C |
|
DarkGreen |
|
|
DarkGreen |
| 82. Which of the following is (are) risk management strategy(ies)? |
A. Risk mitigation |
B. Risk avoidance |
C. Risk acceptance |
D. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 83. Which of the following is (are) generally used for designing and implementing control framework in an organisation? |
A. COSO |
B. COBIT |
C. Both COSO and COBIT |
D. None of the above |
C |
|
DarkGreen |
|
|
DarkGreen |
| 84. COSO Integrated Framework of Internal Controls has _____ number of components |
A. 5 |
B. 4 |
C. 8 |
D. 6 |
A |
|
DarkGreen |
|
|
DarkGreen |
| 85. To curb/minimise the bribery in international transactions, primary focus to control / monitor is recommended to be on______ |
A. Supply side |
B. Demand side |
C. Both A & B |
D. Neither A nor B |
A |
|
DarkGreen |
|
|
DarkGreen |
| 86. Which of the following is Not a term that represents phases in the Money laundering? |
A. Integration |
B. Demonitisation |
C. Layering |
D. Placement |
B |
|
DarkGreen |
|
|
DarkGreen |
| 87. A fraud perpetrated by tricking a person into disclosing confidential information, such as a password, is called |
A. A Trojan horse |
B. Hacking |
C. Social engineering |
D. Scavenging |
C |
|
DarkGreen |
|
|
DarkGreen |
| 88. The type of forensics that involves analyzing information stored in a storage media such as a hard drive |
A. Disc Forensics |
B. Network Forensics |
C. Live forensics |
D. Internet forensics |
A |
|
DarkGreen |
|
|
DarkGreen |
| 89. Which of the following schemes refers to the falsification of personnel or payroll records, causing paychecks to be generated to someone who does not actually work for the victim company? |
A. Falsified salary scheme |
B. Record alteration scheme |
C. Ghost employee scheme |
D. Inflated commission scheme |
C |
|
DarkGreen |
|
|
DarkGreen |
| 90. Which of the following is the indicator of deception while conducting Forensic Interview |
A. Quick, spontaneous answers |
B. Consistent strong denial |
C. Direct, brief answers |
D. Hesitant |
D |
|
DarkGreen |
|
|
DarkGreen |
| 91. Forensic Interviewing Techniques does not include which of the following? |
A. Investigation |
B. Polygraph test |
C. Physical Behaviour Analysis |
D. Disk Imaging |
D |
|
DarkGreen |
|
|
DarkGreen |
| 92. Which of the following are performed by auditors When looking for financial statement fraud? |
A. Horizontal and vertical analysis |
B. Industry benchmarking |
C. Operating characteristics of the company. |
D. All of the above. |
D |
|
DarkGreen |
|
|
DarkGreen |
| 93. Which of the following is (are) forensic audit test(s) that help (s) detecting fraud? |
A. Luhn’s Algorithm |
B. Benford’s Law |
C. RSF |
D. All of the above. |
D |
|
DarkGreen |
|
|
DarkGreen |
| 94. The term used to describe the legal issues related to use of communication technology, particularly the Internet is called ________. |
A. Cyberspace |
B. Cyberlaw |
C. Cyberwar |
D. Cyberattack |
B |
|
DarkGreen |
|
|
DarkGreen |
| 95. FATF’s Recommendations are recognized as the global anti-money laundering (AML) and counter-terrorist financing (CFT) standard. These recommendations are ________ in total number. |
A. 29 |
B. 49 |
C. 59 |
D. 39 |
B |
|
DarkGreen |
|
|
DarkGreen |
| 96. FAFT is a (an) _____________ |
A. International court |
B. Regulatory body governing its international stock exchange members |
C. Policy-making body |
D. A wing of Interpol issuing red alerts across the globe |
C |
|
DarkGreen |
|
|
DarkGreen |
| 97. Which of the following is NOT true as per the Indian Evidence Act? |
A. The law of evidence is the same in civil and criminal proceedings |
B. Evidence must be confined to the matter in issue; |
C. Hearsay evidence must be admitted |
D. Best evidence must be given in all cases. |
C |
|
DarkGreen |
|
|
DarkGreen |
| 98. Forensic accounting is BROADER than Fraud Examination in the sense it covers variety of Other services such as: a) Transaction tracing b) Data Analysis c) Damage analysis d) Business valuation |
E. (a), (b) & (c) only |
F. (b) & (c) only |
G. (a) & (b) only |
H. All of the above |
D |
|
DarkGreen |
|
|
DarkGreen |
| 99. Section 415 of the IPC defines Cheating. Which of the following form(s) part of the definition of Cheating? |
A. There should be inducement |
B. Inducement must be dishonest or fraudulent |
C. Inducement should be intentional |
D. None of the above |
C |
|
DarkGreen |
|
|
DarkGreen |
| 100. The main difference between cheating and forgery is that |
A. In cheating the deception is in writing, whereas in forgery it is orals |
B. Deception can be described as merely the means to achieve an end; the end being Forgery |
C. In cheating the deception is oral, whereas in forgery it is in writing |
D. None of the above |
C |
|
DarkGreen |
|
|
DarkGreen |
| 1) Forensic Accounting is defined as: |
The practice of applying defined financial ratios to investigate a company’s financial health. |
The use of law enforcement to subpoena financial records to determine unlawful actions. |
The application of investigative and analytical skills for the purpose of resolving financial issues in a manner that meets standards required by courts of law. |
The investigatory arm of the Securities and Exchange Commission. |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 2) If your actions are the result of misleading, intentional actions or inaction (including misleading statements and the omission of relevant information to gain an advantage, then you have committed: |
Perjury. |
Contempt. |
Treason. |
Fraud. |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 3) When the auditor tests the documents by keeping them side by side then it is known as |
Test of impossibility |
Test of absurdity |
Juxtaposition test |
None of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 4) As per the study of ACFE, following category of individuals commit highest frauds (in monetary terms) |
Low level management |
Mid level management |
Senior level management |
All of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 5) ___________ are the elements of fraud |
The individual must know that the statement is untrue |
There is an intent to deceive the victim |
The victim relied on the statement & The victim is injured financially or otherwise |
All of the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 6) A type of fraud where forged emails, forged websites are used to defraud the user are known as |
E frauds |
Forgery |
Phishing |
None of the above. |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 7) _________ happens when the fraudster avails multiple loans for the same property simultaneously for a total amount in excess of the actual value of the property. |
Phishing |
Window dressing |
Shot gunning |
Skimming |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 8) Pressure, opportunity & _________ are the aspects of a fraud triangle. |
Rationalization |
Creation |
Commitment |
None of the above |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 9) A _________ is termed as an indication of a danger or a warning signal |
Red flag |
Green flag |
Amber flag |
White flag |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 10) A ________ is a flag which denotes a “too good to be true scenario”. |
Red flag |
Green flag |
Amber flag |
White flag |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 11) Significant increase in working capital borrowing as a percentage of turnover is a |
Red flag |
Green flag |
Amber flag |
White flag |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 12) A case where an employee doesn't take travel advance but always pays from his pocket is a |
Red flag |
Green flag |
Amber flag |
White flag |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 13) Analysing non verbal cues is important for a forensic auditor while |
Interviewing a suspect |
Interrogating a suspect |
a & b both |
None of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 14) A model categorizing known frauds which lists about 49 different individual fraud schemes grouped by categories and sub categories is known as |
Fraud triangle |
Fraud square |
Fraud model |
Fraud tree |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 15) When the fraudster is able to give a personal justification of dishonest actions, it is known as |
Pressure |
opportunity |
rationalization |
All of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 16) Various frauds in banking sector are: |
Appraisal fraud |
Mortgage fraud |
Shot gunning |
All of the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 17) Fraudsters may alter cheques to change the name or the amount on the face of cheques. This is called |
Phishing |
Forgery |
Disbursement fraud |
Skimming |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 18) Ratio analysis is one of the key aspects which a forensic auditor has to look at. |
Correct |
Incorrect |
|
|
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 19) The principle of 3D vision includes |
Time dimension analysis |
Space dimension analysis |
Both a & b |
None of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 20) “Fraud is a deliberate act of omission or commission by any person, carried out in the course of a banking transaction or in the books of accounts maintained manually or under computer system in banks, resulting into wrongful gain to any person for a temporary period or otherwise, with or without any monetary loss to the bank” is a definition given by: |
SEBI |
RBI |
ICAI |
ACFE |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 21) Which of the following is a method used to embezzle money a small amount at a time from many different accounts? |
Data diddling |
Pretexting |
Spoofing |
Salami technique |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 22) Payment to vendors who are not on approval list is a |
Management red flag |
Red flag in purchase |
Red flag in payroll |
Red flag in AR |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 23) Theft of an employer’s property which was not entrusted to employee will be defined as: |
Lapping |
Larceny |
Check Kitting |
None of the above |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 24) Weakness in internal control environment will lead which kind of fraud- |
Employee Red Flag |
Management Red Flag |
General Red Flag |
None of above |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 25) _______________ is the practice of concealing a file, message, image, or video within another file, message, image, or video. |
Imaging |
Encryption |
Steganography |
Data hiding |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 26) The basic principles used in identifying red flags are: |
Distrust the obvious |
3 D vision |
Inverse logic |
All of the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 27) The purpose of the Red Flags Rule is: |
To detect the warning signs – or “red flags” – of identity theft in day-to-day operations |
Take steps to prevent the crime |
Mitigate the damage it inflicts. |
All of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 28) Which among the following are the three payroll fraud schemes |
Ghost employees |
Falsifying wages |
Falsifying commission |
All of the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 29) Stealing money from one customer’s account and crediting it into another customer’s account is known as: |
Larceny |
Skimming |
Lapping |
None of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 30) Which of the following scheme referes to the falsification of personnel or payroll records, causing paychecks to be generated to someone who does not actually work for the victim company? |
Falsified Salary scheme |
Record alteration scheme |
Ghost employee scheme |
Inflated commission scheme |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 31) The main difference between forgery and cheating is that |
In cheating, the deception is in writing whereas in forgery it is oral |
Deception can be described as merely the means whereas, the end being forgery |
In cheating the deception is oral while in forgery it is in writing |
None of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 32) Why Do People Commit Financial Statement Fraud |
To conceal true business performance |
To preserve personal status/control |
To maintain personal income/wealth |
All the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 33) The interrelationship among auditing, fraud examination, and financial forensics is: |
Established and maintained by legal structures and justice processes |
Constant even while social and cultural pressures are exerted on it |
Cased on the SOX Act and SAS 99 |
Dynamic and changes over time |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 34) Financial statement fraud is easiest to commit in organizations that: |
have democratic leadership. |
have a large internal audit department. |
have a board of directors comprised primarily of outsiders. |
have complex organizational structures. |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 35) The process by which several bidders conspire to split contracts up and ensure each gets a certain amount of work is called |
Bid pooling |
Fictitious suppliers |
Kickback payments |
Bidding agreements |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 36) Which of the following types of organizations typically use Forensic Accountants? |
Publicly held corporations. |
Private/non-profit corporations. |
Federal/State Agencies. |
All of the above. |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 37) Red Flag procedures must be implemented by individual departments. That means: |
The procedures just have to be written and accessible to everyone. |
The procedures have to be written and everyone needs to be trained to use them. |
The procedure & policy will be drafted |
A & B Both |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 38) _________ can be described as the use of that stolen identity in criminal activity to obtain goods or services by deception |
Identity fraud |
Deception |
Theft |
None of the above |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 39) White collar crimes are the ones which damage the organisation: |
Many times |
Many times & in huge amounts |
Less times |
Less times but in huge amounts |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 40) The Fraud Exposure Rectangle includes: |
Rationalization |
Perceived pressure |
Relationships with others |
All of the choices are included in the Fraud Exposure Rectangle |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 41) Motivation for Financial Statements Fraud can be: |
Increasing stock prices |
Maximising management bonus |
Pressure on management to perform |
All of the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 42) Management & directors, relationship with others, organization & industry, financial results & operating characteristics are components of: |
Fraud Tree |
Fraud Exposure Rectangle |
Fraud Triangle |
None of the above |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 43) Relationship of the management with auditors, bankers, lawyers, regulatory authorities etc is to be checked while analyzing |
Management & Directors |
Relationship with Others |
Organisation & Industry |
Financial Results & Operating Characteristics |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 44) _________ among the following is an example of red flag. |
Very friendly, but self centered and egoistic |
Unfriendly and an introvert |
Surly and angry but good in work |
Very slow in work that he/she is used to doing for years together |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 45) Introduction, rapport, questioning, summary & close are elements of: |
Interview |
Investigation |
Interrogation |
None of the above |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 46) Voice Analysis can detect? |
Temperament of a person during the interview |
Whether person is lying |
Whether he is telling the facts |
All of the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 47) All of the following are methods that organization can adopt to proactively eliminate fraud opportunities EXCEPT: |
Accurately identifying sources and measuring risks |
Implementing appropriate preventative and detective controls |
Creating widespread monitoring by employees |
Eliminating protections for whistle blowers |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 48) Professional Skepticism refers to |
An alert Mind |
A questioning Ming |
A & B Both |
None of the above |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 49) Weak internal controls in an organization will affect which of the following elements of fraud? |
Motive |
Opportunity |
Rationalization |
None of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 50) If a company wishes to improve detection methods, they should do all of the following except: |
Use forensic accountants |
Conduct frequent audits |
Conduct surprise checks |
All of the above improve detection of fraud |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 51) Fraudulent financial reporting is most likely to be committed by whom? |
Line employees of the company |
Outside members of the company’s board of directors |
Company management |
The company’s auditors |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 52) Confrontational Interviews and recording of any interviews should be done |
With the advice of legal counsel only if there is need to prosecute the fraudster later. |
With the advice of legal counsel to get proper legal guidance to protect the interviewer, the Company, Directors/Management and prosecute the fraudster later if needed. |
Without the advice of legal counsel since the confidentiality of strategy is compromised. |
Without the advice of legal counsel since they have no role to play till the fraud is established. |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 53) ______________ is an equitable remedy designed to deter future violations of the securities laws and to deprive defendants of the proceeds of their wrongful conduct. |
Disgorgement |
Penalty |
Insider information |
Proceedings |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 54) When individually any financial items/ transactions are not much relevant, however if used wisely together to commit a fraud, it is known as: |
Combined fraud |
Gunpowder effect |
Lapping |
None of the above |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 55) The term “razor” used in the Theory of Occam’s razor signifies |
Shaving off illegal data |
Shaving of backdated data |
Shaving off unnecessary data |
None of the above. |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 56) Disaster situation, incomplete information, disorderliness are: |
Red flags at macro level |
Red flags at micro level |
Green flags at macro level |
Green flags at micro level |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 57) Orphan funds, excess knowledge, close nexus with vendors etc are: |
Red flags at macro level |
Red flags at micro level |
Green flags at macro level |
Green flags at micro level |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 58) While conducting an interview, as a general rule, |
One person should be interviewed at a time |
Two persons should be interviewed at a time |
Three persons should be interviewed at a time |
None of the above. |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 59) Types of questions that could be asked in an interview could be |
Open ended |
Closed ended |
Leading |
All of the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 60) A type of question wherein the Interviewer provides an answer within the question is know as: |
Open ended |
Closed ended |
Leading |
All of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 61) A question which requires a narrative response is known as _______ question: |
Open ended |
Closed ended |
Leading |
All of the above |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 62) A question which requires a yes/ no answers is known as _______ question: |
Open ended |
Closed ended |
Leading |
All of the above |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 63) In cases where the interviewee in constantly denying the charges against him, |
Detain him in a room |
Present partial evidences |
Make a direct accusation |
None of the above. |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 64) Things to be avoided during an interview include: |
Threatening |
Detaining the person |
Negotiating |
All of the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 65) Among the following which would be red flags for payroll? |
Overtime charged during a slack period |
Large number of write offs |
Unjustified transactions |
All of the above |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 66) The most cost effective way to minimize the cost of fraud is: |
Prevention |
Detection |
Investigation |
Prosecution |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 67) An act of unintentional mistake is known as |
Fraud |
Deception |
Error |
Forgery |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 68) While conducting a an interview, the interviewer analyses: |
Verbal clues |
Non verbal clues |
Both a & b |
None of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 69) An employee not taking a single holiday during the entire year is |
Red flag at macro level |
Red flag at micro level |
Green flag |
None of the above |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 70) Excessive competition in the market leads to |
Rationalisation |
Opportunity |
Pressure |
None of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 71) Lack of rotation of duties will come under ____________ component of a fraud triangle |
Rationalisation |
Opportunity |
Pressure |
None of the above |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 72) Recording a suspect’s interview will help in |
Gathering evidence in the case |
Taking e notes instead of handwritten notes |
Assist you in case the interviewee changes his/ her statement at a later stage |
All of the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 73) Which of the following entities are/ were involved in frauds |
Enron |
Tyco International |
WorldCom |
All of the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 74) Having excess stock as compared to that recorded in books of accounts is a |
Red flag |
Amber flag |
Green Flag |
None of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 75) Excessive payment to consultants & auditors is an example of |
Red flag |
Amber flag |
Green Flag |
None of the above |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 76) Reporting of identified frauds is covered as per |
SA 240 |
Sec 143(12) of Companies Act 2013 |
CARO, Clause x |
All of the above. |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 77) Section 143(12) deals with reporting frauds committed by |
Officers of the company |
Employees of the company |
Third parties |
Only a & b |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 78) As per the study of ACFE, following category of individuals commit highest frauds (in monetary terms) |
Low level management |
Mid level management |
Senior level management |
All of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 79) ___________ are the elements of fraud |
The individual must know that the statement is untrue |
There is an intent to deceive the victim |
The victim relied on the statement & The victim is injured financially or otherwise |
All of the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 80) The principle of 3D vision includes |
Time dimension analysis |
Space dimension analysis |
Both a & b |
None of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 81) The basic principles used in identifying red flags are: |
Distrust the obvious |
3 D vision |
Inverse logic |
All of the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 82) Why Do People Commit Financial Statement Fraud |
To conceal true business performance |
To preserve personal status/control |
To maintain personal income/wealth |
All the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 83) White collar crimes are the ones which damage the organisation: |
Many times |
Many times & in huge amounts |
Less times |
Less times but in huge amounts |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 84) Areas which are difficult to corroborate is perceived as _____________ by a fraudster |
Pressure |
Opportunity |
Rationalisation |
Threat |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 85) Excessive related party transactions are considered as |
Red flag |
Amber flag |
Green Flag |
None of the above |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 86) Things to be avoided during an interview include: |
Threatening |
Detaining the person |
Negotiating |
All of the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 87) Among the following which would be red flags for payroll? |
Overtime charged during a slack period |
Large number of write offs |
Unjustified transactions |
All of the above |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 88) The most cost effective way to minimize the cost of fraud is: |
Prevention |
Detection |
Investigation |
Prosecution |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 89) Satyam case was filled with |
Ghost employees |
Fake sales |
Inflated Cash & bank balances |
All of the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 90) A forensic auditor can get opportunities in |
Banking sector |
Insurance Sector |
Both a & b |
None of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 91) Auditor’s responsibility relating to fraud in financial statements is covered in: |
SA 200 |
SA 240 |
SA 250 |
SA 299 |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 92) A type of question wherein the Interviewer provides an answer within the question is know as: |
Open ended |
Closed ended |
Leading |
All of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 93) The concealment of the origins of illegally obtained money, typically by means of transfers involving foreign banks or legitimate businesses is known as |
Slicing |
Spoofing |
Money Laundering |
All of the above |
C |
|
ICAI-icon |
|
|
ICAI-icon |
| 94) A red flag indicates that the alert is |
New |
Old |
Follow up |
Outdated |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 95) Existence of orphan funds comes under ____________ component of a fraud triangle |
Rationalisation |
Opportunity |
Pressure |
None of the above |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 96) An entity running on an auto pilot mode can be perceived as __________ by a fraudster. |
Rationalisation |
Opportunity |
Pressure |
None of the above |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 97) When individually any financial items/ transactions are not much relevant, however if used wisely together to commit a fraud, it is known as: |
Combined fraud |
Gunpowder effect |
Lapping |
None of the above |
B |
|
ICAI-icon |
|
|
ICAI-icon |
| 98) While conducting an interview, as a general rule, |
One person should be interviewed at a time |
Two persons should be interviewed at a time |
Three persons should be interviewed at a time |
None of the above |
A |
|
ICAI-icon |
|
|
ICAI-icon |
| 99) Examples of few simple forensic audit tests are |
Test of absurdity |
Test of impossibility |
Juxtaposition test |
All of the above |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 100) Good traits of a forensic auditor are: |
Maintaining professional skepticism |
Being a good observer |
Using multiple cues to analyze any area |
All of the above. |
D |
|
ICAI-icon |
|
|
ICAI-icon |
| 1. What is the objective of using CAAT |
Data Mining |
Data Analysis |
Data Analytics |
Data Wrangling |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 2. Which functionality is NOT present in CAAT |
Comparison |
Statistics |
Monetary unit |
Split |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 3. Which of the following is not the outcome of joining two databases |
Complete join |
Partial join using look-up field |
Selective join using look-up field |
Merging |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 4. ………………………… refers to collection of information pertinent to project |
Data gathering |
Data exporting |
Data embedding |
Data importing |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 5. Development costs for a computer based information system include/s |
Salaries of the system analysis |
Cost of converting and preparing data |
Cost of testing and documenting |
All A, B, C |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 6. Which of the following is NOT a sampling technique provided in CAAT |
Attribute |
clustered |
Random |
Monetary unit |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 7. developing a logical flow of fraud detection it is a good idea to |
develop a physical flow |
develop a system flow chart |
determine the contents of all data stores |
find out user’s preferences |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 8. A data store in a CAAT represents |
a sequential file |
a disk store |
a repository of data |
a random access memory |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 9. Which of the following is not a criticism of the use of CAAT |
It reinforces the idea that code-and-retrieve is the only way to conduct qualitative analysis |
It results in the fragmentation of data and a loss of narrative flow |
It may not be suitable for focus group data |
It is not very fast or efficient at retrieving sections of data |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 10. Which of the following is a disadvantage of using CAAT in different types of projects |
It makes the process of qualitative data analysis more transparent |
It is faster and more efficient than analysing by hand |
It involves learning skills that are specific to each program |
It helps you to map out the relations between ideas and themes in the data |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 11. Which of the following is a kind of search that can be carried out in CAAT |
Boolean |
Proximity |
Wildcard |
All of above |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 12. Which of the following is not the capability of CAAT in statistics? |
Probability |
Correlation |
Trend Analysis |
Time Series |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 13. Which of the following is not a valid Benford test in CAAT |
First two digit |
Last two digit |
First three digit |
Last three digit |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 14. Which characteristics of data is not preserved in CAAT |
Integrity |
Source format |
Indexed order |
Originality |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 15. Which of the below is not an advantage of using CAAT |
The audit team may not require the knowledge or training needed to understand the results of the CAAT |
Independently access data stored on a computer without dependence on the client |
Test the reliability of client software |
Increase the accuracy of audit tests |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 16. Which of the below is a PRIMARY limitation of using CAAT |
Potential incompatibility with the client's computer system |
The audit team may not have sufficient IT skills and knowledge to create the complex data extracts and programming required |
Client permission and cooperation may be difficult to obtain |
The audit team may not have the knowledge or training needed to understand the results of the CAATs |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 17. Which of the following are two broad categories of CAAT |
Audit software and exception reporting module of clients software |
Audit software and test data |
BI tools and Integrated test facility |
Test data and embedded audit software in SAP/ERP |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 18. Of the following which is the specific purpose for which CAAT is used: |
Sampling |
File management |
Report generation |
Log maintenance |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 19. CAAT is used for which of the following type of data analytics |
Cognitive analysis |
Predictive analysis |
Diagnostic analysis |
Prescriptive analysis |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 20. CAAT performs following functions: |
Data Presentation |
Data queries |
Data Stratification |
Data Extraction |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 1. Which of the file systems for Microsoft system provides the most security? |
NTFS |
FAT |
FAT32 |
FAT16 |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 2. The chain of custody should be able to answer the following questions except: |
Who collected the evidence? |
How and where is the evidence stored? |
Who took possession of the evidence? |
Who created the chain of custody document? |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 3. The different ways in which the network can be attacked except? |
availability |
confidentiality |
integrity |
durability |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 4. Where do routers reside in relationship to the OSI model? |
Layer 1 |
Layer 2 |
Layer 3 |
Layer 4 |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 5. The term is used to describe espionage conducted for commercial purposes on companies and governments, and to determine the activities of competitors: |
company espionage |
corporate espionage |
government espionage |
business espionage |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 6. What is the main motive behind corporate spying? |
personal relations |
disgruntled employees |
easy money |
all of the above |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 7. The major technique used for corporate spying is : |
social engineering |
dumpster diving |
phone eavesdropping |
all of the above |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 8. An Internet standard protocol that is used to synchronize the clocks of client computers is called: |
Network Time Protocol (NTP) |
Time Sync Protocol (TSP) |
Server time Protocol (STP) |
Client time Protocol (CTP) |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 9. The process of tracking unauthorized activity using techniques such as inspecting user actions, security logs, or audit data is called: |
Intrusion Prevention |
Intrusion Detection |
Host Detection |
Host Prevention |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 10.The unique 48-bit serial number assigned to each network interface card, providing a physical address to the host machine is called: |
MAC |
NAC |
IAC |
HAC |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 11.A record of the seizure, custody, control, transfer, analysis, and disposition of physical and electronic evidence is called: |
Chain of Evidence |
Chain of History |
Chain of Custody |
Chain of Forensics |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 12.An attack that overloads a system’s resources, either making the system unusable or significantly slowing it down, is called: |
Denial-of-service attack |
Network Denial attack |
Resource Denial attack |
Server down attacks |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 13.The wilful act of stealing someone’s identity for monetary benefits is called: |
Data Theft |
Privacy Theft |
Identity Theft |
Person Theft |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 14.When did both the houses of the Indian Parliament passed the Information Technology Bill in 2000? |
Jan 2000 |
Mar 2000 |
May 2000 |
Aug 2000 |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 15.In February 2016, which Bank of Bangladesh suffered a major cyber-attack losing millions of dollars? |
EBL Bank |
United Commercial Bank |
Grameen Bank |
Bangladesh Bank |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 16.Which section of IT Act 2000 hands out Punishment for Sending Offensive Messages through Communication Service etc.? |
Sec 66A |
Sec 66B |
Sec 66C |
Sec 66D |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 17.Which section of IT Act 2000 deals with Cyber Terrorism? |
Sec 66A |
Sec 66B |
Sec 66C |
Sec 66F |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 18.The administrators of the DDoS marketplace webstresser.org were arrested on 24 April 2018 as part of which global Operation? |
Operation Power Zero |
Operation Power Off |
Operation Power On |
Operation Power Global |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 19.IoT stands for: |
Internet of Tech |
Internet of Times |
Internet of Tomorrow |
Internet of Things |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 20.As per global study, most cyber-attacks on corporates are performed by: |
Outsiders |
Insiders |
Vendors |
Unknown Hackers |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 21.The write-blocker that sits between evidence drive & forensic workstation is called: |
Software Write Blocker |
Hardware Write Blocker |
Hybrid Write Blocker |
Forensic Write Blocker |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 22.The write-blocker that is built into a computer forensic suite or OS configured is called: |
Software Write Blocker |
Hardware Write Blocker |
Hybrid Write Blocker |
Forensic Write Blocker |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 23.The process of making a partition visible to an OS is called: |
Partitioning |
Mounting |
Loading |
Plugging |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 24.The process of changing the caller ID to any number other than the calling number is called: |
Caller ID Tagging |
Caller ID Changing |
Caller ID Spoofing |
Caller ID Rigging |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 25.A specific type of phishing attack that appears to come from a trusted source is also known as: |
Target Phishing |
Spear Phishing |
Knife Phishing |
Sword Phishing |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 26.A general term for any encrypted overlay network that you can only access with specific types of software, or authorization, or protocols, or ports, is called: |
Underground |
Darkweb |
Unknown Web |
HardWeb |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 27.A system that is attractive to an attacker and serves no other purpose than to keep attackers out of critical systems and observe their attack methods, is known as: |
Honeypot |
Honeytoken |
Sandbox |
Sandtrap |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 28.An Internet protocol designed for accessing e-mail on a mail server is: |
POP |
ICMP |
IMAP |
TCP |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 29.An Internet protocol used to retrieve e-mail from a mail server is: |
POP |
ICMP |
IMAP |
TCP |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 30.A set of duplicate data that is stored in a temporary location to allow rapid access for computers to function more efficiently, is known as: |
Boot Record |
Metadata |
Swap |
Cache |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 31.A service provided by a server in which the server assigns a client machine an IP address upon request, is called: |
TCP |
IP |
DHCP |
ICMP |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 32.In asymmetric key cryptography, the private key is kept by: |
Sender |
Receiver |
sender and receiver |
all the connected devices to the network |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 33.This is the inclusion of a secret message in otherwise unencrypted text or images. |
Masquerade |
Steganography |
Spoof |
Hashing |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 34.When a user needs to provide message integrity, what options may be best? |
Send a digital signature of the message to the recipient |
Encrypt the message with a symmetric algorithm and send it |
Encrypt the message with a private key so the recipient can decrypt with the corresponding public key |
Create a checksum, append it to the message, encrypt the message, then send to recipient. |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 35.What kind of hacker uses hacking to send social, religious, and political, etc messages, usually, done by hijacking websites and leaving a message on the hijacked website? |
Hacktivist |
Phone phreaker |
White hat hacker |
Grey hat hacker |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 36.What kind of hacker gains access to systems with a view to fix the identified weaknesses? |
Black hat hacker |
Purple hat hacker |
White hat hacker |
Grey hat hacker |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 37.What kind of program allows the attacker to control the user's computer from a remote location? |
Virus |
Trojan Horse |
Malware |
Keylogger |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 38.What is the art of exploiting the human elements to gain access to un-authorized resources? |
Ethical Hacking |
Social Engineering |
Caller ID Spoofing |
Reverse Engineering |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 39.How many numbers of bits are used by IPv6? |
64 |
32 |
24 |
128 |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 40.How many numbers of bits are used by IPv4? |
64 |
32 |
24 |
32 |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 41.Which service runs on port 21? |
HTTP |
HTTPS |
FTP |
SMTP |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 42.Which service runs on port 80? |
HTTP |
HTTPS |
FTP |
SMTP |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 43.Which service runs on port 443? |
HTTP |
HTTPS |
FTP |
SMTP |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 44.What can be used to intercept packages as they are transmitted over the network? |
MAC flooding |
Active Sniffing |
Passive Sniffing |
Network Sniffing |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 45.Which attack is used to crash Web Server? |
SQL Injection |
ARP poisoning |
DOS attack |
Cross Site Scripts |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 46.This attack involves eavesdropping on a network and capturing sensitive information? |
Man-in-the-Middle |
Sniffing |
DoS Attack |
SQL Injection |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 47.Which of the following best describes a distributed denial-of-service attack? |
A DoS against an entire subnet, affecting multiple systems |
A DoS against multiple systems across an enterprise network |
DoS against similar systems in different target networks |
A DoS carried out by multiple systems |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 48.Passwords no longer provide adequate authentication to online services because: |
People typically choose simple and easy to guess passwords |
People share passwords |
People reuse passwords across multiple accounts |
All of the above |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 49.This authentication process allows a user to enter one name and password to access multiple applications. |
RADIUS |
security ID |
SSO |
user profile |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 50.What best describes metadata? |
Data that is important to the investigation |
Data about data |
Data that is hidden |
Operating system data |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 51.What type of encryption uses a different key to encrypt the message than it uses to decrypt the message? |
private key |
asymmetric |
symmetric |
secure |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 52.Which of the following are the two types of write protection? |
Fast and slow |
Windows and Linux |
Hardware and software |
Forensic and non-forensic |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 53.What is Digital Forensic? |
Process of using scientific knowledge in analysis and presentation of evidence in court. |
The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation. |
A process where we develop and test hypotheses that answer questions about digital events. |
Use of science or technology in the investigation and establishment of the facts or evidence in a court of law |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 54.Which of the following is NOT focus of digital forensic analysis? |
Authenticity |
Comparison |
Proving |
Enhancement |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 55.Which of the following is FALSE? |
The digital forensic investigator must maintain absolute objectivity |
It is the investigator’s job to determine someone’s guilt or innocence. |
It is the investigator’s responsibility to accurately report the relevant facts of a case. |
The investigator must maintain strict confidentiality, discussing the results of an investigation on only a “need to know” basis. |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 56.What do you do to a computer that is turned off? |
Turn it on |
Leave it off |
Start typing |
Flip the switch |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 57.What should you do if the computer is turned on? |
Shut it down |
Unplug it |
Start typing |
Log the user off |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 58.What happens when first securing the area? |
Start looking for evidence |
Make sure that the crime scene is safe |
Gather evidence |
Make sure computer is on |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 59.A system for locating phones by determining its distance from 3 different towers. |
Arson Can |
Cell site |
Dead spots |
Triangulation |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 60.Which of the following is NOT a service level for the cloud? |
Platform as a service |
Infrastructure as a service |
Virtualization as a service |
Software as a service |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 61.Which is not a valid method of deployment for a cloud |
community |
public |
targeted |
private |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 62.Which password recovery method uses every possible letter, number, and character found on a keyboard? |
rainbow table |
dictionary attack |
hybrid attack |
brute-force attack |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 63.Validate your tools and verify your evidence with ____ to ensure its integrity. |
hashing algorithms |
watermarks |
steganography |
digital certificates |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 64.E-mail administrators may make use of ???, which overwrites a log file when it reaches a specified size or at the end of a specified time frame |
log recycling |
circular logging |
log purging |
log cycling |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 65.The ___ tool is an updated version of BackTrack, and contains more than 300 tools, such as password crackers, network sniffers, and freeware forensics tools |
Kali Linux |
Ubuntu |
OSForensics |
Sleuth Kit |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 66.The ___ command line program is a common way of examining network traffic, which provides records of network activity while it is running, and produce hundreds of thousands of records |
netstat |
ls |
ifconfig |
tcpdump |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 67.What method below is NOT an effective method for isolating a mobile device from receiving signals? |
placing the device into a plastic evidence bag |
placing the device into a paint can, preferable one previously containing radio-wave blocking paint |
placing the device into airplane mode |
turning the device off |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 68.One of the most noteworthy e-mail scams was 419, otherwise known as the? |
Nigerian Scam |
Lake Venture Scam |
Conficker virus |
Iloveyou Scam |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 69.What is a search query that can help identify some of the individuals and/or companies associated with a given domain name, including the registrant, when the domain was created, etc. |
Email |
Google |
Whois |
Cookies |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 70.What is a small text file that is deposited on a user's computer by a web server? They are used to track sessions as well as remember a user's preferences for a particular web site. |
Browser |
Spoofing |
Whois |
Cookies |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 71.What is responsible for mapping domain names to specific IP address? |
Static web page |
Message ID |
Dynamic web page |
Domain Name Server |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 72.What is used primarily as a means to share files? |
Peer-to-Peer |
Browser |
Web Cache |
Cookies |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 73.Which system is Base 16 that use 0-9 A, B, C, D, E, F can go 0-15? |
Octal |
Decimal |
Binary |
Hexadecimal |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 74.What option below is an example of a platform specific encryption tool? |
GnuPG |
TrueCrypt |
BitLocker |
Pretty Good Privacy (PGP) |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 75.Within a computing investigation, the ability to perform a series of steps again and again to produce the same results is known as ??? |
repeatable findings |
reloadable steps |
verifiable reporting |
evidence reporting |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 76.Which of the following scenarios should be covered in a disaster recovery plan? |
damage caused by lightning strikes |
damage caused by flood |
damage caused by a virus contamination |
all of the above |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 77.The passwords are typically stored as one-way _______ rather than in plaintext? |
hex values |
variables |
hashes |
stack spaces |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 78.What program serves as the GUI front end for accessing sleuth kit's tools? |
detectiveGUI |
autopsy |
kde |
smart |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 79.Which term describes rooms filled with extremely large disk systems that are typically used by large business data centers? |
storage room |
server farm |
data well |
storage hub |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 80.What is the purpose of the reconstruction function in a forensics investigation? |
re-create a suspect's drive to show what happened during a crime or incident |
prove that two sets of data are identical |
copy all information from a suspect's drive, including information that may have been hidden |
generate reports or logs that detail the processes undertaken by a forensics investigator |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 81.Which option below is not a recommendation for securing storage containers? |
the container should be located in a restricted area |
only authorized access should be allowed, and it should be kept to a minimum |
evidence containers should remain locked when they aren't under direct supervision |
rooms with evidence containers should have a secured wireless network |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 82.What is the name of the Microsoft solution for whole disk encryption? |
drivecrypt |
truecrypt |
bitlocker |
FileVault |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 83.What is the name of the Mac solution for whole disk encryption? |
drivecrypt |
truecrypt |
bitlocker |
FileVault |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 84.What virtual machine software supports all Windows and Linux OSs as well as Macintosh and Solaris, and is provided as shareware? |
KVM |
Parallels |
Microsoft Virtual PC |
VirtualBox |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 85.In a ___ attack, the attacker keeps asking your server to establish a connection, with the intent of overloading a server with established connections |
smurf |
SYN flood |
spoof |
ghost |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 86.A Nibble is made of: |
4 bits |
8 bits |
12 bits |
16 bits |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 87.A computer network that spans a relatively large geographical area and consists of two or more interconnected local area network (LAN)? |
Network Share |
Wide Area Network (WAN) |
Local Area Network (LAN) |
Cloud Network |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 88."A sender and receiver share a single, common key to encrypt and decrypt the message" is called? |
Anti-Forensics |
Swap Partition |
Public-Key Encryption |
Symmetric-Key Encryption |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 89.A basic unit of communication over a digital network is called? |
Payload |
Packets |
BIOS |
Carrier |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 90.The practice of examining large databases in order to generate new information? |
Tunneling |
Sandboxing |
Degaussing |
Data Mining |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 91."A network of personal computers, each of which acts as both client and server, so that each can exchange files and email directly with every other computer on the network. "? |
Peer-to-Peer Network |
Local Area Network |
Hypervisor |
Brute-Force Attack |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 92."An efficient, isolated duplicate of a real machine." Is called? |
Visualization |
File Carving |
Data Mining |
Virtual Machine (VM) |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 93.Using a very large magnet to destroy the magnetic data on the disk? |
Sandboxing |
Tunneling |
Degaussing |
Data Mining |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 94.This assumes that the password is a dictionary word or some variant of one. The tool simply does a replacement of the password until it finds the one that fits? |
Metadata |
Brute-Force Attack |
Network Share |
Dictionary Attack |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 95."A process of allowing an unknown executable to run in a specially prepared and instrumented environment, so that its capabilities and actions can be observed”? |
Degaussing |
Sandboxing |
Spoofing |
Tunneling |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 96.A computer virus that replicates and spreads itself is also known as? |
virus |
worm |
bot |
zombie |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 97.What describes an examination of a system while it is still running? |
live analysis |
crackers |
hackitvists |
steganography |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 98.People who would like to be hackers but don't have much technical expertise? |
hackitvists |
rootkit |
crackers |
script kiddies |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 99.The process of keeping track of all upgrades and patches you apply to your computer's OS and applications is called |
Configuration Management |
Hardware Management |
Software Management |
Server Management |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 100. Which one is a Network forensics tool? |
EnCase |
Autopsy |
nMap |
Volatility |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 101. Which one is a Data Capture forensics tool? |
EnCase |
Wireshark |
nMap |
Volatility |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 102. Which one is a RAM forensics tool? |
EnCase |
Autopsy |
nMap |
Volatility |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 1. What is the objective of using CAAT |
Data Mining |
Data Analysis |
Data Analytics |
Data Wrangling |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 2. Which functionality is NOT present in CAAT |
Comparison |
Statistics |
Monetary unit |
Split |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 3. Which of the following is not the outcome of joining two databases |
Complete join |
Partial join using look-up field |
Selective join using look-up field |
Merging |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 4. ………………………… refers to collection of information pertinent to project |
Data gathering |
Data exporting |
Data embedding |
Data importing |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 5. Development costs for a computer based information system include/s |
Salaries of the system analysis |
Cost of converting and preparing data |
Cost of testing and documenting |
All A, B, C |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 6. Which of the following is NOT a sampling technique provided in CAAT |
Attribute |
clustered |
Random |
Monetary unit |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 7. developing a logical flow of fraud detection it is a good idea to |
develop a physical flow |
develop a system flow chart |
determine the contents of all data stores |
find out user’s preferences |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 8. A data store in a CAAT represents |
a sequential file |
a disk store |
a repository of data |
a random access memory |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 9. Which of the following is not a criticism of the use of CAAT |
It reinforces the idea that code-and-retrieve is the only way to conduct qualitative analysis |
It results in the fragmentation of data and a loss of narrative flow |
It may not be suitable for focus group data |
It is not very fast or efficient at retrieving sections of data |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 10. Which of the following is a disadvantage of using CAAT in different types of projects |
It makes the process of qualitative data analysis more transparent |
It is faster and more efficient than analysing by hand |
It involves learning skills that are specific to each program |
It helps you to map out the relations between ideas and themes in the data |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 11. Which of the following is a kind of search that can be carried out in CAAT |
Boolean |
Proximity |
Wildcard |
All of above |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 12. Which of the following is not the capability of CAAT in statistics? |
Probability |
Correlation |
Trend Analysis |
Time Series |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 13. Which of the following is not a valid Benford test in CAAT |
First two digit |
Last two digit |
First three digit |
Last three digit |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 14. Which characteristics of data is not preserved in CAAT |
Integrity |
Source format |
Indexed order |
Originality |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 15. Which of the below is not an advantage of using CAAT |
The audit team may not require the knowledge or training needed to understand the results of the CAAT |
Independently access data stored on a computer without dependence on the client |
Test the reliability of client software |
Increase the accuracy of audit tests |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 16. Which of the below is a PRIMARY limitation of using CAAT |
Potential incompatibility with the client's computer system |
The audit team may not have sufficient IT skills and knowledge to create the complex data extracts and programming required |
Client permission and cooperation may be difficult to obtain |
The audit team may not have the knowledge or training needed to understand the results of the CAATs |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 17. Which of the following are two broad categories of CAAT |
Audit software and exception reporting module of clients software |
Audit software and test data |
BI tools and Integrated test facility |
Test data and embedded audit software in SAP/ERP |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 18. Of the following which is the specific purpose for which CAAT is used: |
Sampling |
File management |
Report generation |
Log maintenance |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 19. CAAT is used for which of the following type of data analytics |
Cognitive analysis |
Predictive analysis |
Diagnostic analysis |
Prescriptive analysis |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 20. CAAT performs following functions: |
Data Presentation |
Data queries |
Data Stratification |
Data Extraction |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 21. In an audit of Journal Vouchers (JVs) how will you derive for potential duplicate JVs booked on the same date to the same head of account combination for round sum amounts? |
Direct Extraction |
Duplicate key Detection |
Publish PDF |
All of the above |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 22. In the audit of JVs how will you identify JV narrations containing key words like 'adjustment', accommodate' and others? |
Manage Project |
Gap Detection |
Search |
Go To |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 23. You are required to pick up random JVs per cost centre within the JV file so that all cost centres are covered in the review. Which function will assist you with the same? |
Stratification - Numeric |
Stratified Random Sampling - Character |
Pivot Table |
Stratified Random Sampling - Numeric |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 24. How will you capture JVs booked on Saturday/Sundays with an all numeric narration (non-standard narrations)? |
Field Statistics |
Criteria |
Save As Selected |
All of the above |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 25. Which function will you apply in IDEA to look for a sudden drop in the count of month ending JVs for accruals? |
Pivot Table |
Top Records Extraction |
Control Total |
Find Next |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 26. In a data file of Goods and Service Tax (GST) levy and payment how will you check for product sales within State A but where Inter State GST has been incorrectly levied and paid |
Export |
Print |
Direct Extraction |
Field Manipulation |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 27. In the GST data file, you need to re-compute the Central and State GST levied and paid on the Invoice value to check whether the application system is correctly computing the same. How will you perform this in IDEA? |
Modify Field |
Append Field |
Remove Field |
Hide Field |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 28. You are presented with the GST data file from the GSTIN portal which contains GST returns filed by your Vendors over the last year. You need to reconcile the portal file with your GST data file to identify entries in the portal file based on Vendor Code and Vendor Invoice Number not in your GST data file. How will you set about doing this in IDEA? |
Join |
Append Database |
Stratification |
Systematic Sampling |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 29. You are required to match the Vendor Code wise total of Inter State GST levies for the current month from your data with the portal data to identify Vendor wise mismatches on Inter State GST. Which function in IDEA will assist? |
Criteria |
Compare - CORRECT ANSWER |
Send Email |
Summarization |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 30. In your GST data how will you check for the Vendor Invoice number containing special characters other than numbers and letters in IDEA? |
Data - Append - use @split |
Data - Append - use @left |
Data - Append - use @strip |
Data - Append - use @age |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 31. You are required to allocate a single Digital Advertisement Expense bill for 12 months to various branch locations based on the number of walk in customers in each branch. You have a file with 275 branches and the total walk in count (footfall) per branch for 12 months. Which function in IDEA will you apply for the Expense allocation branch wise |
Key Value Extraction |
Append Databases |
Append Field |
Gap Detection |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 32. How will you go about identifying in IDEA specific branches having a rising footfall but falling Digital Advertisement Expense allocation or vice - versa |
Trend Analysis |
Correlation |
Duplicate Key Exclusion |
Search |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 33. How will you identify branches having a total footfall of 100 customers and below in the entire 12 month’s period and below using IDEA |
Publish to PDF |
Create Project |
Stratification |
Summarization |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 34. Which function in IDEA will you apply to identify the 25 branches having the highest Digital Advertisement Expense allocation |
Bottom Records Extraction |
Top Records Extraction |
Group Records |
Indexed Extraction |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 35. To capture manipulation in footfall data for any given branch how will you identify in IDEA branches having the same footfall for 12 months |
Duplicate Key Exclusion |
Import |
Save As |
Duplicate Key Detection |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 36. You have been provided with an online content - TV Serial, Movie
Streaming website data file with the following key fields -
o Customer Number
o Plan Reference
o Date of Visit (DD-MMM-YY Format)
o Time of Visit (HH:MM:SS Format)
o Online Content Duration in Standard Minutes
o Actual State Time of Viewing (HH:MM:SS Format)
o Actual Stop Time of Viewing (HH:MM:SS Format)
o Standard Stop Time of Viewing (HH:MM:SS Format)
o Content Unique Serial Number
o Genre - Comedy, Horror, Action, Family Drama
o Category - Serial, Movie
o IP Number of Streaming Device
o Buffering Speed - Low, Medium, High A. How will you identify Customers who have stopped watching content before
the Standard End Time for a Serial/Movie owing to Low Buffering Speed |
a) Join |
b) Export Databases |
c) Direct Extraction |
d) Save As |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 36. You have been provided with an online content - TV Serial, Movie
Streaming website data file with the following key fields -
o Customer Number
o Plan Reference
o Date of Visit (DD-MMM-YY Format)
o Time of Visit (HH:MM:SS Format)
o Online Content Duration in Standard Minutes
o Actual State Time of Viewing (HH:MM:SS Format)
o Actual Stop Time of Viewing (HH:MM:SS Format)
o Standard Stop Time of Viewing (HH:MM:SS Format)
o Content Unique Serial Number
o Genre - Comedy, Horror, Action, Family Drama
o Category - Serial, Movie
o IP Number of Streaming Device
o Buffering Speed - Low, Medium, High
B. Which function in IDEA will you apply to identify the top content watching
Customer's based on count of Serial's watched per day |
a) Direct Extraction |
b) Summarization |
c) Top Records Extraction |
d) All of the Above |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 36. You have been provided with an online content - TV Serial, Movie
Streaming website data file with the following key fields -
o Customer Number
o Plan Reference
o Date of Visit (DD-MMM-YY Format)
o Time of Visit (HH:MM:SS Format)
o Online Content Duration in Standard Minutes
o Actual State Time of Viewing (HH:MM:SS Format)
o Actual Stop Time of Viewing (HH:MM:SS Format)
o Standard Stop Time of Viewing (HH:MM:SS Format)
o Content Unique Serial Number
o Genre - Comedy, Horror, Action, Family Drama
o Category - Serial, Movie
o IP Number of Streaming Device
o Buffering Speed - Low, Medium, High
C. How will you report on Customers watching content from multiple devices on
the same date like Tablets, Smart Phones, Laptops etc. |
a) Duplicate Key Exclusion |
b) Duplicate Key Detection |
c) Gap Detection |
d) Field Manipulation |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 36. You have been provided with an online content - TV Serial, Movie
Streaming website data file with the following key fields -
o Customer Number
o Plan Reference
o Date of Visit (DD-MMM-YY Format)
o Time of Visit (HH:MM:SS Format)
o Online Content Duration in Standard Minutes
o Actual State Time of Viewing (HH:MM:SS Format)
o Actual Stop Time of Viewing (HH:MM:SS Format)
o Standard Stop Time of Viewing (HH:MM:SS Format)
o Content Unique Serial Number
o Genre - Comedy, Horror, Action, Family Drama
o Category - Serial, Movie
o IP Number of Streaming Device
o Buffering Speed - Low, Medium, High
D. To identify Customers who use the Streaming site only less than 3 times a
month which Function in IDEA will help |
a) Add Comments |
b) Summarization |
c) Stratification |
d) Set Working Folder |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 36. You have been provided with an online content - TV Serial, Movie
Streaming website data file with the following key fields -
o Customer Number
o Plan Reference
o Date of Visit (DD-MMM-YY Format)
o Time of Visit (HH:MM:SS Format)
o Online Content Duration in Standard Minutes
o Actual State Time of Viewing (HH:MM:SS Format)
o Actual Stop Time of Viewing (HH:MM:SS Format)
o Standard Stop Time of Viewing (HH:MM:SS Format)
o Content Unique Serial Number
o Genre - Comedy, Horror, Action, Family Drama
o Category - Serial, Movie
o IP Number of Streaming Device
o Buffering Speed - Low, Medium, High
F. To report on which Serial and Genre has minimum viewership online per
month how will you use IDEA |
a. Summarization |
b. Bottom Records Extraction |
c. Export Databases |
d. All of the Above |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 1 Forensic Accounting is essentially …………………… |
Accounting in a way to detect fraud |
Auditing in a way to gather evidence |
Investigating in a way to get different evidence |
Combination of accounting, auditing, and investigative skills to gather evidence usable in a court of law |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 2 What is the AutoComplete feature of Excel? |
It automatically completes abbreviated words |
It completes text entries that match an existing entry in the same column |
It completes text and numeric entries that match an existing entry in the same column |
It completes text entries that match an existing entry in the same worksheet |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 3 A circular reference is …………………. |
Geometric modeling tool |
A cell that points to a drawing object |
A formula that either directly or indirectly depends on itself |
Always erroneous |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 4 Which of the following is a correct order of precedence in formula calculation? |
Multiplication and division exponentiation positive and negative values |
Multiplication and division, positive and negative values, addition and subtraction |
Addition and subtraction, positive and negative values, exponentiation |
All of above |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 5 You want to track the progress of the stock market on a daily basis. Which type of chart should you use? |
Pie Chart |
Bar Chart |
Line Chart |
Column Chart |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 6 Except for the ……………………. function, a formula with a logical function shows the word “TRUE” or “FALSE” as a result. |
IF |
AND |
OR |
NOT |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 7 Which function will calculate the number of workdays between 6/9/2017 and 8/12/2018? |
Workday |
Date |
Networkdays |
All of the above |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 8 _____________ is an interactive data summarisation tool in Excel. |
CONSOLIDATE |
PIVOTTABLE |
SUBTOTAL |
POWER QUERY |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 9 _____________ is done to identify the missing items in a sequence or series. |
Gap Testing |
Relative Size factor Analysis |
Fuzzy Logic Matching |
Sort |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 10 Which of the following errors will not be traced by Error Checking? |
Inconsistent manner of defining formulas |
Errors like #N/A, #REF! etc. |
Numbers stored as text |
Error in the logic of defining the formula |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 11 Which of the following functions is totally irrelevant for performing aging analysis? |
IF Function |
AND Function |
TODAY Function |
LEFT Function |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 12 In order to prevent identity thieves from finding personally identifiable information by looking through your trash, you should: |
Put your sensitive documents in your neighbors trash bin. |
Shred, or otherwise destroy all account statements, account applications, cancelled checks or other documents or information that contain personally identifiable information. |
Never throw out any sensitive information. Keep it in a safe place within your home. |
Take your sensitive information directly to the dump. |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 13 You're exposing yourself to potential credit card fraud if you: |
Sign your cards as soon as they arrive. |
Leave cards or receipts lying around. |
Void incorrect receipts. |
Carry your cards separately from your wallet, in a zippered compartment, a business card holder, or another small pouch. |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 14 Which of the following are not recommended security practices when setting up a wireless network in your home? |
Place your router in a secure location in your home. |
Change the name of your router from the default. |
Change your router's pre-set password. |
Turn on the encryption feature of your wireless routers. |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 15 Which of the following is not considered to be "personally identifiable information"? |
Credit card numbers |
Vehicle registration plate number |
Name of the school you attend or your workplace |
Date of birth |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 16 Which of the following is a characteristic that asset hiders generally look for in the financial vehicles they use to conceal assets? |
Transparency |
Inaccessibility |
Liquidity |
None of the above |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 17 Which of the following is a step in the general process for tracing illicit transactions? |
Selecting a response team |
Building a financial profile |
Implementing litigation hold procedures |
Establishing reporting protocols |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 18 When determining a subject's net worth for asset-tracing purposes, all assets should be valued at current market value to eliminate any question about estimates. |
1 |
|
|
|
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 19 Sachin is currently being prosecuted for financial statement fraud for allegedly intentionally over-reporting earnings. Although Sachin did over-report income, he did not do so on purpose. Under these facts, which of the following defenses, if any, would likely benefit Sachin as a defense? |
Mistake |
Ignorance |
Duress |
All of the above |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 20 Akbar works as a cashier in an antiques store. Since the merchandise lacks barcodes, he has to enter the prices manually. One customer purchased a piece of furniture that cost Rs. 2500 and paid in cash. Akbar recorded the sale at Rs. 2000 and pocketed the Rs. 500 bill. What type of fraud did Akbar commit? |
A cash larceny scheme |
Lapping of receivables |
An unrecorded sales (skimming) scheme |
An understated sales (skimming) scheme |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 21 Amar, a fraud examiner, is conducting textual analytics on emails sent to and from specific employees that his client has identified as fraud suspects. He is using the Fraud Triangle to come up with a list of fraud keywords to use in his search. Which of the following words found in email text might indicate a fraudster is rationalizing his actions? |
Write off |
Deserve |
Override |
Quota |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 22 If an information thief has long range interest in monitoring of a company, he might place a spy in that target company as a permanent employee. This employee is known as …………………. |
Sleeper |
Mole |
Detective |
Insider Spies |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 23 The existence of the following might indicate presence of Ghost Employees: |
Employees with no withholding |
No employees with same address |
No employye with same PAN |
No employee with same account number |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 24 In Health Care Fraud, ………………………….. reimbursement occurs when providers receive payment for each service rendered. |
Capitation |
Fee for Service |
Episode of Care |
None of the above |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 25 Which of the following are the best for a comprehensive investigation ………………… |
Data vouching, trend analysis |
Trend analysis and tests of logic and absurdities |
Data vouching and tests of impossibilities |
All of the above to the extent possible in every case |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 26 Luhn’s algorithm is …………………. |
A tool to find out valid credit card numbers |
A tool to find out invalid debit card numbers |
A tool to find valid or invalid debit cards/credit cards |
None of the above |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 27 Which of the following is not an indication of Money laundering? |
Use of third party cheque for making purchases |
Lump sum payment made by wire transfer |
Willingness to provide normal information |
Request to borrow maximum cash value of a single premium policy soon after paying for the policy. |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 28 An employee has duty to cooperate during internal investigation irrespective of nature of investigation. |
1 |
|
|
|
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 29 Which situation will not give rise to sanctions for failing to preservce evidence include intentionally or accidentally? |
Erasing computer file relevant to unanticiapated litigation |
Destroying physical evidence relevant to existing litigation |
Losing documents relevant to anticipated litigation |
Failing to suspend routine destruction of electronic data relevant to existing litigation |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 30 …………………. refers to defamatory statements in writing. |
Slander |
Human Rights |
Libel |
Breach of Privacy |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 31 To establish libility for public disclosure of private facts, the plaintiff must prove following elements: (i) The defendant made public statements about another party's private life. (ii) The statements were not of public concern. (iii) The statements would be highly offensive to a reasonable person. |
(i) only |
(i) and (ii) only |
All of the above |
None of the above |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 32 ……………………… software gives investigators the ability to image a drive and preserve it in a forensic manner. |
Stego Suite |
Forensic Toolkit (FTK) |
Recovery Toolkit |
Encase Forensic |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 33 Which is not a process for tracing illicit transactions? |
Collect Information |
Profile the subject |
Interview the subject |
Review information for leads |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 34 Fraud Assessment questioning is a non-accusatory interview technique used as a part of normal audit. |
1 |
|
|
|
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 35 Following employee can be exempted from Fraud Awareness Training program - |
Top Level staff |
Middle Level Staff |
Lower Level Staff |
None of the above |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 36 ………………………. is the impression a writing instrument leaves on sheets of paper below the sheet that contains the original writing. |
Indented Writing |
Freehand Forgeries |
Autoforgeries |
Imitator style |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 37 To avoid smudging and contamination, fraud examiners should use …………………… when handling latent finger print evidence. |
Protective Gloves |
Acid free paper envelopes |
Dusting powder |
None of the above |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 38 While interviewing, Amar, forensic auditor, locks the door of interview room. This can be claimed as ……………………………. by the interviewee. |
Human Right Violation |
Actual Imprisonment |
False Imprisonment |
True Imprisonment |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 39 While doing interview, Amar, forensic auditor, was doing covert recording of interview process. It helps Amar to deny the recording when asked without taking ownership of recording. |
1 |
|
|
|
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 40 ……………………… is a defence mechanism that protects an individual from items that would cause anxiety by prevneting the items from becoming concious. |
Etiquette |
Ego Threat |
Depression |
Repression |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 41 Amar, a Certified Fraud Examiner, has obtained an oral confession from Vijay, a fraud suspect. Amar wants to probe Vijay for additional details. Which of the following is the most appropriate question Amar should ask Vijay to find out if there are any remaining proceeds that can be used to reduce losses? |
"Did you spend everything?" |
"What do you have left?" |
"Is there anything left?" |
"It’s all gone, isn’t it?" |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 42 Amar, a Certified Fraud Examiner, is conducting an admission-seeking interview of Vijay, a fraud suspect. Amar has a great deal of documentary evidence that he plans on using to diffuse Vijay's alibis. The proper technique for using the evidence is for Amar to display it all at once so that Vijay will be demoralized by the overwhelming amount of evidence. |
1 |
|
|
|
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 43 In interview situations, it is sometimes recommended that the interviewer shake hands with the respondent. What is the purpose of this? |
Social courtesy |
Professional courtesy |
To establish the interview purpose |
To break down psychological barriers |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 44 Forensic analysis can be performed directly on suspect devices because doing will not alter or damage digital evidence. |
1 |
|
|
|
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 45 Which is not a Red Falg associated with Fictitious Revenue? |
An unusually large amount of long overdue accounts receivable |
Rapid growth or unusual profitability |
Significant sales to entities whose substance not known |
Inventory totals appear forced |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 46 Vijay, a manager at a major company, is suspected of financial statement fraud. During an admission-seeking interview with Vijay, the investigator states: "A lot of employees count on the company doing well. I know you only did this to help the company succeed. Isn’t that right?” This technique is known as: |
Genuine need |
Extrinsic rewards |
Altruism |
Depersonalizing the victim |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 47 Vijay, a fraud suspect, has confessed to Amar, a Fraud Examiner, that he has embezzled funds. Amar is unsure whether Vijay had an accomplice. Which of the following is the most appropriate question concerning accomplices? |
"Who else knew about this besides you?" |
"Was anyone else involved?" |
"Did someone else know?" |
"We have evidence someone else is involved. Who is it?" |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 48 Which of the following is a good practice for taking notes during an interview? |
Slow down the interview process if necessary to take accurate notes. |
Avoid making notes regarding opinions or impressions about a witness |
Write down verbatim all responses given by the subject during the interview. |
Make any necessary additions to interview notes within several weeks of the interview |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 49 During the introductory phase of the interview, the interviewer should avoid terms such as: |
Investigation |
Review |
Inquiry |
All of the above |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 50 Whenever possible, make a list of questions to be asked during the interview. It helps in maintaing the flow of interview. |
1 |
|
|
|
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 51 if the interviewer has reason to believe that the respondent is being deceptive, he should begin asking ……………………….. |
Direct Questions |
Closing Questions |
Admission seeking Questions |
Assessment Questions |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 52 Which of the following is not the objective of Introductory questions ? |
Establish Rapport |
Establish Interview Theme |
Observe reactions |
Reconfirm Facts |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 53 What is your digital footprint? |
A scanned image of your foot |
All the information online about a person that is stored online. |
A photograph of your shoe |
Having a blog, facebook or twitter page |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 54 We use Cryptography term to transforming messages to make them secure and immune to …………………….. |
Change |
Idle |
Attacks |
Defend |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 55 Confidentiality with asymmetric-key cryptosystem has its own ……………………. |
Entities |
Data |
Problems |
Translator |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 56 In a ____________ scheme, the fraudster leave malware infected USB flash drive in places where people will find them easily. |
Baiting |
Pharming |
Malware |
Malicious Insider |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 57 Why would a hacker use a proxy server? |
To create a stronger connection with the target. |
To create a ghost server on the network. |
To obtain a remote access connection. |
To hide malicious activity on the network. |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 58 What type of attack uses a fraudulent server with a relay address? |
NTLM (NT LAN Manager) |
MITM (Man-in-the-middle) |
NetBIOS (Network Basic Input/Output System) |
SMB (Server Message Block) |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 59 Which phase of hacking performs actual attack on a network or system? |
Reconnaissance |
Maintaining Access |
Scanning |
Gaining Access |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 60 Social engineering is one of the most successful attack methods of cybercriminals. What is regarded as a form of social engineering? |
Cryptoware |
Denial of Service (DOS) attack |
Phishing |
Spam |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 61 Biometrics become ever more important as a means to verify the identity of users. Which feature of biometrics represents a major consideration for organizations that want to implement it? |
The so-called crossover error rate, which is the rate at which both acceptance and rejection errors are equal. |
The way users swipe their tablet or smartphone can be used as a behavioral mechanism for biometrics. |
The so-called crossover error rate, which is the rate at which both acceptance and rejection errors are within acceptable levels. |
Face recognition cannot be used as a biometric mechanism, because it is very inaccurate. |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 62 Digital certificates represent an important component in any Public Key Infrastructure (PKI). What should never be included in a digital certificate? |
The digital signature of the certificate authority (CA) that has issued the digital certificate. |
The private key of the party to whom the digital certificate is tied. |
The identity of the party that owns the digital certificate. |
The start and end date of the period, in which the digital certificate is valid. |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 63 What is the purpose of a Denial of Service attack? |
Exploit a weakness in the TCP/IP stack |
To execute a Trojan on a system |
To overload a system so it is no longer operational |
To shutdown services by turning them off |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 64 How is IP address spoofing detected? |
Installing and configuring a IDS that can read the IP header |
Comparing the TTL values of the actual and spoofed addresses |
Implementing a firewall to the network |
Identify all TCP sessions that are initiated but does not complete successfully |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 65 Phishing is a form of ………………………. |
Spamming |
Identify Theft |
Impersonation |
Scanning |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 66 Keyloggers are a form of …………………….... |
Spyware |
Shoulder surfing |
Trojan |
Social engineering |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 67 Having individuals provide personal information to obtain a free offer provided through the Internet is considered what type of social engineering? |
User-based |
Computer-based |
Human-based |
Web-based |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 68 SQL injection is an attack in which …………………… code is inserted into strings that are later passed to an instance of SQL Server. |
Non malicious |
Clean |
Redundant |
Malicious |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 69 Which of the following is a proper acquisition technique? |
Disk to Image |
Disk to Disk |
Sparse Acquisition |
All of the above |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 70 Which duplication method produces an exact replica of the original drive? |
Bit-Stream Copy |
Image Copy |
Mirror Copy |
Drive Image |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 71 What should you do if the computer is turned on? |
Shut it down |
Unplug it |
Start typing |
Log the user off |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 72 What happens when first securing the area? |
Start looking for evidence |
Make sure that the crime scene is safe |
Gather evidence |
Make sure computer is on |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 73 The risk of contamination of evidence is controlled and/or minimised by ……………………... |
Minimising the number of people handling the evidence. |
Storing packages in a dedicated secure area. |
Opening each package in an area other than where it was originally sealed. |
Using chain of custody labels. |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 74 Corroborative evidence is ……………………... |
Evidence that links an individual with a particular location. |
Evidence that associates an individual with another individual. |
Evidence that refutes other evidence. |
Eidence that supports other evidence. |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 75 What is the most significant legal issue in computer forensics? |
Preserving Evidence |
Seizing Evidence |
Admissibility of Evidence |
Discovery of Evidence |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 76 As a good forensic practice, why would it be a good idea to wipe a forensic drive before using it? |
No need to wipe |
Chain of Custody |
Different file and operating systems |
Cross-contamination |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 77 SQL Injection is ……………………… |
Physical Threat |
Application Threat |
Malicious Code |
Mobile Code |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 78 Cyber Forensic Investigation Process consists of ………………………. |
Imaging - Copy - Analysis - Communication. |
Imaging - Cloning - Documenting - Communication. |
Identification - Preservation - Collection - Analysis - Communication. |
Searching - Extracting - Imaging - Cloning - Analysis. |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 79 Signature forgery can best be spotted by ……………………. |
Juxtaposition and Comparison of signatures on two documents |
Juxtaposition and Comparison of a signature on a document with specimen signature |
Juxtaposition and comparison of signatures on several documents |
Any of the above |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 80 When a hash function is used to provide message authentication, the hash function value is referred to as ……………………… |
Message Field |
Message Digest |
Message Score |
Message Leap |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 81 The main difference in MACs and digital signatures is that, in digital signatures, the hash value of the message is encrypted with a user’s public key. |
1 |
|
|
|
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 82 In which the database can be restored up to the last consistent state after the system failure? |
Backup |
Recovery |
Both |
None |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 83 Most backup and recovery commands in ………………….. are executed by server sessions. |
Backup Manager |
Recovery Manager |
Backup and Recovery Manager |
Database Manager |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 84 Which of the following is not a recovery technique? |
Deferred update |
Immediate update |
Two-phase commit |
Recovery management |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 85 Failure recovery and media recovery fall under ...................... |
Transaction recovery |
Database recovery |
System recovery |
Value recovery |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 86 ………………………. means repeated acts of harassment or threatening behavior of the cyber criminal towards the victim by using internet services. |
Cyber Stalking |
Pornography |
Web Hijacking |
Hacking |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 87 …………………….. register domain name identical to popular service provider’s name. So as to attract their users and get benefit from them. |
Cyber squatters |
Phishing Attack |
Identity Theft |
Cyber Defamation |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 88 …………………… involves changing data prior or during input into a computer. |
Forgery |
Cyber Defamation |
Email spoofing |
Data diddling |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 89 As per ………………….., the auditor’s report should state whether the company has adequate Internal Financial Control system in place and the operating effectiveness of such controls. |
Section 134 |
Section 137 |
Section 143 |
Section 177 |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 90 Fraud reporting should be done to Central Govt. in ………………… |
Form ADT-1 |
Form ADT-2 |
Form ADT-3 |
Form ADT-4 |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 91 …………………. dealing with compensation for failure to protect data. |
Section 41 |
Section 43-A |
Section 65 |
Section 66 |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 92 Section 66E deals with ……………………… |
Sending offensive messages |
Cheating by personation |
Privacy violation |
Cyber terrorism |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 93 ……………….deals with publishing or transmitting obscene material in electronic form. |
Section 43 |
Section 65 |
Section 66 |
Section 67 |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 94 Section 75 of Indian Evidence Act, 1872 deals with ………………… |
Public Documents |
Private Documents |
Certified copies of Public Documents |
Proof of other official documents |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 95 A witness who is unable to speak is called ………………………. |
Deaf Witness |
Dumb Witness |
Hostile Witness |
Unreliable Witness |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 96 Entries in the books of accounts regularly kept in the course of business are admissible under section 34 of Evidence Act |
If they by themselves create a liability |
If they by themselves do not create a liability |
Irrespective of whether they themselves create a liability or not |
Either (a) or (b) |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 97 Amar, a Forensic Auditor, has obtained an oral confession from Vijay, a fraud suspect. Vijay confessed to committing fraud, and he admitted to smuggling drugs in an unrelated case. How should Amar handle these admissions in Gamma's written confession? |
Amar should omit the information concerning the drug smuggling |
Amar should take separate statements for each of the unrelated crimes |
Amar should include both crimes in the same statement |
None of the above |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 98 Amar, a Fraud Investigator, is investigating Vijay, who is active on an online social networking site in which he voluntarily shares information about himself. Amar wants to search and extract information from Vijay's social network profile. Which of the following is the most accurate statement about the privacy of information Vijay shared through his social network profile? |
To search for information that Vijay posted and made available to the public through his social network profile, Amar must provide Vijay notice before hand. |
To access any information posted on Vijay's social network profile, Amar must obtain some type of legal order from the jurisdiction in which Vijay resides. |
The Privacy of Social Networks Treaty is an international law that makes it illegal for Amar to seek the login credentials from Vijay's social networking account. |
Amar could be liable for violating Vijay's privacy rights if he hacks or breaks into areas of the social networking site Vijay has designated as private |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 99 What is Mutual Legal Assistance (MLA)? |
A process by which countries request and provide assistance in law enforcement matters |
A letter whereby a criminal defendant requests that the government release exculpatory information |
A formal request by the courts of one country seeking judicial assistance from the courts of another country |
A formal request by the government of a country seeking information from a defendant residing in another country |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 100 In most common law jurisdictions, for a document to be admitted into evidence, it must be properly __________ that is, the party offering the document must produce some evidence to show it is, in fact, what the party says it is. |
Validated |
Marked |
Certified |
Authenticated |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 1. The warehouse supervisor in ABC Ltd. has stolen ₹ 5 lakhs worth of inventory over the last year. He has made no effect to conceal his theft in any of the inventory records. During as analytical review of the financial statements, which of the following red flag might the auditor find that would indicate the inventory theft? |
The percentage change in cost of goods sold was significantly higher than the percentage change in sales. |
The percentage change in sales was significantly higher than the percentage change in cost of goods sold. |
Sales and cost of goods sold moved together. |
None of the above. |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 2. When circumstantial evidence is offered to prove that a subject has more income available than can be accounted for from legitimate sources, the subject often responds with which of the following defences? |
The subject has no taxable income. |
The subject’s excess funds were deobligated. |
The subject incurred substantial debts. |
The subject's excess funds were received as gifts. |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 3. Which of the following statement concerning public records is most accurate? |
Public records are the primary source of individual health information |
Public records are those maintained by public companies |
Public records are valuable for obtaining background information on individuals |
Public records are useful for searching banking records |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 4. SQL injection is an attack in which …………… code is inserted into strings that are later passed to an instance of SQL Server. |
Non malicious |
Clean |
Redundant |
Malicious |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 5. Section 66F of the Information Technology Act deals with ………………… |
Sending offensive messages |
Cheating by personation |
Privacy violation |
Cyber terrorism |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 6. Which of the following is a method in which contractors can inflate labour costs in negotiated contracts? |
Use higher wage personnel to perform work at lower rates. |
Subcontract to affiliated companies at inflated rates. |
Account for learning curve cost reductions. |
Use valid cost schedules. |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 7. Which of the following is the most appropriate type of question for fraud examiners to ask during interviews to confirm facts that are already known? |
Open |
Leading |
Complex |
Narrative |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 8. Which of the following activities are included in the bid evaluation and award phase of procurement involving open and free competition? |
The procuring employees issue the solicitation document. |
The procuring employees develop the bid specifications. |
The procuring employees assess the bids or proposals. |
The procuring employees perform their contractual obligations. |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 9. In MS-Excel, what is the correct way to refer the cell C5 on Worksheet named "Report" from Worksheet named "Sales Data"? |
=[Sales Data]!C5 |
=$C$5 |
='Sales Data'!C5 |
="Sales Data"!$C$5 |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 10. Act of obtaining information of a higher level of sensitivity by combining information from lower level of sensitivity is called? |
Aggregation |
Data mining |
Inference |
Polyinstantiation |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 11. Bars, restaurants, and nightclubs are favourite businesses through which to launder funds because: |
It is easy to match the cost of providing food, liquor, and entertainment with the revenues they produce. |
They charge relatively low prices for services. |
Sales are generally in cash. |
All of these choices are correct. |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 12. ………… may not contain in Excel Formula. |
Text Constant |
Mixed Reference |
Circular Reference |
All of the above |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 13. In …………… fraud scheme, Procurement official acts above or below normal scope of duties in awarding or administering contract. |
Bribes and Kickbacks |
Manipulation of Bids |
Split Purchases |
Unnecessary Purchases |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 14. Suppose you suspect there is a Ghost Employee scheme taking place in your organisation and you want to compare the payroll records to the employee master file. Which data analysis technique would you use to match these two data records? |
Compliance verification |
Correlation analysis |
Join function |
Gap Testing |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 15. All of the followings are hashing algorithms except …………………. |
SHA |
MFT |
HAVAL |
MD2 |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 16. Common fraud schemes involving ATMs include all of the following Except: |
Counterfeit ATM cards |
Employee manipulation |
Unauthorised access to PINs and account codes |
Credit data blocking |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 17. In …………………………. Scheme, the company that initially conned a consumer contacts that consumer and offers to help retrieve the lost money. However, the investigation requires an upfront fee and the consumer is swindled again. |
Retrieval |
Double Hustle |
Advance Fee |
Scavenger |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 18. ……………….. can act as a "National Focal Point" for gathering information on threats and facilitating the Central Government's response to computer based incidents. |
Intelligence Bureau |
CBI |
CERT-IN |
Cyber Cell |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 19. ……………….. is a method of using software to extract usable information from unstructured data. |
Linguistic Analytics |
The Fog Index |
Textual Analytics |
Benford's Law |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 20. Amar, a Fraud Investigator, is investigating Vijay, who is active on an online social networking site in which he voluntarily shares information about himself. Amar wants to search and extract information from Vijay's social network profile. Which of the following is the most accurate statement about the privacy of information Vijay shared through his social network profile? |
To search for information that Vijay posted and made available to the public through his social network profile, Amar must provide Vijay notice before hand. |
To access any information posted on Vijay's social network profile, Amar must obtain some type of legal order from the jurisdiction in which Vijay resides. |
The Privacy of Social Networks Treaty is an international law that makes it illegal for Amar to seek the login credentials from Vijay's social networking account. |
Amar could be liable for violating Vijay's privacy rights if he hacks or breaks into areas of the social networking site Vijay has designated as private |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 21. Which of the following is typically the most effective way to document chain of custody for a piece of evidence? |
An affidavit signed by the forensic auditor swearing to the evidence's contents |
Photographs of the evidence that clearly show what the evidence is and where it was originally found |
A memorandum with the custodian of the evidence when the evidence is received |
A video recording of the forensic auditor explaining the process used to collect the evidence. |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 22. ……………… is the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. |
Steganography |
Computer Forensics |
Both ( a & b ) |
None of the above |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 23. Because Digital evidence is different from tangible evidence, the rules regarding its admissibility in court are very different from the rules governing the admissibility of tangible evidence. |
1 |
|
|
|
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 24. Building a business case can involve which of the following? |
Procedures for gathering evidence |
Testing software |
Protecting trade secrets |
All of the above |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 25. A fraud scheme in which an accountant fails to write down obsolete inventory to its current fair market value has what effect on the company's current ratio? |
The current ratio will be artificially inflated. |
The current ratio will be artificially deflated. |
It is impossible to determine. |
The current ratio will not be affected. |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 26. Which of the following is a legal element that must be shown to prove a claim for fraudulent misrepresentation of material facts? |
The defendant acted negligently. |
The victim failed to exercise due care in relying on the representation. |
The defendant had a duty to disclose the information. |
The defendant made a false statement. |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 27. Mr. Ram has been retained by an attorney to testily as an expert witness at Mr. Mallya's trial. Coincidentally. Mr. Ram also met Mr. Mallya while attending a university many years earlier. The attorney is compensating Mr. Ram for his services. Which of the following statements concerning conflicts of interest is MOST ACCURATE? |
Mr. Ram should not serve as an expert witness because he is being compensated, which is a conflict of interest. |
Mr. Ram should not serve as an expert witness because he knew Mr. Mallya from attending the university, which is a conflict of interest |
Mr. Ram can serve as an expert witness because there are not conflicts of interest in this case. |
Mr. Ram can only serve as an expert witness if he is able to objectively evaluate and present the case issues. |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 28. Following are Red Flag Indicators of Phantom Vendors, except – |
Invoiced goods or services cannot be located or verified |
No employee Identification Number (EIN) provided |
Invoice has an unusual or unprofessional appearance |
Bid prices drop when a new bidder enters the competition |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 29. What is the most critical aspect of computer evidence? |
Validation of digital evidence |
Security of digital evidence |
Collection of digital evidence |
List of digital evidence |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 30. Keeping track of the amount of paper generated is one of the biggest challenges in forensic audit. Which of the following is generally NOT a recommended practice when organizing evidence? |
Make a key document file |
Segregate documents by witness |
Establish a database early on |
File all papers chronologically |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 31. Which of the following statements about how Forensic Auditors should approach fraud examinations is CORRECT? |
In most examinations, Forensic Auditors should start interviewing the suspect and then work outward. |
if an individual appears to be involved in the fraud scheme, he should be interviewed first. |
Fraud examinations should begin with general information that is known, starting at the periphery, and then move to the more specific details. |
All of the above. |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 32. Mr. Ram, Forensic Auditor, determines that a document that purports to be the original writing of a famous author created fifty years ago, is actually made from paper created no more than 2 years ago. Which of the following best describes the document? |
An Auto forgery |
An Anachronism |
An Indented Writing |
None of the above |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 33. In asymmetric key cryptography, the private key is kept by ………………… |
Sender |
Receiver |
Sender and Receiver both |
All the connected devices to the network |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 34. When gathering information for a fraud investigation, virtually all helpful documentary evidence will come from internal sources. |
1 |
|
|
|
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 35. Which of the followings is an example of simple substitution algorithm? |
Rivest, Shamir, Adleman (RSA) |
Data Encryption Standard (DES) |
Blowfish |
Caesar cipher |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 36. Mr. Ram, Forensic Auditor, is conducting an admission seeking interview. Which of the following strategies should Mr. Ram follow in his attempt to obtain a confession? |
Imply that time is of the essence to pressure the subject into confessing. |
Conduct the interview in a firm, yet compassionate manner. |
Minimise sympathy and maximise the perception of wrongdoing. |
Avoid potential liability by making the accusation in the presence of outsiders. |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 37. Mr. Shyam is on the boards of two companies that compete in the highway construction industry. Paul does not disclose this conflict, and he does not step down from the board of either company. If Mr. Shyam's acts are discovered and he is sued for violating his fiduciary duties, under what theory is the suit most likely to be filed? |
Violating the duty of fair competition |
Violating the duty to disclose |
Violating the duty of loyalty |
Violating the duty of care |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 38. Which of the following is an information security goal that an e-commerce system should strive to provide its users and asset holders? |
Non repudiation |
Exactness |
Access authority |
System reliability |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 39. What effect would improperly recording an expenditure as a capitalised asset rather than as an expense have on the financial statement? |
Expenses would be overstated, giving the appearance of poor financial performance. |
Net income would be falsely understated, lowering the company's tax liability. |
Assets would be falsely overstated, giving the appearance of a stronger company. |
None of the above |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 40. Sending offensive messages through communication service, causing annoyance etc. through an electronic communication or sending an email to mislead or deceive the recipient about the origin of such messages (commonly known as IP or email spoofing) are all covered under .............................. of the Information Technology Act. |
Section 66A |
Section 66D |
Section 66E |
Section 66F |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 41. As per DOT, using spoofed call service is illegal as per the ……………………… |
Indian Telegraph Act, Sec 25(c). |
Indian Penal Code Act, Sec 25(c). |
Indian IT Act, Sec 25(c). |
Indian Telecommunication Act, Sec 25(c). |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 42. From a legal perspective, which rule must be addressed when investigating a computer crime? |
Search and seizure |
Data protection |
Engagement |
Evidence |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 43. When a forensic investigator is seizing a running computer for examination, he can retrieve data from the computer directly via its normal interface if the evidence needed exists only in the form of volatile data. |
1 |
|
|
|
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 44. In Interview situations, ………………… is defined as a "relation marked by harmony, conformity, accord or affinity." |
Norming |
Rapport |
Active Listening |
Calibration |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 45. Which of the following is a recommended method for organising and presenting information in a fraud examination report? |
By the order in which the information was discovered |
By party |
Chronologically |
All of the above |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 46. What is the advantage of using a tape backup system for forensic acquisitions of large data sets? |
Tape backup system is more secure |
Magnetic Tapes are condensation resistance |
Magnetic Tapes are useful for long-term storage of data at infinite scale |
Writing large data to Magnetic Tapes is faster as compared to other media |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 47. During the introductory phase of the interview, the interviewer should avoid terms such as: |
Investigation |
Review |
Inquiry |
All of the above |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 48. In IDEA, Query can be written in ……………………. |
Formula Editor |
Query Editor |
Equation Editor |
None of the above |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 49. …………………….. refers to any statistical process used to analyse data and draw conclusions from the findings. |
Data Analysis |
Data Mining |
Big Data |
None of the above |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 50. Which of the following is not a component of “chain of evidence”? |
Location evidence obtained. |
Time evidence obtained. |
Who discovered the evidence. |
Identification of person who left the evidence |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 51. In interviews, ……………………… communication involves the use of volume, pitch, voice quality to convey meaning. |
Kinetic |
Chronemic |
Paralinguistic |
Proxemic |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 52. Which of the following best describes Social Engineering? |
A method for gaining unauthorised access to a computer system in which an attacker bypasses a system’s security through the use of an undocumented operating system and network functions. |
A method for gaining unauthorised access to a computer system in which an attacker hides near the target to obtain sensitive information that he can use to facilitate his intended scheme. |
A method for gaining unauthorised access to a computer system in which an attacker deceives victims into disclosing information or convinces them to commit acts that facilitate the attacker’s intended scheme. |
A method for gaining unauthorised access to a computer system in which an attacker searches through large quantities of available data to find sensitive information that he can use to facilitate his intended scheme. |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 53. Which of the following is true for the Statistical sampling of data? |
The auditor should not be restricted to explicit numbers as to materiality or risk. |
The auditor needs to employ professional subjective judgment. |
Allows the auditor to maintain professional judgment in regard to audit risks and materiality. |
There is a unique issue where there is a need for a less rigid standardized approach. |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 54. In MS-Excel, a function inside another function is called …………………… |
Complex function |
Multiple function |
Nested function |
Mixed function |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 55. What does MFT stand for? |
Master Folder Table |
Master Format Table |
Master File Table |
Master FAT Table |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 56. A utility designed to create a binary or hexadecimal number that represents the uniqueness of a data set, such as a file or entire disk is called ……………………. |
Brute-Force Scripting |
Bit locker |
Hashing Algorithm |
Binary Sniffing |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 57. For employee expense reimbursement request, electronic receipts are preferred to paper receipts because they are more difficult to alter or forge. |
1 |
|
|
|
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 58. When a caller ID display a phone number different from that of the telephone from which the call was placed is called ……………………… |
Cellular Fraud |
Caller ID Phishing |
Caller ID Spoofing |
Unethical Hacking |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 59. While examining a document, a fraud examiner notices some very faint indented writings that might aid the examination if revealed. Which of the following would be the forensic auditor's best course of action in analysing these indented writings? |
Performing the pencil shading method |
performing the pencil scratching method |
Applying a few drops of liquid and observing the liquid's flow in the indentations |
Employing an expert to use an electrostatic detection apparatus |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 60. During an interview, Mr. Shyam, an employee at ABC Ltd, confesses to Mr. Ram, Forensic Auditor, that he has been embezzling money from the company. Which of the following pieces of information does Mr. Ram NOT have to obtain from Mr. Shyam? |
Information about involvement of other employees |
A statement from Mr. Shyam that his conduct was an accident |
An estimate of the amount of money Mr. Shyam embezzled. |
The approximate date Mr. Shyam started embezzling the money. |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 61. ………………… was designed to protect against accidental errors, such as a digit mistyping. |
Relative Size Factor |
Luhn algorithm |
Benford's Law |
None of the above |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 62. In MS-Excel, while splitting Text String in a column with Text to Columns, the data in original column can be retained. |
1 |
|
|
|
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 63. What is the health care industry concerned about the potential effect of the Electronic Data Interchange (EDI) on fraudulent activity? |
Only a few types of health care transactions can be process by EDI. |
The tools required to detect EDI fraud are difficult to use. |
The efficiency of EDI allows for more vendors and thus more claims to process. |
All of the above. |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 64. Which of the following statement is True regarding a fictitious refund scheme? |
The victim company's inventory is understated. |
The amount of cash in the register balances with the register log. |
Inventory is returned to the store. |
All of the above. |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 65. Where is the data for roaming phones stored? |
HLR (Home Location Register) |
GSM (Global System for Mobile communications) |
BTS (Base Transceiver Station) |
VLR ( Visitor Location Register) |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 66. Which of the following is a method that investigators can use to detect steganography? |
Analysing files on a computer system for structural oddities that suggest manipulation. |
Determining whether the statistical properties of files deviate from the expected norm. |
Looking for visual anomalies in jpeg, bmp and other image files. |
All of the above. |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 67. When searching regulatory securities records for information on a publicly traded company, which of the following information is least likely to be found? |
Major events that are of interest to investors |
Identity of the company's officers and directors |
Identity of major owners of the company |
The complete books and records of the company |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 68. Forensic Auditor visited a project site and discovered a road of sub-standard quality. The road was built 50 percent narrower than specifications and lacked road surfacing. Nevertheless, the contract was paid in full. It is …………………………. Type of Fraud. |
Product substitution |
Substandard work |
Deviation from specifications |
Failure to deliver |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 69. Offences related to infringements of copy rights are extraditable offences. |
1 |
|
|
|
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 70. Mr. Ram, Forensic Auditor, conducted an interview of Shyam, the controller of the ABC Ltd. Mr. Ram asked the following question: "Since you were here when the controls were developed, can you tell me how they came about?" This kind of question is called ........................... |
Complex Question |
Controlled Answer Technique |
Double Negative Question |
Open Question |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 71. Which of the following is NOT a type of physical access control device that can be used to control access to physical objects? |
Biometric systems |
Profiling software |
Electronic access cards |
Locks and keys |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 72. What part of a cloud implementation provides the virtual servers with access to resources? |
Hypervisor |
Resource monitor |
Resource auditor |
Virtual Manager |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 73. A Forensic Auditor is deciding whether to conduct a traditional or a covert examination for a suspected fraud. Which of the following factors would be most favourable to conducting a covert examination? |
There are sufficient details at the present time to apprehend the suspect. |
The Forensic Auditor would like to determine who is responsible for known losses occurring in a certain area. |
The Forensic Auditor finds it important to collect information in a direct manner from people possessing it. |
The Forensic Auditor has several avenues through which he can obtain the necessary information. |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 74. Before powering off a computer system, a computer crime investigator should record contents of the monitor and ……………... |
save the contents of the spooler queue. |
backup the hard drive. |
dump the memory contents to a disk. |
collect the owner’s boot up disks. |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 75. Which of the two key functions is included in IDEA to identify exceptions, irregularities, anomalies and errors? |
Error Detection & Duplicate Detection |
Anomalies Detection & Exception Detection |
Anomalies Detection & Duplicate Detection |
Gap Detection & Duplicate Detection |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 76. Which of the following types of transactions is most likely to use a Person-to�person (P2P) payment system? |
A person paying for movie tickets at an automated kiosk. |
A person buying groceries at the supermarket. |
A company using a bank's online payment system to make a loan payment. |
A person buying a book on an online auction site. |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 77. Which of the following statement best describes the function of metasearch engines such as Sputtr, Dogpile and Mamma? |
Metasearch engines contain links to websites that are sorted into categories |
Metasearch engines send user requests to several search engines and aggregate the results for display |
Metasearch engines narrow searches to only those search engines that achieve the best results |
None of the above |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 78. Which of the following facts would best support the defence of a law enforcement officer against an allegation of entrapment? |
The officer acted without malice |
The officer acted based on a tip from a reliable source |
The officer acted based on his suspicion of fraud |
All of the above |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 79. Which of the following evidence collection method is most likely accepted in a court case? |
Provide a full system backup inventory. |
Create a file -level archive of all files. |
Provide a mirror image of the hard drive. |
Copy all files accessed at the time of the incident. |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 80. What is the punishment for hacking of computers? |
Three year imprisonment or 10 lakh rupees penalty or both |
Life Imprisonment |
Three year imprisonment or 5 lakh rupees penalty or both |
Three year imprisonment or 2 lakh rupees penalty or both |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 81. Which of the following refers to investments that are designed to yield a tax benefit to the investor? |
Tax shelters |
Tax havens |
Secrecy jurisdictions |
Money laundering havens |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 82. Which of the following is a limitation of Benford’s Law? |
Benford's Law can only be applied to data sets listed in currency amounts. |
Benford's Law cannot be applied to data sets with non-natural numbers. |
Benford's Law only works on data sets with assigned numbers. |
Benford's Law applies best to data sets with three digit numbers. |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 83. Mr. Ram, Forensic Auditor, is undertaking a data analysis engagement to identify potential fraud at ABC Ltd. Which of the following lists the most appropriate order in which he should conduct the steps involved in the data analysis process?
I. Cleanse and normalise the data
II. Build a profile of potential frauds
III. Analyse the data
IV. Obtain the data
V. Monitor the data |
IV, I, III, V, II |
II, IV, III, I, V |
II, IV, I, III, V |
IV, II, I, V, III |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 84. A Forensic Auditor discovers that Mr. Shyam, a fraud suspect, has made dozens of cash deposits over the last few months into a bank account. None of the deposits have been Rs. 50,000 or more, and none of them have been below Rs. 45,000, either. The currency reporting threshold for cash deposits at financial institutions in the jurisdiction is Rs. 50.000. Based on this information, which of the following schemes is Mr. Shyam most likely committing? |
Cash Transactions Fraud |
Suspicious Transaction Fraud |
Smurfing |
Channel Stuffing |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 85. Pharming differs from Phishing in that in a pharming scheme: |
The attacker delivers the solicitation via telephones using Voice over Internet Protocol instead of email. |
The attacker delivers the solicitation message via SMS instead of email. |
The attacker does not have to rely on having the user click on a link in an email to direct him to malicious website that is imitating a legitimate website. |
The attacker has to rely on having the user click on a link in an email to direct him to the malicious website that is imitating a legitimate website. |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 86. A virus that changes as it spreads is called what? |
Multipartite |
Armored |
Changeling |
Polymorphic |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 87. Which of the following functions does a Benford's Law analysis help to achieve? |
Measuring the relationship between items on financial statements by expressing accounts as percentages. |
Extracting usable information from unstructured text data. |
Identifying duplicate payments |
Identifying fictitious numbers. |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 88. …………………………... is a powerful test for detecting errors. |
Relative Size Factor |
Luhn algorithm |
Benford's Law |
None of the above |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 89. The encoding step of a ………………… system identifies redundant bits and then replaces a subset of them with data from a secret message. |
Phishing |
Steganographic |
SQL Injection |
Key Logging |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 90. Which of the following methods might be used to conceal a sham loan transaction in which the loan officer receives part of the proceeds (kickback)? |
Letting the loan go into arrears |
Charging off the loan as a bad loan |
Digging the loan on the books |
Turning the loan over to a collection agency |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 91. Following are part of Planning Phase in Data Analysis Process, except: |
Understand the data |
Build a profile of potential frauds |
Obtain the data |
Determine whether predication exists |
C |
|
StartsAtMid |
|
|
StartsAtMid |
| 92. Which of the following is an example of the Array Formula in MS-Excel? |
=IF(A2:D4=3,MAX(A5:A10)) |
=IF(A2>=3,MAX(A5:A10)) |
=IF(A2<=3,MAX(A5:A10)) |
None of the above |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 93. Which of the following is TRUE concerning the volatility of digital evidence? |
Even the integrity of digital evidence has been violated through alteration or destruction, it can be restored easily. |
The failure to preserve the integrity of digital evidence could result in evidence being deemed inadmissible in a legal proceeding |
Digital evidence is less volatile than tangible evidence because data cannot be altered or destroyed easily than tangible information |
None of the above |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 94. Which of the following situation is often present in real estate fraud schemes? |
A false appraisal report |
No expert assistance at closing |
The services of an arm’s length representative |
All of the above |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 95. Which of the following is one of the objectives on which the international Organization of Securities Commissions (IOSCO) Objectives and Principles of Securities Regulation are based? |
Enhancing the financial system's growth |
Ensuring that markets are fair, efficient, and transparent |
Harmonizing securities laws and standards across the globe |
Eliminating market risk |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 96. In MS-Excel, which of the following function would you use to compare two text strings in a database? |
EXACT |
MATCH |
VLOOKUP |
All of the above |
A |
|
StartsAtMid |
|
|
StartsAtMid |
| 97. Which of the following attack targets an application's backend database? |
Phishing |
Evading detection |
URI Hacking |
SQL Injection |
D |
|
StartsAtMid |
|
|
StartsAtMid |
| 98. Suppose that a forensic auditor is going to testify at trial about an examination report for a complex case, and the report contains summaries of the key documents that were created by someone other than the forensic auditor. Which of the following best describes what the forensic auditor should know about the documents underlying the summaries? |
The forensic auditor must have read and analysed every document in the case. |
The forensic auditor should conduct a complete review of the documents underlying the summaries. |
The forensic auditor does not need to review the documents underlying the summaries. |
The forensic auditor only needs to review some of the documents underlying the summaries for quality assurance. |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 99. In MS-Excel, you can group non-contiguous worksheets with ……………………… |
Group button on the standard toolbar |
Ctrl key and the mouse |
Shift key and the mouse |
None of the above |
B |
|
StartsAtMid |
|
|
StartsAtMid |
| 100. Which of the following is a type of information that can be obtained from the deep web? |
An old version of a web page that has since been updated. |
Websites without any links pointing to them. |
An archived version of a web page that is no longer online. |
Web content indexed by standard search engines |
B |
|
StartsAtMid |
|
|
StartsAtMid |