Exam 3 - £1.13 ates was.“ AIS EXAM #3 T/F 1....

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background image of page 2
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background image of page 4
Background image of page 5
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: £1.13 ates was.“ AIS EXAM #3 T/F 1. Unintentional acts pose greater risk of loss to information systems than do intentional acts. TRUE 2. Lapping involves a manipulation of accounts payable. FALSE 3. Inadequate supervision provides an "opportunity" for fraud. TRUE 4. Pretexting is a technique employed in Social Engineering schemes. TRUE 5. A rootkit captures data from packets that travel across networks. FALSE 6. Bluesnarfing is the act of stealing contact lists, images, and other data using Bluetooth. TRUE 7. Distributed computer networks are harder to control than centralized mainframe systems. TRUE 8. The exposure of a threat is defined as the probability that a threat will occur. FALSE 9. A primary objective of internal controls is to safeguard assets. TRUE 10. Segregation of functions is a detective control. FALSE MULTIPLE CHOICE 1. Which of the following is the greatest risk to information systems and causes the greatest dollar losses? A) human errors and omissions B) physical threats such as natural disasters C) dishonest employees D) fraud and embezzlement Answer: A 2. Which of the following is not an example of the fraud triangle characteristic concerned with easing a fraudster's conscience? A) Revenge against the company B) Sense of entitlement as compensation for receiving a lower than average raise C) Intent to repay "borrowed" funds in the future D) Belief that the company won't suffer because an insurance company will reimburse losses Answer: A 3. Most fraud perpetrators are insiders because A) insiders are more dishonest than outsiders. B) insiders know more about the system and its weaknesses than outsiders. C) outsiders are more likely to get caught than insiders. D) insiders have more need for money than outsiders. Answer: B 4. "Cooking the books" is typically accomplished by all the following except A) inflating accounts payable. B) accelerating recognition of revenue. C) delaying recording of expenses. D) overstating inventory. Answer: A 5. Intentional or reckless conduct that results in materially misleading financial statements is called A) financial fraud. B) misstatement fraud. C) fraudulent financial reporting. D) audit failure fraud. Answer: C 6. In a scheme, customer receipts are stolen and then subsequent payments by other customers are misapplied to cover the theft of the original receipts. A) kiting B) laundering C) bogus expense D) lapping Answer: D 7. One fraudulent scheme covers up a theft by creating cash through the transfer of money between banks. This is known as A) lapping. B) misappropriation of assets. C) kiting. D) concealment. Answer: C 8. Why do many fraud cases go unreported and unprosecuted? A) Major fraud is a public relations nightmare. B) Fraud is difficult, costly, and time—consuming to investigate and prosecute. C) Law enforcement and the courts are often so busy with Violent crimes that little time is left for fraud cases. D) all of the above Answer: D 9. Which of the following is not an example of one of the basic types of fraud? A) While straightening the store at the end of the day, a shoe store employee finds and keeps an expensive pair of sunglasses left by a customer. 10. Which of the following is a financial pressure that could cause an employee to commit fraud? D) having a spouse injured in a car accident and in the hospital for several weeks 11. Gaining control of someone else's computer to carry out illicit activities without the owner's knowledge is known as A) hacking. B) hijacking. C) phreaking. D) sniffings. Answer: B 12. The unauthorized access to, and use of, computer systems is known as A) hacking. B) hijacking. C) phreaking. D) sniffing. Answer: A 13. A fraud technique that slices off tiny amounts from many projects is called the technique. A) Trojan horse B) round down C) salami D) trap door Answer: C 14. Computers that are part of a botnet and are controlled by a bot herder are referred to as A) posers. B) zombies. C) botsquats. D) evil twins. Answer: B 15. Which of the following is not an example of social engineering? D) Setting up a computer in a way that allows the user to use a neighbors unsecured wireless network 16. The call to tech support was fairly routine. A first-time computer user had purchased a brand new PC two months ago and it was now operating much more slowly and sluggishly than it had at first. Had he been accessing the Internet? Yes. Had he installed any "free" software? Yes. The problem is likely to be a(an) A) virus. 17. Chiller451 was chatting online with 3L3tCowboy. "I can't believe how lame some people are! :) I can get into any system by checking out the company web site to see how user names are defined and who is on the employee directory. Then, all it takes is brute force to find the password." Chiller451 is a and the fraud he is describing is A) hacker; password cracking 18. Which of the following would be least effective to reduce exposure to a computer virus? A) Only transfer files between employees with USB flash drives. 19. When a computer criminal gains access to a system by searching records or the trash of the target company, this is referred to as B) dumpster diving. 20. Developers of computer systems often include a user name and password that is hidden in the system, just in case they need to get into the system and correct problems in the future. This is referred to as a D) back door. 21. What is one reason why AIS threats are increasing? B) Many companies do not realize that data security is crucial to their survival. 22. Which of the following is not one of the risk responses identified in the C080 Enterprise Risk Management Framework? A) Monitoring 23. Which of the following is an example of a preventive control? A) approving customer credit prior to approving a sales order 24. One of the objectives of the segregation of duties is to A) make sure that different people handle different parts of the same transaction. 25. According to The Sarbanes—Oxley Act of 2002, the audit committee of the board of directors is directly responsible for A) hiring and firing the external auditors. 26. Accountants must try to protect the AIS from threats. Which of the following would be a measure that should be taken? D) All of the above are proper measures for the accountant to take. 27. Congress passed this federal law for the purpose of preventing financial statement fraud, to make financial reports more transparent and to strengthen the internal control of public companies B) The Sarbanes-Oxley Act of 2002 28. Which of the following is not one of the important aspects of the Sarbanes-Oxley Act? A) New rules for information systems development 29. The COSO Enterprise Risk Management Framework includes eight components. Which of the following is not one of them? A) compliance with federal, state, or local laws 30. The definition of the lines of authority and responsibility and the overall framework for planning, directing, and controlling is laid out by the C) organizational structure ESSA Y 1. Describe two kinds of fraud. Answer: Misappropriation of assets, or theft, by a person or group for personal financial gain is usually committed by employees. Fraudulent financial reporting is intentional or reckless conduct that results in materially misleading financial statements. 2. Describe a DOS attack? Answer: A denial-of-service attack occurs when a particular website is overloaded with illegitimate requests so that legitimate requests from users and customers are crowded out. Essentially the website is shut down. The illegitimate requests originate from a network of hijacked computers called a botnet that is controlled by a bot herder. The bot herder take control of the hijacked computers by installing software that responds to the bot herder's command. The bot software is delivered in a number of ways including Trojans, emails, instant messages, Tweets, infected websites. 3. One aspect of the Sarbanes Oxley act of 2002 was to strengthen the internal control of a public company. List and describe the four levels of control to help management reconcile the conflict between creativity and controls. 3 ...
View Full Document

This note was uploaded on 01/08/2012 for the course ACCT 3603 taught by Professor Staff during the Fall '08 term at Oklahoma State.

Page1 / 5

Exam 3 - £1.13 ates was.“ AIS EXAM #3 T/F 1....

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online