Answer ALL questions. Time allowed: 3 Hours.
1. Which of the following is NOT a red flag for procurement need recognition scheme?
A. Procuring entity write off large quantities of inventory items as scrap
B. Procuring entity does not have an adequate back up list of suppliers
C. Procuring entity orders material at optimal reorder level
D. Procuring entity usually has high requirements for inventory
2. Risk assessment plays a critical role in protecting digital assets. Which of the following BEST describe the assessment process?
A. Identifying both physical and digital assets
B. Value the assets
C. Identifying risks and threats, and calculating loss per risk
D. All the above
3. Procurement fraud is a big concern globally, and is currently one of the major, very costly and common type of fraud. One of the contract and procurement fraud involves collusion among vendors and contractors. Which of the following is a red flag for bid
rigging during contract solicitation phase?
A. Winning contractors subcontract losing bidders
B. Some bids do not meet basic solicitation documentation requirements
C. Qualified contractors fail to bid
D. All the above
4. Business email compromise is a type of a social engineering scheme which is a new form of spearphishing. Which of the following is TRUE about Business email compromise?
A. Attackers target company/organization’s executives
B. Attackers target individuals who can authorize large amounts of payments
C. Employees who receive emails requesting for payments should first verify the person requesting for payment by calling the persons’ known telephone number
D. All the above
5. Which of the following statements about asset misappropriation is TRUE?
A. Cash larceny/theft schemes are generally more difficult to detect than skimming scheme B. Cash misappropriation is the most difficult type of cash receipt scheme to detect.
C. Skimming schemes are generally more difficult to detect than cash theft/ larceny
D. Both cash larceny and skimming are equally difficult to detect
6. Which of the following statements is TRUE regarding a fictitious cash refund scheme?
A. Inventory is returned to the store
B. Physical inventory is understated
C. The amount of cash in the register balances with the register log
D. All of the above
7. ABC Hospital is a big government organization with several receipting points. The cashiers have formed a corrupt behavior of colluding with the patients. The cashiers have devised a scheme, where they collect half the amount the patient is supposed to
pay, and use the banking slip of another patient to receipt the services of the next patient. Which one of the following BEST, describes this kind of fraudulent activity?
A. Fraudulent cash disbursement scheme
B. Teeming and lading/ lapping scheme
C. Skimming scheme
D. Cash theft scheme
8. Which of the following situations is an example of Diagnostic related grouping(DRG)creep?
A. The hospital has unethical behavior of intentionally coding and documenting minor procedures as major operation
B. The hospitals send duplicate bills to a healthcare program for the same treatment
C. A medical provider sells patients information to third parties who use them to make false medical claim
D. A medical provider creates false diagnosis for patients and bills for services that has not been rendered
9. There are several financial statement fraud schemes that are perpetrated by management and directors to conceal expenses and liabilities in the financial statements. Which of the following is NOT one of those schemes?
A. Failure to disclose warranty costs and product- return liabilities
B. Capitalizing expenses
C. Recording expenses that have not been incurred
D. All the above
10. In order for a ghost employee fraud scheme to occur the payroll accountant must enter a fictitious employee on the payroll
A. True B. False
11. When an auditor or a forensic auditor/investigator is performing an inventory fraud detection assignment in response to allegations of theft of inventory, which of the following concealment methods should the investigator be aware of to enable him/her
to know where to look for fraud
A. Alteration of the perpetual inventory
B. Physical padding
C. Collusion between warehouse personnel and persons conducting the physical count to inflate the inventory physical figures
D. All the above
12. When reporting the financial performance and position of an organization, there are various methods that the fraudster can use to misrepresent the financial statement to make the organization appear financially strong while it is not. Recording fictitious
revenue is one of those schemes. Which of the following statements is NOT true in regard to a fictitious revenue scheme?
A. The organization’s net profit will be overstated
B. The current ratio will be fraudulently inflated
C. Accounts receivable will be overstated
D. Accounts payables will be overstated
13. When a spy hacks into a target computer and monitors an employee’s communications, which of the following BEST illustrates the use of technical surveillance for purposes of theft of intellectual property?
A. A spy creates a deceptive website and tricks employees into entering confidential information
B. A spy uses a phony employee badge to enter an office and take a sensitive document
C. A spy impersonates a help desk representative to obtain an employee’s network password
D. None of the above
14. Which of the following is a common reason why management might commit financial statement fraud?
A. To make the organization appear like is performing well.
B. To obtain favorable financing terms
C. To attract investment
D. All the above
15. Janet receives a voicemail message saying that her credit card might have been used fraudulently. She is asked to call a phone number that, when she calls the number, she can hear a list of voices that closely resembles those used by her credit card
company. The phone number even appears to be similar to that of her card issuer. Janet is a victim of a social engineering scheme. Which of the following BEST describes this social engineering scheme?
A. Spear phishing
B. SMiShing
C. Vishing
D. Pharming
16. A social engineering scheme in which an internet user is fooled into entering sensitive data into a malicious website that impersonates a legitimate website is referred to as:
A. Phishing
B. Pharming
C. Spear phishing
D. SMiShing
17. Which of the following statement is TRUE in regard to methods used by Identity thieves to steal personal and business information?
A. Identity thieves use spyware, to collect the victim’s personal information
B. Identity thieves often engage in pretexting through impersonating the victim
C. Identity thieves change the victim’s mailing address or email address to an address that can be accessed by the identity thief
D. All the above
18. Separation of duties is critical within the information technology department and between information systems and business unit employees. Which one of the following is NOT a good separation of duties?
A. IT department personnel should not perform user department duties
B. End users should not have access to production data that is not within the scope of their duties
C. Programmers working as database administrators
D. Programmers should not be responsible for testing programs.
19. ATMs fraud is one the financial institution fraud schemes. Which of the following is an example of an ATM fraud scheme?
A. Counterfeit ATM cards
B. Unauthorized access to PINS and Account codes
C. Employee manipulation
D. All the above
20. Which of the following is TRUE in regard to Related party- transactions?
A. Undisclosed related party- transactions is a type of financial reporting fraud
B. Related party- transactions can create prime opportunity for fraudulent activities
C. Related party- transactions is a high fraud risk
D. All the above
21. In a computer environment, proactive detection of malicious activity should be serious business. Which of the following refers to the type of network security systems that are designed to supplement firewalls and other forms of network security by detecting malicious activities coming across the network or on a host?
A. Network access controls
B. Network address prevention systems
C. Intrusion detection systems
D. Intrusion admission systems
22. Credit card fraud is major type of financial institution fraud. Fraudster keep on devising new methods of credit card fraud. Which of the following is the most common and CURRENT credit card fraud?
A. Account takeovers
B. Card counterfeiting
C. Advance Payment
D. All the above
23. Company XYZ, a computer accessories vendor submits an inflated invoice to Ultimate Ltd. Martin is the accounts payable accountant at Ultimate Ltd, Martin, intentionally ensure that the inflated invoice is paid. The vendor in return reward Martin for his assistance and give Martin some money. Which of the following fraud scheme BEST describes Martin and the vendor’s scheme?
A. Bribery Scheme
B. Facilitation fees scheme
C. Kickback Scheme
D. Purchasing Scheme
24. Which of the following is NOT an advantage of using smart cards?
A. Smart cards cannot be easily replicated
B. Smart cards include a wide variety of hardware and software features capable of detecting and reacting to tampering attempts
C. Smart card detects intrusion and shuts itself down, rendering the card useless
D. Smart cards are not immune to physical, side-channel, and environmental attacks
25. Which of the following actions is NOT an example of an EFT transaction?
A. A customer withdraws funds from his own account using an ATM
B. A person using PayPal to pay for clothes at a department store
C. A customer purchases goods from a merchant who swipes his debit card through a point of sale device authorizing deduction from the customer’s account
D. A customer transfers funds from the customer bank account to a third party through his computer
26. Jack is an operations manager at LMN bank that has recently experienced an increase in the amount of fraud related to electronic funds transfers (EFT). Which of the following methods should Jack NOT implement to reduce his bank’s exposure to EFT fraud?
A. Ensure that the employees who have custody of information relating to accessing devices, verify and issue PIN numbers
B. Send a “welcome” letter to new customers to determine if the address submitted on the account application is valid
C. Employ multi-factor authentication to verify EBPP or P2P transfers
D. Always mail the PIN separately from the other information
27. Ronald, a petrol station attendant, takes a customer’s credit card to process a payment. While the customer is not attentive, Ronald swipes the card through a small device that he regularly uses to steal his customers’ credit card information. Which of the
following fraud scheme is Ronald perpetrating?
A. Scanning
B. Skimming
C. Factoring
D. Piggybacking
28. Material and labour are susceptible to mischarges in the performance and administration of a contract. Which of the following is a method that is used by contractors to inflate material cost in negotiated contract?
A. Buying materials at the negotiated prices
B. Disclosing discounts obtained through bulk buying
C. Failure to disclose discounts obtained
D. None of the above
29. Lisa works as a cashier at a local bank, where she is charged with receiving and processing customer’s checks. As a Certified Forensic Fraud Examiner, which of the following methods would you recommend to Lisa to ensure that she is able to detect
fraudulent checks?
A. Be diligent in examining checks drawn from non-local banks and require positive identification
B. Only accept checks with magnetic ink used for routing numbers appears reflective and shiny
C. Be aware of discolorations caused by alteration or erasure
D. Be aware of checks that are not legibly written and signed.
30. Which of the following is the BEST definition of software virus?
A. A type of software that, while not definitely malicious, has a suspicious or potentially unwanted aspect to it. B. A self-replicating computer program that penetrates operating systems to spread malicious code to other systems
C. A program that infects other programs by modifying them to include a version of itself
D. A type of program that monitors and logs the keys pressed on a system’s keyboard
31. Which of the following is NOT an information security goal that an e-commerce system should be designed to provide its users and asset holders?
A. Integrity and Confidentiality of data
B. Availability of data
C. Non-repudiation
D. Evaluation of data
32. Which of the following is CORRECT about dishonest contractors in relation to competitive bidding process?
A. Contractors submit competitive bids
B. Contractors submit token bids
C. Contractors submit invoices for worked that has not been performed
D. Contractors submit bids that are hard to understand
33. Defective pricing is one of the procurement fraud schemes perpetrated during the solicitation phase of the procurement process. Which of the following is a red flag of defective price fraud scheme?
A. The contractor delivers counterfeit goods
B. The contract uses valid costs schedules
C. The contractor’s cost estimates are inconsistence with the contract prices
D. The contractor submits a request for change orders
34. Which of the following is an accurate definition of spear phishing?
A. Obtaining sensitive data through the use of short message services
B. Stealing private, financial data through the use of voice mail
C. Obtaining information by targeting a corporate entity or a specific employee via an email
D. Using botnets to send massive amounts of phishing emails to a huge amount of internet users
35. Which of the following is NOT a type of physical access control device that can be used to control access to physical objects?
A. Logical access control
B. Biometric Systems
C. Lock and keys
D. Electronic access cards
36. In computer security controls, the use of passwords, firewalls, encryption, access control software and intrusion detection system are classified as
A. Administrative security
B. Technical Security
C. Physical Security
D. Software Security
37. In addition to establishing mechanisms to prevent unauthorized systems’ access, management must actively monitor and test their security systems to identify any control deficiencies. Which of the following techniques BEST describes an attempt to exploit the system security for purposes of identifying the systems’ vulnerabilities
A. Computer Security Audit
B. Penetration testing
C. Piggybacking
D. None of the above
38. Which of the following steps can businesses take to protect personal information and prevent identity theft?
A. Conduct thorough background checks of contractors and vendors before hiring them.
B. Perform regular audits of information-handling practices, network security, and other internal controls.
C. Create a data breach response plan.
D. All the above
39. Which of the following BEST describe a fraud scheme that involve using an individual’s stolen credit card or credit card number to purchase goods or services?
A. Identity theft Scheme
B. Account takeover scheme
C. Credit card fraud scheme
D. All the above
40. Which of the following is NOT a recommended practice that individuals should be aware of to protect themselves from identity theft?
A. Using a different password for every website, account, or device.
B. Reading emails from unknown senders and then delete them from the computer.
C. Avoid unsolicited offers for pre-approved credit cards or other lines of credit.
D. Avoid sending personal information, such as a password or government identification number, via email.
41. There several social engineering schemes, and phishing is one of those schemes. Which of the following BEST describes phishing?A. A method for gaining unauthorized access to a computer system in which an attacker searches through large quantities of available data to find sensitive information that he can use to perpetrate fraud
B. A method for gaining unauthorized access to a computer system in which an attacker bypasses a system’s security through the use of an undocumented operating system and network functions
C. A method for gaining unauthorized access to a computer in which an attacker hides near the target to obtain sensitive information that he can use to facilitate his intended scheme
D. A method for gaining unauthorized access to a computer system in which an attacker fools a target into providing sensitive data by claiming to be from an actual business, bank, ISP or other entity with which the target do business with
42. ABC company is a supplier for printers in Kenya. Management of ABC company suspects that their procurement and stores personnel are embezzling inventory. Which of the following analysis ratios could be used to detect theft of inventory?
A. Inventory turnover ratio
B. Low inventory turnover ratio
C. High turnover ratio
D. None of the above
43. James a cashier at Busan limited takes a check and affix the signature of one of the account signatories. Which of the following BEST describe this scheme?
A. Check tampering scheme
B. Forged maker scheme
C. Forged endorsement scheme
D. Authorized maker scheme
44. Recognizing a long term project revenue before the job is completed and delivered to the contracting entity, is a type of financial statement fraud. This type of scheme can BEST be classified as which of the following financial fraud scheme?
A. A fictitious revenue scheme
B. Improper revenue valuation
C. Timing differences
D. Overstated revenue
45. Some methods of gathering evidence are legal and others are illegal, which of the following is illegal?
A. Surveillance
B. Espionage
C. Competitive intelligence
D. Scavenging
46. Which of the following is a red flag of the existence of a need recognition scheme?
A. The procuring entity does not have a sufficient back-up list of suppliers
B. The procuring entity write off large amount of items as scrap
C. The procuring entity order materials above the optimal reorder level
D. All the above
47. Which of the following is one the favourite targets of intelligence gatherers?
A. Research and Development,
B. Marketing,
C. Human resources
D. All the above
48. A person who is deliberately placed in an organization with the intention of spying on the company’s activities and extracting information to pass to the party that has retained him/her is called a:
A. Mole
B. Sleeper
C. Browser
D. Zealot
49. Alice, a human resource manager at micro-labs Ltd wishes to hire Mike as a supervisor on a one-year contract. To protect the company’s proprietary information. Which of the following prevention measures is NOT considered as best practice?
A. Ensure that Mike sign the non-disclosure and a non-competition agreement at the beginning and at the end of the employment, during the exit interview
B. Ensure Mike sign a non-disclosure and non-competition at the end of his employment
C. Inform Mike clearly on what is considered confidential information upon hiring, signing of the non –disclosure agreement and during exit
D. At the exit interview ensure that Mike sign a statement acknowledging that he understands the terms and conditions of the non-competition and non-disclosure agreements
50. In relation to real estate fraud, which of the following is NOT a red flag of a fraudulent appraisal
A. The appraisal fee is high
B. The appraiser used invalid comparable to value the property
C. Market data does not support the price and absorption figures used to arrive at the value
D. The appraiser is on an approved list
51. Which of the following is NOT a red flag of insider computer fraud?
A. Employees have access privileges that are beyond those required to perform assigned jobs
B. Production programs are run at unusual hours C. Lack of separation of duties at the data center
D. Exception reports are reviewed and resolved
52. Which of the following procurement fraud scheme occurs at the pre-solicitation stage of the procurement process?
A. Defective Pricing schemes
B. Bid tailoring scheme
C. Non- conforming goods and services
D. Bid manipulation scheme
53. Which of the following is one the real estate loan fraud scheme?
A. Fraudulent appraisal
B. Mortgage-backed security fraud.
C. Equity skimming
D. All of the above
54. Gloria obtained a loan from Bank A, agreeing to give the bank a security interest in his commercial property. Before Bank A’s lien was filed, Gloria managed to get another loan from Bank B using the same commercial property as collateral. Which of the following schemes did Gloria perpetrate?
A. Double-pledging collateral
B. Embezzlement
C. Theft of security
D. All the above
55. High percentages of returns, missing compliance certificates, and evidence of falsified inspection test results, are red flags of which of the following procurement fraud schemes?
A. Two or more competing contractors agree to refrain from bidding.
B. A contractor delivers goods or services that do not conform to the contract specifications
C. A contractor charging the procuring entity for labour cost that are not allowable.
D. A procuring entity’s employee manipulating the bidding process to benefit a favored contractor
56. At the end of each financial year, the accounts reflected on the income statement are reduced to a zero balance.
A. True
B. False
57. Shalie, an accounts payable supervisor for ABC Company, bought supplies for her personal company. Shalie entered the payment vouchers in the ABC Company’s accounts payable system for payment. Checks were drawn and paid for the unauthorized expenses. Then the goods were shipped to Shalie personal company. What type of occupational fraud was Shalie involved in?
A. Fraudulent disbursement scheme
B. Billing scheme
C. Cheque tampering scheme
D. A shell company scheme
58. The person who is responsible for the shipment of inventory should also be responsible for write off of inventory to scrap.
A. True
B. False
59. Which of the following is a poor information security procedure that contributes to loss of proprietary company information?
A. Failure to protect on-sight materials such as scrap paper and legal documents
B. Failure to implement a system for disposing of confidential information
C. Failure to guard documents maintained in manual file systems
D. All of the above
60. Which one of the following statements is FALSE in regard to the methods typically used for making corrupt payments in bribery and corruption schemes?
A. Bribe payers often make corrupt payment by offering recipients loans on extremely favorable terms
B. Payers often make corrupt payment by taking credit card on behalf of the recipient and make monthly payments for amount spent
C. Bribe payers often make corrupt payment by selling property to the recipient at market value
D. All of the above
61. Skimming schemes can involve the theft of cash sales or the theft of accounts receivable cash or checks.
A. True
B. False
62. Gregory, a cash register teller, signed onto her register, rang a “no sale” transaction to open the drawer, and then removed a large sum of money. Which of the following BEST describe the scheme?
A. A cash larceny/theft scheme
B. A register disbursement scheme
C. A skimming scheme
D. All the above
63. Some write-offs are types of asset misappropriation schemes, that are used for
concealment of various fraud schemes. Which of the following is one of those
schemes?
A. Theft of inventory
B. Phantom loans
C. Skimming of receivables
D. All of the above
64. Lack of employees training concerning nondisclosure agreements is one of the primary reasons for the communication of confidential information by employees.
A. True
B. False
65. Jack is a manager for a retail store. He suspects his cash register employees are skimming cash. Jack will be able to detect this kind of scheme by comparing the cash register tape totals with the amount of money in their cash drawers.
A. True
B. False
66. Andrew, a Certified Forensic Fraud Examiner, is conducting tests to look for potential payroll fraud schemes at his company. One of his routine tests is to compare the payroll records to the human resources master files. What type of fraud scheme is he likely looking for when performing this type of test?
A. Overstated wages scheme
B. Ghost employee scheme
C. Fraudulent disbursement scheme
D. All the above
67. Roselyn, is a sales manager of Blue company Ltd. Roselyn is aware that the sales revenue for the financial year will not realize the budget amount. To conceal the shortfall, she creates fictitious invoices and send them to fictitious customers. Her conduct will affect several accounts and financial statements and also result in fraudulent financial reporting. Which of the following accounts and statement will be fraudulently affected and how?
A. Account receivable – will be overstated
B. Sales account – will be overstated
C. Statement of profit and loss – Net profit will be overstated
D. All the above
68. Which one of the following statements is TRUE in regard to the types of workers’ compensation fraud schemes?
A. The agents issue certificates to the insured customer but does not submit the premium to the insurance company B. In an organized fraud scheme, a lawyer, doctor and a claimant collude to defraud the insurance company
C. In premium fraud, an employer understates the amount of payroll under high risk classifications to get a lower-cost premium
D. All of the above
69. Which one of the following is an example of a kickback scheme in contract and procurement?
A. A vendor inflates the amount of an invoice submitted to the company for payment
B. A government official demands money in exchange for making a business decision
C. An official receives a payment for making a business decision in favor of a contractor
D. None of the above
70. Which one of the following statements is TRUE in regard to recording inventory in the books of account to avoid improper inventory valuation?
A. Compare perpetual and physical inventory balances
B. Inventory should be recorded at the lower of the cost or market value
C. Obsolete inventory should be written off
D. All the above
71. Which one of the following BEST describe the solicitation phase procurement fraud schemes involved in competitive bidding process?
A. Bid suppression
B. Defective pricing
C. Market division
D. All the above
72. Which of the following is a typical method used to make corrupt payments in bribery and corruption schemes?
A. Subsequent employment with the contractor
B. Payment of credit card bills
C. Investment interests in a business
D. All of the above
73. Which of the following is a common method used by fraudsters to physically infiltrate and spy on organizations?
A. Get engaged as a contractor
B. Fabricate or steal an employee badge to enable physical access
C. Secure a position as an employee
D. All of the above
74. Which of the following is a common method fraudsters use to conceal liabilities and expenses in order to make a company appear more profitable than it actually is? A. Recording expenses as capital expenditure
B. Omission of expenses/liabilities
C. Failure to disclose warranty cost and liabilities
D. All of the above
75. Joseph, the managing partner of a medium-sized law firm, is the authorized signatory of all company checks. When his utility bills arrived, Joseph prepared and signed company checks to pay his bills. He did not disclose this payment to his partners. Joseph committed which of the following fraud schemes?
A. A mischaracterized expenses scheme
B. Fictitious expenses scheme
C. Authorized maker scheme
D. Fraudulent disbursement scheme
76. A health care service provider has unethical behavior of charging a comprehensive code, as more than one component code. Which one of the following BEST describes this health care provider’s fraud scheme?
A. Up- coding
B. Unnecessary lab test
C. Unbundling
D. None of the above
77. Billing scheme is a type of fraudulent disbursement scheme. Which of the following is a type of a billing scheme?
A. Personal purchase with company funds
B. Shell company schemes
C. Using non- compliance vendors
D. All the above
78. Which one the following is a favorite target of corporations for intelligence gathering
A. Financial statements
B. Research and development
C. Marketing
D. All the above
79. Which of the following is a method in which contractors can inflate labour costs in negotiated contracts with procuring entities?
A. Subcontract to associate companies at inflated rates
B. Quote higher rate personnel to perform work at lower rates
C. Use valid cost schedules
D. None of the above
80. A draw request on a construction loan can be a prime area for fraudulent activities. Which of the following is a type of fraudulent draw request? A. Applicable change orders
B. Request for expenses from other contracts
C. Inspection report
D. Lien release from subcontractors
81. The quick ratio and current ratio are similar but not identical. Which of the following BEST describes quick ratio?
A. Quick ratio is also referred to as an acid ratio
B. Quick ratio is calculated by dividing the most liquid current assets with current liabilities
C. Quick ratio is one of the financial ratio used by auditors to determine the company’s liquidity
D. All the above
82. Charlie, a Certified Forensic Fraud Examiner who work as an internal auditor for a health care program, has been asked to review the program’s internal controls system in the claims department. Which of the following is one of the red flags, related to
claims fraud that Charlie should look out for?
A. Anonymous telephone or email enquiries regarding the status of a pending claim
B. Pressure by a claimant to have the claim paid quickly
C. Threat of a legal action when a claim is not paid quickly
D. All the above
83. Which of the following is TRUE in relation to bank reconciliations?
A. Unbalanced bank reconciliation statement is a red flag of asset misappropriation
B. Unbalanced bank reconciliation statement is a high risks of asset misappropriation
C. A forced balanced bank reconciliation is both a red flag and a risk of asset misappropriation
D. All the above
84. Recognition of revenue that has not been earned is a type of financial statement fraud scheme. Which of the following BEST describe the scheme?
A. A fictitious revenue scheme
B. Improper revenue valuation
C. Timing differences
D. Overstated revenue
85. Which of the following types of procurement fraud schemes involves a procurement employee convincing his employer to procure goods or services that are excessive or unnecessary?
A. Need recognition schemes
B. Bid manipulation schemes
C. Excessive purchasing scheme
D. Bid tailoring scheme
86. Cybercrime is a growing concern and threat globally. Therefore, every organization need to mitigate the risk of cybercrime. Which of the following is TRUE in regard to response to risk of cybercrime?
A. Fidelity insurance that cover fraud losses caused by dishonest employees can not cover cybercrime/fraud losses
B. Organization should take a separate insurance cover for cybercrime committed either by employees or outsiders
C. Transferring the risk of cybercrime is one the measures of managing cybercrime /fraud risk
D. All the above
87. Control of data is critical for any organization. One of the data control methods involve data classification. Which of the following statement is CORRECT in relation to data classification?
A. Data classification involves categorization of data for effectiveness and efficient use
B. Data classification involves assigning economic value to data and establishing a structured approach for data management
C. Data classification involves determining appropriate controls that are commensurate to the risks assessed
D. All the above
88. Computer, computer systems and internet are vulnerable to attacks, therefore organizations need to conduct proactive detection regularly. Which of the following is a type of proactive detection measure for computer, computer systems and internet?
A. Security audits and test
B. Log management and analysis
C. Data security auditing
D. All the above
89. A confidence game is a type of consumer fraud. Which of the following is the major element of confidence game scheme?
A. Advance-fee swindle
B. Fly and buy
C. Bait and switch
D. All the above
90. Which of the following is NOT a type of physical access control device that can be used to control access to physical objects?
A. Lock and Keys
B. Anti-virus software
C. Biometric systems
D. Electronic access cards
91. Which of the following is a technical or administrative control for securing computer systems and communication networks?
A. Implementing logical access controls
B. Installing a network address prevention system
C. Implementing privilege escalation
D. Using an intrusion admission system
92. Ponzi and pyramid schemes, are types of consumer fraud which are similar, but obviously different in some aspects. Which of the following BEST describes the differences?
A. A pyramid scheme promotes itself as a pyramid, whereas a Ponzi scheme promotes itself as an investment opportunity.
B. Some pyramid schemes are legal, whereas all Ponzi schemes are illegal
C. In a ponzi scheme, member’s earnings only come from recruiting new members, but in some pyramid schemes members can buy merchandise at discounted price and sell at a profit.
D. All the above
93. Which of the following is the best definition of a computer worm?
A. Any software application in which advertising banners are displayed while a program is running
B. A self-replicating computer program that penetrates operating systems to spread malicious code to other systems
C. A program or command procedure that gives the appearance that it is useful but in fact contains hidden code that causes malicious damage
D. A type of software that, while not definitely malicious, has a suspicious or potentially unwanted aspect
94. Which one of the following is a scheme that contractors can inflate material costs in negotiated contracts?
A. Failing to disclose discounts and credits
B. Failure to disclose bulk buying discounts
C. Failure to disclose residual materials inventory
D. All the above
95. Social engineering is a scheme that is used by fraudster to gain unauthorized access to a computer, computer system or internet. Which of the following is CORRECT in regard to social engineering?
A. It is a method of gaining unauthorized access to a computer system without having to use technical means
B. A method for gaining unauthorized access to a computer system in which an attacker bypasses a system’s security through the use of an undocumented operating system and network functions C. A method for gaining unauthorized access to a computer system in which an attacker searches through large quantities of available data to find sensitive information that he can use to facilitate his intended scheme
D. A method for gaining unauthorized access to a computer system in which an attacker hides near the target to obtain sensitive information that he can use to facilitate his intended scheme
96. Which of the following statements is TRUE in regard to e-commerce?
A. Digital signatures are an essential function to authenticate e-commerce transactions
B. In e-commerce transactions, non-repudiation is obtained through confirmation services and timestamps
C. E-commerce entities must make ensure that they can determine with whom they are communicating with
D. All of the above
97. Which of the following is a common carrier of malware?
A. Freeware and sharewares files
B. Email attachments
C. Files downloaded from the internet
D. All the above
98. Durable Construction company has several other companies. Durable construction company also has friends working in the construction industry. The directors of Durable Construction company and the directors of his friends’ companies, agreed
not to genuinely compete against each other, but rather submit bids in turn each time the lowest. Which of the following BEST describe this type of bid submission scheme?
A. Bid rigging
B. Bid tailoring
C. Bid rotation
D. Bid suppression
99. Which of the following is a method that can be used to destroy or manipulate data?
A. Using malware to infect computers
B. Wire tapping into a computer’s communication links
C. Transmitting data, without authorization, to an outside destination
D. All of the above
100. There are numerous types of viruses. Which virus loads itself onto the target system’s memory, infects other files, and then unloads itself?
A. Direct-action virus
B. Resident virus
C. Boot sector virus
D. None of the above
