Chapter 3 Multiple Choice

Acts such as dumpster diving, phishing, and smishing are all conducted to: a) Conduct a denial of service attack b) Disrupt computer services c) Get food d) Perform identify theft

Disrupt computer services

Good computer security usually begins with: a) Strong application controls b) Enlisting the support of top management c) Long jail sentences d) Powerful microprocessors

Enlisting the support of top management

49. Hacking involves: a) Stealing carbons of credit cards b) Destroying computer hardware c) Gaining illegal entry to computer files from remote locations d) Inserting a logic bomb in a computer program

Gaining illegal entry to computer files from remote locations

The theft of millions of credit card numbers from customers of Target stores using malware is an example of: a) Denial of service b) Misappropriation of assets c) Penetration testing d) Hacking

Hacking

57. Most computer criminals who have been caught: a) Have inferior educational backgrounds b) Have superior educational backgrounds c) Work for organized crime d) Are ill suited to their jobs

Have superior educational backgrounds

58. A forensic accountant is an accountant who: a) Performs autopsies on dead accountants b) Tries to explain why some accounts become inactive c) Investigates suspected fraud d) Performs court-approved accounting tasks for bankrupt companies

Investigates suspected fraud

38. Which of these terms describes a computer program that remains dormant until triggered by some specific circumstance or date? a) Trojan horse program b) DDoS program c) Logic bomb d) Dial back system

Logic bomb

37. Which of these would be an example of "denial-of-service" computer abuse? a) Computer virus b) Salami technique c) Trojan horse computer program d) Embezzlement using computerized data e) none of these

none of these

52. All of the following are ways to thwart computer viruses except: a) Acquire a vaccine or anti virus program b) Do not download computer games from questionable sources c) Maintain complete backup files d) Buy shrink wrapped software from reputable sources

Maintain complete backup files

43. At present, we think that cybercrime is: a) Falling b) Random c) Rising d) Flat

Rising

41. This term describes the technique of stealing small amounts of money from a large number of accounts over time. a) Salami technique b) Buffet system c) Baloney method d) Dialing for dollars

Salami technique

65. One of the most effective deterrents to prevent/discourage computer hacking is: a) User education, that is, making potential hackers aware of the ethical issues involved in this sort of behavior b) The USA Patriot Act of 2001 c) The Cyber Security Act of 1987 d) none of the above

User education, that is, making potential hackers aware of the ethical issues involved in this sort of behavior

46. The TRW Credit Data Case is an example of: a) The round off trick b) An outsider ripping off a corporate computer c) Valuable information computer crime d) none of the above

Valuable information computer crime

40. The process of changing data before, during, or after they are entered into a computer system is called: a) Data diddling b) Salami techinique c) Logic bombs d) Social engineering

Data diddling

60. An example of a conflict-of-interest situation is: a) Not working for a new company in a job similar to your last job b) Not talking to outsiders about general business concerns c) A decision where personal and corporate goals conflict d) Refusing to use a new computer if your colleagues are not provided similar systems

A decision where personal and corporate goals conflict

50. A computer virus is: a) A disease that computer programmers are very susceptible to b) A small processing routine that the user accidentally introduces into the system c) A misnomer, since unlike biological viruses, computer viruses cannot reproduce themselves d) Harmless

A small processing routine that the user accidentally introduces into the system

59. Accounting "ethics" means: a) Whatever the corporate manual says it means b) Acting responsibly as long as no dollars are involved c) Only being honest; everything else is up for grabs d) Acting responsibly, no matter what

Acting responsibly, no matter what

54. Thwarting computer abuse can be enhanced by all of the following except: a) Enlisting top-management support b) Increasing employee awareness and education c) Allowing only 10% of employees access to computers d) Using strong passwords

Allowing only 10% of employees access to computers

61. Which of the following is not a common way to steal personal identity information? a) Altering computer records b) Using key logging software c) Dumpster diving d) Phishing

Altering computer records

56. Almost all computer criminals can be described as: a) Professional criminals b) Technical hackers possessing strong computer skills c) White collar professional criminals d) Amateurs who describe themselves as relatively honest

Amateurs who describe themselves as relatively honest

67. It is important to be able to recognize the symptoms of employee fraud. In practice, which of the following might be the best clue that fraud might be occurring? a) Accounting irregularities b) Internal control procedures that managers feel are inadequate c) Anomalies that, together, seem unreasonable d) Trial balances that almost always contain errors

Anomalies that, together, seem unreasonable

51. Computer programs that can scan computer disks for virus-like coding are called: a) Antivirus software b) Virus software c) Detection software d) Friendly applets

Antivirus software

53. A small computer program that is stored on a web server and designed to run in conjunction with browser software is called a(n): a) Applet b) Logic bomb c) Worm d) Boot sector

Applet

The term "smishing" means: a) Conducting identify theft by using text messages on cell phones b) Attempting to appear unnoticeable for an illegal act c) Stealing small amounts of monies from several computer accounts d) Masquerading as a corporate manager in order to obtain useful information

Attempting to appear unnoticeable for an illegal act

68. One of the major crimes identified by the Computer Fraud and Abuse Act of 1986 is the intent to illegally obtain information or tangible property through the use of computers. Which of the following methods might accomplish this type of crime if the perpetrator can change data before, during, or after they are entered into a computer system? a) Salami technique b) Data diddling c) Shoulder surfing d) Trojan horse program

Data diddling

48. Which of these is an acronym for computer crime legislation? a) ACL b) BART c) CFAA d) DDoS

CFAA

63. Probably the most important federal legislation governing activities involving computers is: a) CAN-SPAM Act of 2003 b) Federal Privacy Act of 1974 c) Computer Fraud and Abuse Act of 1986 d) Cyber Security Act of 1987

Computer Fraud and Abuse Act of 1986

62. Which of the following is true? a) Only the AICPA has drafted an ethical code of conduct b) Computer crime only refers to manipulating a computer to dishonestly obtain money, property, or some other advantage of value c) ACM society is an acronym meaning "association of corporate managers" d) Ethical use of computers means realizing that the availability of a system does not convey its unrestricted use

Ethical use of computers means realizing that the availability of a system does not convey its unrestricted use

55. In thwarting cybercrime, which of the following is true? a) It is not important to enlist the support of top management b) Many IT managers do not think cybercrime is very important c) Cybercrime mostly means controlling computer hardware d) Most cybercrime happens because of a failure of controls, not an absence of controls

Most cybercrime happens because of a failure of controls, not an absence of controls

Some firms and governmental organizations use ethical hackers to help find any vulnerabilities that could be exploited by a malicious hacker. Which of the following is also used to refer to ethical hacking? a) Denial of service b) Intrusion service c) Penetration testing d) Executable testing

Penetration testing

A computer virus is different from a "Trojan Horse" because the virus can a) Corrupt data b) Alter programming instructions c) Replicate itself d) Erase executable files

Replicate itself

47. The TRW Case is notable because: a) The amount of dollars involved was so large b) No one got caught c) The real victims were TRW customers d) A routine audit was responsible for detecting the fraud

The real victims were TRW customers

Misappropriation of assets is: a) A form of computer fraud involving the misapplication of account numbers. b) The theft of assets, usually by employees c) The proper recording of assets using debits d) A form of computer abuse that is not a crime

The theft of assets, usually by employees

39. Much of what has been termed cybercrime has merely involved the computer but probably would be more accurately classified as other types of crimes. A notable exception to this involves: a) Raiding dormant bank accounts b) Inventory misappropriation c) Embezzlement d) Theft of computer time

Theft of computer time

64. Which of the following is a primary reason why accountants should be concerned about cybercrime? a) They might lose their job if they don't detect cybercrime in their organization b) They might lose their professional credibility and license if cybercrime continues for a long time in their organization and they do not detect it c) They are responsible for designing, implementing, and monitoring the control procedures for AISs d) all of the above are equally important

They are responsible for designing, implementing, and monitoring the control procedures for AISs

45. According to the chapter, which of these statements is most accurate? a) Today, most computers are safe from computer abuse b) Today, very few computers are completely safe from computer abuse c) Today, "hacking" is no longer possible d) Today, all of these statements are accurate

Today, very few computers are completely safe from computer abuse

42. This best explains why we have incomplete information on cybercrime. a) Most companies handle abuse as an internal matter b) Most newspapers no longer have any interest in reporting cybercrime c) Documentation of abuses is usually poor d) We believe that most cybercrime is not caught

We believe that most cybercrime is not caught

66. Which of the following does not destroy data but merely replicates itself repeatedly until the user runs out of internal memory or disk space? a) Computer virus b) Worm program c) Java applet d) Salami technique

Worm program

44. All of these are reasons why we think that cybercrime is rising except: a) Some Internet web sites now instruct users how to perform certain types of computer abuse b) More people now know how to use computers c) Computer usage continues to grow d) all of these are reasons

all of these are reasons

36. According to the chapter, which of these statements is most accurate? a) Most cybercrime is performed as retaliation against employers b) Very little cybercrime is committed for personal gain c) Some cybercrime is performed simply to meet a challenge d) We catch most computer abusers with good accounting controls

c) Some cybercrime is performed simply to meet a challenge

35. According to the chapter, which of these statements is most accurate? a) Almost all cybercrime is committed for personal gain b) Very little cybercrime is committed for personal gain c) Most cybercrime is just as easily described as "embezzlement" d) We actually know very little about cybercrime

d) We actually know very little about cybercrime