AIS Test 2

5) Which of the following is not an example of the fraud triangle characteristic concerned with easing a fraudster's conscience? A) Revenge against the company B) Sense of entitlement as compensation for receiving a lower than average raise C) Intent to repay "borrowed" funds in the future D) Belief that the company won't suffer because an insurance company will reimburse losses

A) Revenge against the company

7) What is a denial of service attack? A) A denial of service attack occurs when the perpetrator sends hundreds of messages from randomly generated false addresses, overloading an Internet service provider's e-mail server. B) A denial of service attack occurs when an e-mail message is sent through a re-mailer, who removes the message headers making the message anonymous, then resends the message to selected addresses. C) A denial of service attack occurs when a cracker enters a system through an idle modem, captures the PC attached to the modem, and then gains access to the network to which it is connected. D) A denial of service attack occurs when the perpetrator e-mails the same message to everyone on one or more Usenet newsgroups LISTSERV lists.

A) A denial of service attack occurs when the perpetrator sends hundreds of messages from randomly generated false addresses, overloading an Internet service provider's e-mail server.

21) Which would not generally be considered a data dictionary output report? A) A list of cash balances in the organization's bank accounts B) A list of all programs in which a data element is used C) A list of all synonyms for the data elements in a particular file D) A list of all data elements used by a particular user

A) A list of cash balances in the organization's bank accounts

2) Which of the following best describes lapping? A) Applying cash receipts to a different customer's account in an attempt to conceal previous thefts of cash receipts. B) Inflating bank balances by transferring money among different bank accounts. C) Increasing expenses to conceal that an asset was stolen. D) Stealing small amounts of cash, many times over a period of time.

A) Applying cash receipts to a different customer's account in an attempt to conceal previous thefts of cash receipts.

12) Which of the following is not a management characteristic that increases pressure to commit fraudulent financial reporting? A) Close relationship with the current audit engagement partner and manager B) Pay for performance incentives based on short-term performance measures C) High management and employee turnover D) Highly optimistic earnings projections

A) Close relationship with the current audit engagement partner and manager

44) In a well-designed and normalized database, which of the following attributes would be a foreign key in a cash receipts table? A) Customer number B) Cash receipt date C) Remittance advice number D) Customer check number

A) Customer number

22) Creating an empty table in a relational database requires use of the ________, and populating that table requires the use of ________. B) DQL; SQL C) DDL; DQL D) DML; DDA

A) DDL; DML

24) If a national sales tax were implemented, which language would be used to add a new field in the sales table to track the sales tax due? A) Data Definition Language B) Data Manipulation Language C) Data Query Language D) Data Update Language

A) Data Definition Language

23) When the human resources manager wants to gather data about vacation and personal day usage by employees and by departments, the manager would use which language? A) Data Query Language B) Data Manipulation Language C) Data Report Language D) Data Definition Language

A) Data Query Language

20) Which statement below concerning the database management system (DBMS) is false? A) The DBMS automatically creates application software for users, based on data dictionary parameters. B) The DBMS automatically maintains the data dictionary. C) Users' requests for information are transmitted to the DBMS through application software. D) The DBMS uses special languages to perform specific functions.

A) The DBMS automatically creates application software for users, based on data dictionary parameters.

4) All of the following could lead to computer fraud except A) allowing computer operators full access to the computer room. B) releasing data to unauthorized users. C) allowing computer users to test software upgrades. D) storing backup tapes in a location where they can be quickly accessed

A) allowing computer operators full access to the computer room.

32) The simplest and most common way to commit a computer fraud is to A) alter computer input. B) alter computer output. C) modify the processing. D) corrupt the database.

A) alter computer input.

31) The fraud that requires the least computer knowledge or skill involves A) altering or falsifying source data. B) unauthorized use of computers. C) tampering with or copying software. D) forging documents like paychecks.

A) altering or falsifying source data.

27) The problem of changes (or updates) to data values in a database being incorrectly recorded is known as A) an update anomaly. B) an insert anomaly. C) a delete anomaly. D) a memory anomaly.

A) an update anomaly.

9) Perpetrators of theft of company assets typically exhibit all the following characteristics except that they A) attempt to return or pay back stolen amounts soon after the initial theft, but find they are unable to make full restitution. B) use trickery or lies to gain the confidence and trust of others at the organization they defraud. C) become bolder and more greedy the longer the theft remains undetected. D) begin to rely on stolen amounts as part of their income.

A) attempt to return or pay back stolen amounts soon after the initial theft, but find they are unable to make full restitution.

18) The data dictionary usually is maintained A) automatically by the DBMS. B) by the database administrator. C) by the database programmers. D) by top management.

A) automatically by the DBMS.

18) In many cases of fraud, the ________ takes more time and effort than the ________. A) concealment; theft B) theft; concealment C) conversion; theft D) conversion; concealment

A) concealment; theft

33) Downloading a master list of customers and selling it to a competitor is an example of A) data fraud. B) output theft. C) download fraud. D) fraudulent financial reporting.

A) data fraud.

5) The unauthorized copying of company data is known as A) data leakage. B) eavesdropping. C) masquerading. D) phishing.

A) data leakage.

34) In a relational database, requiring that every record in a table have a unique identifier is called the A) entity integrity rule. B) referential integrity rule. C) unique primary key rule. D) foreign key rule. Answer: A

A) entity integrity rule.

2) In a well-structured relational database, A) every table must be related to at least one other table. B) every table must be related to all other tables. C) one table must be related to at least one other table. D) one table must be related to all other tables.

A) every table must be related to at least one other table.

14) Researchers have compared the psychological and demographic characteristics of white-collar criminals, violent criminals, and the general public. They found that A) few differences exist between white-collar criminals and the general public. B) white-collar criminals eventually become violent criminals. C) most white-collar criminals invest their illegal income rather than spend it. D) most white-collar criminals are older and not technologically proficient.

A) few differences exist between white-collar criminals and the general public.

15) The unauthorized access to, and use of, computer systems is known as A) hacking. B) hijacking. C) phreaking. D) sniffing.

A) hacking.

3) Which of the following is the greatest risk to information systems and causes the greatest dollar losses? A) human errors and omissions B) physical threats such as natural disasters C) dishonest employees D) fraud and embezzlement

A) human errors and omissions

10) "Cooking the books" is typically accomplished by all the following except A) inflating accounts payable. B) accelerating recognition of revenue. C) delaying recording of expenses. D) overstating inventory.

A) inflating accounts payable.

26) The abstract representation of the contents of a database is called the A) logical data model. B) data dictionary. C) physical view. D) schema.

A) logical data model.

1) Perhaps the most striking fact about natural disasters in relation to AIS controls is that A) many companies in one location can be seriously affected at one time by a disaster. B) losses are absolutely unpreventable. C) there are a large number of major disasters every year. D) disaster planning has largely been ignored in the literature.

A) many companies in one location can be seriously affected at one time by a disaster.

32) The delete anomaly A) may result in unintentional loss of important data. B) is usually easily detected by users. C) restricts the addition of new records. D) prevents users from deleting outdated data from records or tables.

A) may result in unintentional loss of important data.

33) The update anomaly in file-based systems or unnormalized database tables A) occurs because of data redundancy. B) restricts addition of new fields or attributes. C) results in records that cannot be updated. D) is usually easily detected by users.

A) occurs because of data redundancy.

11) SAS No. 99 requires that auditors A) plan audits based on an analysis of fraud risk. B) detect all material fraud. C) alert the Securities and Exchange Commission of any fraud detected. D) take all of the above actions.

A) plan audits based on an analysis of fraud risk.

25) The feature in many database systems that simplifies the creation of reports by allowing users to specify the data elements desired and the format of the output. is named the A) report writer. B) report generator. C) report creator. D) report printer.

A) report writer.

3) Jerry Schneider was able to amass operating manuals and enough technical data to steal $1 million of electronic equipment by A) scavenging. B) skimming. C) Internet auction fraud. D) cyber extortion.

A) scavenging.

28) The potential inconsistency that could occur when there are multiple occurrences of a specific data item in a database is called the A) update anomaly. B) insert anomaly. C) inconsistency anomaly. D) delete anomaly.

A) update anomaly.

23) A ________ is similar to a ________, except that it is a program rather than a code segment hidden in a host program. A) worm; virus B) Trojan horse; worm C) worm; Trojan horse D) virus; worm

A) worm; virus

27) The most efficient way to conceal asset misappropriation is to A) write-off a customer receivable as bad debt. B) alter monthly bank statements before reconciliation. C) alter monthly physical inventory counts to reconcile to perpetual inventory records. D) record phony payments to vendors.

A) write-off a customer receivable as bad debt.

8) All of the following are benefits of the database approach except: A) Data integration and sharing B) Decentralized management of data C) Minimal data redundancy D) Cross-functional analysis and reporting

B) Decentralized management of data

4) Which statement is true regarding file systems? A) Transaction files are similar to ledgers in a manual AIS. B) Multiple master files create problems with data consistency. C) Transaction files are permanent. D) Individual records are never deleted in a master file.

B) Multiple master files create problems with data consistency.

29) Why is computer fraud often more difficult to detect than other types of fraud? A) Rarely is cash stolen in computer fraud. B) The fraud may leave little or no evidence it ever happened. C) Computers provide more opportunities for fraud. D) Computer fraud perpetrators are just more clever than other types of criminals

B) The fraud may leave little or no evidence it ever happened.

20) Computer fraud perpetrators that modify programs during systems development, allowing access into the system that bypasses normal system controls are using A) a Trojan horse. B) a trap door. C) the salami technique. D) superzapping.

B) a trap door.

26) The US Justice Department defines computer fraud as A) any crime in which a computer is used. B) an illegal act in which knowledge of computer technology is essential. C) any act in which cash is stolen using a computer. D) an illegal act in which a computer is an integral part of the crime.

B) an illegal act in which knowledge of computer technology is essential.

30) A relational database in which customer data is not maintained independently of sales invoice data will most likely result in A) an update anomaly. B) an insert anomaly. C) a delete anomaly. D) an integrity anomaly.

B) an insert anomaly.

16) The ________ contains information about the structure of the database. A) data definition language B) data dictionary C) data warehouse D) database management system

B) data dictionary

7) The person responsible for the database is the A) data coordinator. B) database administrator. C) database manager. D) database master.

B) database administrator.

2) When a computer criminal gains access to a system by searching records or the trash of the target company, this is referred to as A) data diddling. B) dumpster diving. C) eavesdropping. D) piggybacking.

B) dumpster diving.

24) What is the most prevalent opportunity within most companies to commit fraud? A) lack of any internal controls B) failure to enforce the internal controls C) loopholes in the design of internal controls D) management's failure to believe employees would commit fraud

B) failure to enforce the internal controls

8) Gaining control of someone else's computer to carry out illicit activities without the owner's knowledge is known as A) hacking. B) hijacking. C) phreaking. D) sniffings.

B) hijacking.

9) Illegally obtaining and using confidential information about a person for economic gain is known as A) eavesdropping. B) identity theft. C) packet sniffing. D) piggybacking.

B) identity theft.

29) Inability to add new data to a database without violating the basic integrity of the database is referred to as the A) update anomaly. B) insert anomaly. C) integrity anomaly. D) delete anomaly. Answer: B

B) insert anomaly.

6) Most fraud perpetrators are insiders because A) insiders are more dishonest than outsiders. B) insiders know more about the system and its weaknesses than outsiders. C) outsiders are more likely to get caught than insiders. D) insiders have more need for money than outsiders.

B) insiders know more about the system and its weaknesses than outsiders.

14) The deceptive method by which a perpetrator gains access to the system by pretending to be an authorized user is called A) cracking. B) masquerading. C) hacking. D) superzapping.

B) masquerading.

28) Computer fraud is often much more difficult to detect than other types of fraud because A) perpetrators usually only steal very small amounts of money at a time, thus requiring a long period of time to have elapsed before they're discovered. B) massive fraud can be committed in only seconds, leaving little or no evidence. C) most perpetrators invest their illegal income rather than spend it, thus concealing key evidence. D) most computer criminals are older and are considered to be more cunning when committing such a fraud.

B) massive fraud can be committed in only seconds, leaving little or no evidence.

22) Which characteristic of the fraud triangle often stems from a lack of internal controls within an organization? A) pressure B) opportunity C) rationalization D) concealment

B) opportunity

24) Wally Hewitt is an accountant with a large accounting firm. The firm has a very strict policy of requiring all users to change their passwords every sixty days. In early March, Wally received an email from the firm that explained that there had been an error updating his password and that provided a link to a Web site with instructions for re-entering his password. Something about the email made Wally suspicious, so he called the firm's information technology department and found that the email was fictitious. The email was an example of A) social engineering. B) phishing. C) piggybacking. D) spamming.

B) phishing.

17) Which of the following would not be found in a data dictionary entry for a data item? A) records containing a specific data item B) physical location of the data C) source of the data item D) field type

B) physical location of the data

35) The database requirement that foreign keys must be null or have a value corresponding to the value of a primary key in another table is formally called the A) entity integrity rule. B) referential integrity rule. C) rule of keys. D) foreign key rule.

B) referential integrity rule.

36) In a well-structured database, the constraint that ensures the consistency of the data is known as the A) entity integrity rule. B) referential integrity rule. C) logical view. D) consistency integrity rule.

B) referential integrity rule.

37) A simple method for catching or preventing many types of employee fraud is to A) monitor all employee behavior using video cameras. B) require all employees to take annual vacations. C) explain to employees that fraud is illegal and that it will be severely punished. D) monitor employee bank accounts and net worth.

B) require all employees to take annual vacations.

11) The logical structure of a database is described by the A) data dictionary. B) schema. C) database management system. D) internal level.

B) schema.

38) Identify the aspect of a well-structured database that is incorrect. A) Data is consistent. B) Redundancy is minimized and controlled. C) All data is stored in one table or relation. D) The primary key of any row in a relation cannot be null.

C) All data is stored in one table or relation.

34) Which of the following will not reduce the likelihood of an occurrence of fraud? A) encryption of data and programs B) use of forensic accountants C) adequate insurance coverage D) required vacations and rotation of duties

C) adequate insurance coverage

12) The schema that provides an organization-wide view of the entire database is known as the A) external-level schema. B) internal-level schema. C) conceptual-level schema. D) logical view of the database.

C) conceptual-level schema.

10) The ________ handles the link between the way data are physically stored and each user's logical view of that data. A) data warehouse B) data dictionary C) database management (DBMS) software D) schema

C) database management (DBMS) software

5) The ________ acts as an interface between the database and the various application programs. A) data warehouse B) database administrator C) database management system D) database system

C) database management system

6) The combination of the database, the DBMS, and the application programs that access the database through the DBMS is referred to as the A) data warehouse. B) database administrator. C) database system. D) database manager.

C) database system.

31) The problem of losing desired information from a database when an unwanted record is purged from the database is referred to as the ________ anomaly. A) purge B) erase C) delete D) integrity

C) delete

39) In the database design approach known as normalization, the first assumption made about data is A) there is no redundancy in the data. B) the delete anomaly will not apply since all customer records will be maintained indefinitely. C) everything is initially stored in one large table. D) the data will not be maintained in 3NF tables. Answer: C

C) everything is initially stored in one large table.

13) A set of individual user views of the database is called the A) conceptual-level schema. B) internal-level schema. C) external-level schema. D) meta-schema.

C) external-level schema.

13) Intentional or reckless conduct that results in materially misleading financial statements is called A) financial fraud. B) misstatement fraud. C) fraudulent financial reporting. D) audit failure fraud.

C) fraudulent financial reporting.

9) The physical view of a database system refers to A) how a user or programmer conceptually organizes and understands the data. B) how the DBMS accesses data for a certain application program. C) how and where the data are physically arranged and stored. D) how master files store data values used by more than one application program.

C) how and where the data are physically arranged and stored.

15) Record layouts, definitions, addresses, and indexes will be stored at the ________ level schema. A) external B) conceptual C) internal D) meta

C) internal

14) A low-level view of the database that describes how the data are actually stored and accessed is the A) conceptual-level schema. B) subschema. C) internal-level schema. D) external-level schema.

C) internal-level schema.

21) One fraudulent scheme covers up a theft by creating cash through the transfer of money between banks. This is known as A) lapping. B) misappropriation of assets. C) kiting. D) concealment.

C) kiting.

17) Opportunity to commit fraud is comprised of three stages. The stage that often takes most time and effort would include A) stealing inventory from the warehouse. B) selling stolen inventory to get cash. C) lapping accounts receivable. D) creating false journal entries to overstate revenue.

C) lapping accounts receivable.

4) A part of a program that remains idle until some date or event occurs and then is activated to cause havoc in the system is a A) trap door. B) data diddle. C) logic bomb. D) virus.

C) logic bomb.

1) Using a file-oriented approach to data and information, data is maintained in A) a centralized database. B) many interconnected files. C) many separate files. D) a decentralized database.

C) many separate files.

6) Computer fraud perpetrators who use telephone lines to commit fraud and other illegal acts are typically called A) hackers. B) crackers. C) phreakers. D) jerks.

C) phreakers.

25) Which characteristic of the fraud triangle relates to excuses that perpetrators use to justify their illegal behavior? A) pressure B) opportunity C) rationalization D) concealment

C) rationalization

16) A fraud technique that slices off tiny amounts from many projects is called the ________ technique. A) Trojan horse B) round down C) salami D) trap door

C) salami

18) Spyware is A) software that tells the user if anyone is spying on his computer. B) software that monitors whether spies are looking at the computer. C) software that monitors computing habits and sends the data it gathers to someone else. D) none of the above

C) software that monitors computing habits and sends the data it gathers to someone else.

21) A fraud technique that allows a perpetrator to bypass normal system controls and enter a secured system is called A) superzapping. B) data diddling. C) using a trap door. D) piggybacking.

C) using a trap door.

1) Wally Hewitt maintains an online brokerage account. In early March, Wally received an email from the firm that explained that there had been a computer error and that provided a phone number so that Wally could verify his customer information. When he called, a recording asked that he enter the code from the email, his account number, and his social security number. After he did so, he was told that he would be connected with a customer service representative, but the connection was terminated. He contacted the brokerage company and was informed that they had not sent the email. Wally was a victim of A) Bluesnarfing. B) splogging. C) vishing. D) typosquatting.

C) vishing.

37) Which statement below is false regarding the basic requirements of the relational data model? A) Every column in a row must be single-valued. B) All non-key attributes in a table should describe a characteristic about the object identified by the primary key. C) Foreign keys, if not null, must have values that correspond to the value of a primary key in another table. D) Primary keys can be null.

D) Primary keys can be null.

23) Which situation below makes it easy for someone to commit a fraud? A) placing excessive trust in key employees B) inadequate staffing within the organization C) unclear company policies D) All of the above situations make it easy for someone to commit a fraud.

D) All of the above situations make it easy for someone to commit a fraud.

19) Which of the following is the best way to hide theft of assets? A) Creating "cash" through the transfer of money between banks B) Conversion of stolen assets into cash C) Stealing cash from customer A and then using customer B's balance to pay customer A's accounts receivable D) Charging the stolen asset to an expense account

D) Charging the stolen asset to an expense account

11) Which of the following is not a method of identify theft? A) Scavenging B) Phishing C) Shoulder surfing D) Phreaking

D) Phreaking

22) A set of unauthorized computer instructions in an otherwise properly functioning program is known as a A) logic bomb. B) spyware. C) trap door. D) Trojan horse.

D) Trojan horse.

30) Why do many fraud cases go unreported and unprosecuted? A) Major fraud is a public relations nightmare. B) Fraud is difficult, costly, and time-consuming to investigate and prosecute. C) Law enforcement and the courts are often so busy with violent crimes that little time is left for fraud cases. D) all of the above

D) all of the above

25) Developers of computer systems often include a user name and password that is hidden in the system, just in case they need to get into the system and correct problems in the future. This is referred to as a A) Trojan horse. B) key logger. C) spoof. D) back door.

D) back door.

17) Data diddling is A) gaining unauthorized access to and use of computer systems, usually by means of a personal computer and a telecommunications network. B) unauthorized copying of company data such as computer files. C) unauthorized access to a system by the perpetrator pretending to be an authorized user. D) changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data.

D) changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data.

15) Which of the following is an opportunity that could contribute to employee fraud? A) an employee's spouse loses their job B) an employee suddenly acquires lots of credit cards C) an employee is upset that he was passed over for a promotion D) close association with suppliers or customers

D) close association with suppliers or customers

13) Which of the following is the easiest method for a computer criminal to steal output without ever being on the premises? A) dumpster diving B) by use of a Trojan horse C) using a telescope to peer at paper reports D) electronic eavesdropping on computer monitors

D) electronic eavesdropping on computer monitors

16) Which of the following is a financial pressure that could cause an employee to commit fraud? A) a feeling of not being appreciated B) failing to receive a deserved promotion C) believing that their pay is too low relative to others around them D) having a spouse injured in a car accident and in the hospital for several weeks

D) having a spouse injured in a car accident and in the hospital for several weeks

7) Most frauds are detected by A) external auditors. B) internal auditors. C) accident. D) hotline tip.

D) hotline tip.

20) In a ________ scheme, customer receipts are stolen and then subsequent payments by other customers are misapplied to cover the theft of the original receipts. A) kiting B) laundering C) bogus expense D) lapping

D) lapping

3) File-oriented approaches create problems for organizations because of A) multiple transaction files. B) a lack of sophisticated file maintenance software. C) multiple users. D) multiple master files.

D) multiple master files.

10) Tapping into a communications line and then entering the system by accompanying a legitimate user without their knowledge is called A) superzapping. B) data leakage. C) hacking. D) piggybacking.

D) piggybacking.

12) Which method of fraud is physical in its nature rather than electronic? A) cracking B) hacking C) eavesdropping D) scavenging

D) scavenging

40) The database design method in which a designer uses knowledge about business processes to create a diagram of the elements to be included in the database is called A) normalization. B) decentralization. C) geometric data modeling. D) semantic data modeling.

D) semantic data modeling.

19) The unauthorized use of special system programs to bypass regular system controls and perform illegal act is called A) a Trojan horse. B) a trap door. C) the salami technique. D) superzapping.

D) superzapping.

19) Reports produced using the data dictionary could include all of the following except a list of A) programs where a data item is used. B) synonyms for the data items in a particular file. C) outputs where a data element is used. D) the schemas included in a database

D) the schemas included in a database