Chapter 3 Multiple Choice
Acts such as dumpster diving, phishing, and smishing are all conducted to: a) Conduct a denial of service attack b) Disrupt computer services c) Get food d) Perform identify theft
Disrupt computer services
Good computer security usually begins with: a) Strong application controls b) Enlisting the support of top management c) Long jail sentences d) Powerful microprocessors
Enlisting the support of top management
49. Hacking involves: a) Stealing carbons of credit cards b) Destroying computer hardware c) Gaining illegal entry to computer files from remote locations d) Inserting a logic bomb in a computer program
Gaining illegal entry to computer files from remote locations
The theft of millions of credit card numbers from customers of Target stores using malware is an example of: a) Denial of service b) Misappropriation of assets c) Penetration testing d) Hacking
Hacking
57. Most computer criminals who have been caught: a) Have inferior educational backgrounds b) Have superior educational backgrounds c) Work for organized crime d) Are ill suited to their jobs
Have superior educational backgrounds
58. A forensic accountant is an accountant who: a) Performs autopsies on dead accountants b) Tries to explain why some accounts become inactive c) Investigates suspected fraud d) Performs court-approved accounting tasks for bankrupt companies
Investigates suspected fraud
38. Which of these terms describes a computer program that remains dormant until triggered by some specific circumstance or date? a) Trojan horse program b) DDoS program c) Logic bomb d) Dial back system
Logic bomb
37. Which of these would be an example of "denial-of-service" computer abuse? a) Computer virus b) Salami technique c) Trojan horse computer program d) Embezzlement using computerized data e) none of these
none of these
52. All of the following are ways to thwart computer viruses except: a) Acquire a vaccine or anti virus program b) Do not download computer games from questionable sources c) Maintain complete backup files d) Buy shrink wrapped software from reputable sources
Maintain complete backup files
43. At present, we think that cybercrime is: a) Falling b) Random c) Rising d) Flat
Rising
41. This term describes the technique of stealing small amounts of money from a large number of accounts over time. a) Salami technique b) Buffet system c) Baloney method d) Dialing for dollars
Salami technique
65. One of the most effective deterrents to prevent/discourage computer hacking is: a) User education, that is, making potential hackers aware of the ethical issues involved in this sort of behavior b) The USA Patriot Act of 2001 c) The Cyber Security Act of 1987 d) none of the above
User education, that is, making potential hackers aware of the ethical issues involved in this sort of behavior
46. The TRW Credit Data Case is an example of: a) The round off trick b) An outsider ripping off a corporate computer c) Valuable information computer crime d) none of the above
Valuable information computer crime
40. The process of changing data before, during, or after they are entered into a computer system is called: a) Data diddling b) Salami techinique c) Logic bombs d) Social engineering
Data diddling
60. An example of a conflict-of-interest situation is: a) Not working for a new company in a job similar to your last job b) Not talking to outsiders about general business concerns c) A decision where personal and corporate goals conflict d) Refusing to use a new computer if your colleagues are not provided similar systems
A decision where personal and corporate goals conflict
50. A computer virus is: a) A disease that computer programmers are very susceptible to b) A small processing routine that the user accidentally introduces into the system c) A misnomer, since unlike biological viruses, computer viruses cannot reproduce themselves d) Harmless
A small processing routine that the user accidentally introduces into the system
59. Accounting "ethics" means: a) Whatever the corporate manual says it means b) Acting responsibly as long as no dollars are involved c) Only being honest; everything else is up for grabs d) Acting responsibly, no matter what
Acting responsibly, no matter what
54. Thwarting computer abuse can be enhanced by all of the following except: a) Enlisting top-management support b) Increasing employee awareness and education c) Allowing only 10% of employees access to computers d) Using strong passwords
Allowing only 10% of employees access to computers
61. Which of the following is not a common way to steal personal identity information? a) Altering computer records b) Using key logging software c) Dumpster diving d) Phishing
Altering computer records
56. Almost all computer criminals can be described as: a) Professional criminals b) Technical hackers possessing strong computer skills c) White collar professional criminals d) Amateurs who describe themselves as relatively honest
Amateurs who describe themselves as relatively honest
67. It is important to be able to recognize the symptoms of employee fraud. In practice, which of the following might be the best clue that fraud might be occurring? a) Accounting irregularities b) Internal control procedures that managers feel are inadequate c) Anomalies that, together, seem unreasonable d) Trial balances that almost always contain errors
Anomalies that, together, seem unreasonable
51. Computer programs that can scan computer disks for virus-like coding are called: a) Antivirus software b) Virus software c) Detection software d) Friendly applets
Antivirus software
53. A small computer program that is stored on a web server and designed to run in conjunction with browser software is called a(n): a) Applet b) Logic bomb c) Worm d) Boot sector
Applet
The term "smishing" means: a) Conducting identify theft by using text messages on cell phones b) Attempting to appear unnoticeable for an illegal act c) Stealing small amounts of monies from several computer accounts d) Masquerading as a corporate manager in order to obtain useful information
Attempting to appear unnoticeable for an illegal act
68. One of the major crimes identified by the Computer Fraud and Abuse Act of 1986 is the intent to illegally obtain information or tangible property through the use of computers. Which of the following methods might accomplish this type of crime if the perpetrator can change data before, during, or after they are entered into a computer system? a) Salami technique b) Data diddling c) Shoulder surfing d) Trojan horse program
Data diddling
48. Which of these is an acronym for computer crime legislation? a) ACL b) BART c) CFAA d) DDoS
CFAA
63. Probably the most important federal legislation governing activities involving computers is: a) CAN-SPAM Act of 2003 b) Federal Privacy Act of 1974 c) Computer Fraud and Abuse Act of 1986 d) Cyber Security Act of 1987
Computer Fraud and Abuse Act of 1986
62. Which of the following is true? a) Only the AICPA has drafted an ethical code of conduct b) Computer crime only refers to manipulating a computer to dishonestly obtain money, property, or some other advantage of value c) ACM society is an acronym meaning "association of corporate managers" d) Ethical use of computers means realizing that the availability of a system does not convey its unrestricted use
Ethical use of computers means realizing that the availability of a system does not convey its unrestricted use
55. In thwarting cybercrime, which of the following is true? a) It is not important to enlist the support of top management b) Many IT managers do not think cybercrime is very important c) Cybercrime mostly means controlling computer hardware d) Most cybercrime happens because of a failure of controls, not an absence of controls
Most cybercrime happens because of a failure of controls, not an absence of controls
Some firms and governmental organizations use ethical hackers to help find any vulnerabilities that could be exploited by a malicious hacker. Which of the following is also used to refer to ethical hacking? a) Denial of service b) Intrusion service c) Penetration testing d) Executable testing
Penetration testing
A computer virus is different from a "Trojan Horse" because the virus can a) Corrupt data b) Alter programming instructions c) Replicate itself d) Erase executable files
Replicate itself
47. The TRW Case is notable because: a) The amount of dollars involved was so large b) No one got caught c) The real victims were TRW customers d) A routine audit was responsible for detecting the fraud
The real victims were TRW customers
Misappropriation of assets is: a) A form of computer fraud involving the misapplication of account numbers. b) The theft of assets, usually by employees c) The proper recording of assets using debits d) A form of computer abuse that is not a crime
The theft of assets, usually by employees
39. Much of what has been termed cybercrime has merely involved the computer but probably would be more accurately classified as other types of crimes. A notable exception to this involves: a) Raiding dormant bank accounts b) Inventory misappropriation c) Embezzlement d) Theft of computer time
Theft of computer time
64. Which of the following is a primary reason why accountants should be concerned about cybercrime? a) They might lose their job if they don't detect cybercrime in their organization b) They might lose their professional credibility and license if cybercrime continues for a long time in their organization and they do not detect it c) They are responsible for designing, implementing, and monitoring the control procedures for AISs d) all of the above are equally important
They are responsible for designing, implementing, and monitoring the control procedures for AISs
45. According to the chapter, which of these statements is most accurate? a) Today, most computers are safe from computer abuse b) Today, very few computers are completely safe from computer abuse c) Today, "hacking" is no longer possible d) Today, all of these statements are accurate
Today, very few computers are completely safe from computer abuse
42. This best explains why we have incomplete information on cybercrime. a) Most companies handle abuse as an internal matter b) Most newspapers no longer have any interest in reporting cybercrime c) Documentation of abuses is usually poor d) We believe that most cybercrime is not caught
We believe that most cybercrime is not caught
66. Which of the following does not destroy data but merely replicates itself repeatedly until the user runs out of internal memory or disk space? a) Computer virus b) Worm program c) Java applet d) Salami technique
Worm program
44. All of these are reasons why we think that cybercrime is rising except: a) Some Internet web sites now instruct users how to perform certain types of computer abuse b) More people now know how to use computers c) Computer usage continues to grow d) all of these are reasons
all of these are reasons
36. According to the chapter, which of these statements is most accurate? a) Most cybercrime is performed as retaliation against employers b) Very little cybercrime is committed for personal gain c) Some cybercrime is performed simply to meet a challenge d) We catch most computer abusers with good accounting controls
c) Some cybercrime is performed simply to meet a challenge
35. According to the chapter, which of these statements is most accurate? a) Almost all cybercrime is committed for personal gain b) Very little cybercrime is committed for personal gain c) Most cybercrime is just as easily described as "embezzlement" d) We actually know very little about cybercrime
d) We actually know very little about cybercrime