certificate course on forensic accounting & fraud...
TRANSCRIPT
COMMITTEE ON INFORMATION TECHNOLOGY
INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA
Certificate Course on Forensic Accounting & Fraud Detection
MODEL TEST PAPER -1
OBJECTIVE TYPE QUESTIONS (1Marks each)
1. Employee’s behavioral changes (alcohol, gambling) will come under which component
of Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say
2. The purpose of the Red Flags Rule is:
A. To detect the warning signs – or “red flags” – of identity theft in day-to-day
operations
B. take steps to prevent the crime
C. Mitigate the damage it inflicts.
D. All of the above
3. The interrelationship among auditing, fraud examination, and financial forensics is:
A. Established and maintained by legal structures and justice processes
B. Constant even while social and cultural pressures are exerted on it
C. Cased on the SOX Act and SAS 99
E. Dynamic and changes over time
4. What is one of the primary differences between a Financial Statement auditor and a
Forensic Accountant?
A. Financial statement auditors are likely to follow leads suggested by
immaterial items whereas Forensic Accountants often must restrict their
efforts to searching for material misstatements.
B. Forensic Accountants are likely to follow leads suggested by immaterial
items whereas .financial statement auditors often must restrict their efforts
to searching for material misstatements
C. .Forensic Accountants must focus on specific legal areas that produce fraud
charges under the courts of law whereas financial statement auditors focus
their attention on the Generally Accepted Accounting Principles.
D. Forensic Accountants are likely to ask individuals to fix discrepancies found
in financial statements whereas financial statement auditors will fail a
corporations financial statement certification, therefore having
repercussions with the SEC.
5. Among the following which would be the red flags for payroll –
A. Overtime time charged during a slack period
B. Excessive or unjustified transactions
C. Large no. of Write- off of accounts
D. All of the above
6. If pressures and opportunities are high and personal integrity is low, the chance of
fraud is:
A. High
B. Medium
C. Very Low
D. Low
7. Which is not a red flag among following:
A. Negative Cash flows
B. Significant sales to related parties
C. Sudden above-average profits for specific quarters
D. Paid dividend according to dividend payout ratio
8. At a minimum, professional skepticism:
A. is supportive of client’s claim of fraud
B. is a neutral but disciplined approach to detection and investigation
C. assumes that the management is dishonest and therefore must “pull every
loose thread” to find the evidence and fraud
D. assumes unquestioned loyalty by newer and younger employees
9. Which of the following techniques is most effective in preventing computer crime?
A. Backups
B. Digital forensic analysis
C. Using a firewall
D. None of the above
10. Which of the following types of organizations typically use Forensic Accountants?
A. Publicly held corporations.
B. Private/non-profit corporations.
C. Federal/State Agencies.
D. All of the above.
11. Which of the following is not a common type of fraud pressure?
A. Pressure to outsmart peers
B. Financial pressures
C. Work-related pressures
D. Vices
12. In comparing management fraud with employee fraud, the auditor’s risk of failing to
discover the fraud is:
A. greater for management fraud because managers are inherently more
deceptive than employees
B. greater for management fraud because of management’s ability to override
existing internal controls
C. greater for employee fraud because of the higher crime rate among blue
collar workers
D. greater for employee fraud because of the larger number of employees in
the organization
13. ____ is the science of writing hidden messages I such a way that no one apart from th
sender and intended recipient even realizes there is a hidden message.
A. decryption
B. obfuscation
C. stenography
D. encryption
14. Why is it recommended not to put a password in your EnCase?
A. because you will secure your information
B. it’s to many steps
C. if you forget you are out of luck
D. it cannot be encrypted
15. All of the following are methods that organization can adopt to proactively
eliminate fraud opportunities EXCEPT:
A. Accurately identifying sources and measuring risks
B. Implementing appropriate preventative and detective controls
C. Creating widespread monitoring by employees
D. Eliminating protections for whistle blowers
16. Overstating revenues and understating liabilities and expenses typifies which of the
following fraud schemes?
A. Unconcealed larceny
B. Purchase and sales Skimming
C. Fraudulent statements
D. Schemes
17. From the statements below select the most correct.
A. Prevention and deterrence are typically more costly than attempting to
remediate a fraud that has already occurred.
B. Fraud deterrence refers to creating environments in which people are
prohibited from committing fraud.
C. Fraud detection refers to the process of preventing and discovering the
presence of fraud.
D. Prevention and deterrence are typically more cost beneficial than
attempting to remediate a fraud that has already occurred.
18. when working on computer forensics always work from of the evidence and never
from the original to prevent damage to the evidence.
A. Original hard drive
B. Live computer
C. Remote desktop
D. An image
19. Financial statement fraud is easiest to commit in organizations that:
A.have democratic leadership.
B.have a large internal audit department.
C.have a board of directors comprised primarily of outsiders.
D.have complex organizational structures.
20. Customer fraud includes all of the following EXCEPT:
A. Get something for nothing
B. Do not pay for goods purchased
C. Fraud perpetrated through collusion between buyers and vendors.
D. Deceive organization into giving them something they should not
21. What is the most cost-effective way to minimize the cost of fraud?
A. Prevention
B. Detection
C. Investigation
D. Prosecution
22. The Fraud Exposure Rectangle includes:
A. Rationalization
B. perceived pressure
C. relationships with others
D. All of the choices are included in the Fraud Exposure Rectangle
23. Which of the following statements is most correct regarding errors and fraud?
A. An error is unintentional, whereas fraud is intentional.
B. Frauds occur more often than errors in financial statements.
C. Errors are always fraud and frauds are always errors.
D. Auditors have more responsibility for finding fraud than errors.
24. You are suppose to maintain three types of records. Which answer is not a record?
A. Chain of custody
B. Documentation of the crime scene
C. Searching the crime scene
D. Document your actions
25. Forensic Interviewing Techniques does not include
A. Investigation
B. Polygraph test
C. Physical Behaviour Analysis
D. Disk Imaging
26. When performing forensics work, which of the guidelines below should be followed?
i. You should make a copy of a suspect's drive and interact with the copy
instead of the original
ii. If you take the evidence home with you, carry it in a locked briefcase.
iii. You should only document those tests that provide information that can be
used in court.
iv. The location and use of the evidence from the point it was seized until the
moment it is shown in court must be known.
A. i and ii
B. i and iii
C. i and ii
D. All of above
27. Which financial ratio is not useful in detecting revenue-related fraud?
A. Gross profit margin ratio
B. Account receivable ratio
C. Asset turnover ratio
D. All of the above
28. Phishing attackers use –––––––––––––––––– to commit their crimes.
A. Email
B. SMS
C. Courier
D. Whatsapp
29. The possible profiles of a fraud perpetrator are
A. Very friendly, but self centered and egoistic
B. Unfriendly and an introvert
C. Surly and angry but good in work
D. Very slow in work that he/she is used to doing for years together
30. Steganography is
A. graph of sales to technological spending
B. the science of hiding information
C. graph of mails sent to mails received
D. the science of generating random passwords
31. Tools for imaging:
(a) Dossier
(b) Tableau
(c) Encase & FTK
(d) ACL
A. (a), (b) & (c) only B. (b) & (c) only C. (a) & (b) only D. All of the above
32. most popular software forensic tools include all of the following except:
A. Forensics Autopsy
B. QUICKEN
C. Forensics Toolkit
D. SMART
33. One very well-known software used for forensic analysis is .
A. IBM
B. Google
C. Encase
D. Forensic-ripper
34. Three conditions are necessary for a fraud to occur. These three conditions are:
A. need, dissatisfaction, and challenge
B. pressure, opportunity, and rationalization
C. no separation of duties, need, and no independent performance checks
D. challenge, motivation, and failure to enforce internal controls
35. If a company wishes to improve detection methods, they should do all of the following
except:
A. use forensic accountants
B. conduct frequent audits
C. encrypt data
D. all of the above improve detection of fraud
36. Refusal to take sick leave by employees will come under which component of Fraud
Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say
37. MS Excel has an Auditing Formula function known as :
A. Track Formula
B. Trace Dependents
C. Trace Formula
D. Track Reliability
38. A Forensic Auditor is not given any specific written mandate but a general consent to
investigate into a fraud for accounting manipulation in Customer accounts. After
completion of work, a note on which of the following aspect should NOT be included in
a Forensic Audit Report
A. Objectives that the Forensic Auditor has perceived and pursued during the
course of the investigation.
B. Severe deficiencies in the internal control mechanism observed by him with
regard to Vendor accounts which has immaterial relevance to the subject
fraud
C. A recommendation for volume/ quantum of punishment to be reprimanded
to the erring accountant against whom the Forensic Auditor has an explicit
evidence.
D. A limiting condition where certain file of important document for a specific
period that was not made available to the Forensic Auditor despite several
requests.
39. Which of the following is not a required part of an Identity Theft Prevention Program?
A. Reasonable policies and procedures to identify potential “red flags”
B. A dedicated phone line for customers to call in identity theft reports.
C. Specific procedures to detect the “red flags” identified as potential threats.
D. A plan for regularly re-evaluating the program.
40. A forensics lab will have dedicated areas for each of the following functions EXCEPT
_________.
A. forensics examination workspace
B. a secured locker area
C. a continuing education training centre
D. well-stocked inventory
41. The journal of a forensics specialist or expert will contain entries that provide the
following functions EXCEPT _______.
A. the description of WHO did WHAT and WHEN
B. the results of the examination
C. any actions taken to examine the evidence
D. any theories that result from the examination
42. Weakness in internal control environment will lead which kind of fraud-
A. Employee Red Flag
B. Management Red Flag
C. General Red Flag
D. None of above
43. Which of the following is not an example of an antishoplifting technique?
A. “Scarecrooks”
B. “Anne Droid”
C. Trojan Horse
D. Ponzi scheme
44. Lack of segregation of duties in vulnerable area will come under which component of
Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say
45. Suspicious” refers to which of the following:
A. Inconsistent signatures on file.
B. Driver’s license photo doesn’t match person.
C. Inability to recall mother’s maiden name.
D. Any and all of the above
46. Acquisition to ISO standard 27037, which of the following is an important factor in data
acquisition?
A. The DEFR’s Competency
B. The DEFR’s skills in using the command lines
C. Use of validated tools
D. Condition at the acquisition setting
47. Computer forensics does not involves ….
A. Interpretation,
B. Preservation,
C. Delimitation
D. Documentation
48. Secretly recording a suspect’s interview will :
A. assist you as electronic notes since it is not possible to always make
comprehensive handwritten notes
B. assist you to confront the suspect later if he/she changes his/her stand or
denies certain information given earlier
C. assist you, to limited extent, to build up evidence against the suspect in a
court of law
D. all the above
49. In the context of forensics, data is most analogous to ________.
A. files and folders
B. information
C. digital evidence
D. bits
50. The use of _____________________ may be particularly valuable in cases of white- collar
crime.
A. Fingerprint examiners
B. Forensic photography
C. Forensic accountants
D. None of the above
51. Which of the following is a not a power under PMLA?
A. Confiscation
B. Abatement of crime
C. Search & Seizure
D. Arrest
52. Social engineering facilitates what type of computer fraud?
A. Click fraud
B. Identity theft
C. Spoofing
D. Dictionary attacks
53. ……………………………... gives the expected frequencies of the digits in tabulated data.
A. Benford’s Law
B. Beneish Model
C. Relative Size Factor
54. While interviewing/interrogating an investigator should look for following outer
personality/attributes in a person to conclude him as a suspect or a non-suspect
I. Person’s dressing sense: the chances of the one being a suspect is more who dresses shabbily than the one who dresses immaculately
II. Person’s Gender : the chances of the one being a suspect is more if he is a Male than the one who is a Female
III. Other Characteristics like Race, Religion, Community, Color, Hierarchy, Age, Height Weight, no of years of service etc
A. All (I), (II) and (III) above
B. Only (III) above
C. Both (I) and (II) above
D. None
55. The following firm is not involved in accounting scandals:
A. Enron
B. Larson and Toubro
C. Worldcom
D. Satyam
56. Weak internal controls in an organization will affect which of the following elements of
fraud?
A. Motive
B. Opportunity
C. Rationalization
D. None of the above
57. Financial statement auditors, under SAS 99, are required to make inquires about
possible fraudulent activity of all of the following parties except:
A.bond holders.
B.audit committee members.
C.management.
D.internal auditors.
58. Accounts that can be manipulated in revenue fraud include all of the following except:
A. Accounts Receivable.
B. Inventory.
C. Sales Discounts.
D. Bad Debt Expense
59. Which of the following statement related to Fraud Risk Assessment (FRA) is
INCORRECT:
A. Evaluate whether identified fraud risk controls are operating effectively.
B. It is a one-time activity, not required to be performed on periodic basis.
C. Identify and map existing preventive and detective controls to the
relevant fraud risk.
D. Identify and evaluate residual fraud risk resulting from ineffective or non-
existent controls.
60. After you have identified the red flags of ID Theft that you’re likely to come across in
your business, what do you do next?
A. Set up procedures to detect those red flags in your day-to-day operations.
B. Train all employees who will use the procedures.
C. Decide what actions to take when a red flag is detected.
D. All of the above
61. One of the key success driver of Data Analysis is the ability to keep shuffling between
the bird’s eye view (i.e macro overview) vis-à-vis the ant’s view (i.e micro view) of the
data. In that context, which of the following techniques are useful for Forensic Auditor
to get Bird’s Eyeview Or Macro overview of the Data
(i) Missing / Gap Analysis (ii) Stratification (iii) Isolated Outliers (iv) Classification (v) Ageing Analysis (vi) Round Number Analysis
A. (i), (ii) and (iii)
B. (i), (iii) and (iv)
C. (ii), (iv) and (vi)
D. (ii), (iv) and (v)
62. ____________________ is a generic term which refers to all the legal and regulator aspects of
Internet and the World Wide Web
A. Cyber Law
B. Cyber Dyne
C. Cyber Café
D. Electronic Law
63. When was the first ever cybercrime recorded?
A. 1820 by Joseph-Marie Jacquard, a textile manufacturer in France
B. 1830 by Joseph-Marie Jacquard, a textile manufacturer in London
C. 1850 by Joseph-Marie Jacquard, a textile manufacturer in Roam
D. 1880 by Joseph-Marie Jacquard, a textile manufacturer in Japan
64. A system of checks and balances between management and all other interested parties
with the aim of producing an effective, efficient, and law-abiding corporation is known
as:
A. Corporate governance
B. Code of conduct
C. Transparency
D. Culture of compliance
65. Many indicators of fraud are circumstantial; that is, they can be caused by nonfraud
factors. This fact can make convicting someone of fraud difficult. Which of the following
types of evidence would be most helpful in proving that someone committed fraud?
A. Missing documentation.
B. Analytical relationships that don’t make sense.
C. A repeated pattern of similar fraudulent acts.
D. A general ledger that is out of balance.
66. All of the following are indicators of financial statement fraud except:
E. Unusually rapid growth of profitability.
F. Dependence on one or two products.
G. Large amounts of available cash.
H. Threat of a hostile takeover.
67. Disc imaging
I. bit stream duplicate
J. no alterations to original media
K. verify integrity
L. All of above
68. FTK's Known File Filter (KFF) can be used for which of the following purposes?
i. Filter known program files from view
ii. Calculate hash values of known files to evidence files.
iii. Filter out evidence that doesn't relate to your investigation.
M. I and ii
N. Ii and iii
O. I and iii
P. All of above
69. A ____ function is any well defined procedure or mathematical function for turning some
kind of data into a relatively small integer.
A. hash
B. metadata
C. encryption
D. decryption
70. Which of the following are strategies used to attempt to minimize piracy of software or
other intellectual property?
A. Encryption
B. Intellectual property laws
C. Legal copyrighting
D. All of the above
71. A denial of service attack occurs when the perpetrator:
A. sends e-mail bombs
B. eavesdrops
C. installs a logic time bomb
D. cracks a computer system
72. A fraud perpetrated by tricking a person into disclosing confidential information, such
as a password, is called
A. a Trojan horse
B. hacking
C. social engineering
D. scavenging
73. Which of the following is a method used to embezzle money a smallamount at a time
from many different accounts?
A. Data diddling
B. Pretexting
C. Spoofing
D. Salami technique
74. A challenge relating to Cyber-crimes is the collection of ____________________
A. electronic evidence
B. paper evidence
C. mechanical evidence
D. hardware evidence
75. Lie detector test does not include
A. Polygraph Test
B. Blood Group
C. Blood Pressure
D. Computer Analysis
76. the chronological documentation showing the seizure, custody, control, transfer,
analysis, and disposition of physical or electronic evidence
A. chain of custody
B. Documentary Evidence
C. Demonstrative evidence
D. None of these
77. What is the best response of a forensic professional to an attorney who asks a
hypothetical question?
A. Provide the best answer possible given the evidence and appropriately
emphasis the hypothetical nature of the question.
B. Demonstrate anger and register a protest.
C. Refuse to answer the question.
78. Which of the following is least likely to be considered a financial reporting fraud
symptom, or red flag?
A. Grey directors.
B. Family relationships between directors or officers.
C. Large increases in accounts receivable with no increase in sales.
D. Size of the firm.
79. Which of the following is the indicator of deception while conducting Forensic
Interview
A. Quick, spontaneous answers
B. Consistent strong denial
C. Direct, brief answers
D. Hesitant
80. Which of the following is NOT one of the major types of fraud classification schemes?
A. Employee embezzlement
B. Government fraud
C. Investment scams
D. Customer fraud
81. The Auditor’s Responsibilities Relating to fraud in an audit of Financial Statements are
specified in :
A. SA 240
B. SA 250
C. SA 300
D. SA 450
82. Which of the following is not a characteristic of computer viruses?
A. They can lie dormant for a time without doing damage
B. They can mutate which increases their ability to do damage
C. They can hinder system performance
D. They are easy to detect and destroy
83. Which of the following is not a type of external fraud?
A. Delivery of substandard goods at full price
B. Creating phony vendors
C. Phishing attacks
D. Cheating on travel expense reports
84. All of the following ratios are useful in detecting large revenue frauds except:
A. Gross profit margin. B. Working capital turnover. C. Accounts receivable turnover. D. Current ratio.
85. The ratio that is computed by dividing the number of days in a period by the inventory turnover ratio is:
A. accounts receivable turnover ratio.
B. inventory turnover ratio.
C. working capital turnover ratio.
D. number of days' sales in inventory.
86. According to the opportunity part of the fraud triangle, a person may do all of the following acts except
A. Convert the theft or misrepresentation for personal gain
B. Control the fraud
C. Commit the fraud
D. Conceal the fraud
87. The most common account(s) manipulated when perpetrating financial statement fraud are:
A. Inventory
B. Expenses
C. Revenues
D. Accounts Payable
88. Which of the following is NOT a method that is used for identity theft?
A. Dumpster diving
B. Phishing
C. Shoulder surfing
D. Spamming
89. General financial statement fraud can be detected through
A. audit
B. Surprise audits /cash counts.
C. Data mining
D. All of the above
90. Which of the following is not a skill needed by a Forensic Accountant?
A. Auditing Skills.
B. Criminology.
C. Sociology
D. Information Technology
MODEL TEST PAPER -2
1 A red flag indicates that the alert is.........
A. Old
B. Follow up
C. Urgent
D. New
2 A fraud which is perpetrated by scrambling a company's files is a:
A. data fraud
B. output fraud
C. computer instructions fraud
D. Input fraud.
3 E-commerce is the commercial transaction of services in a/an ______________
A. mechanical format.
B. electronic format
C. Paper
D. Stone
4 Which of the following refers to a business platform, involving a business entity and
consumers?
A. Business-to-consumer (B2C)
B. Business-to-business (B2B)
C. Consumer-to-business (C2B)
D. Consumer-to-consumer (C2C)
5 . The physical Cheque tempering prevention method in which extremely small
printing, too small to be read with naked eye becomes distorted when photocopied
is called _______.
A. High resolution microprinting
B. Microline printing
C. Watermark backers
D. None of above
6 Which among the following are the three payroll fraud schemes
i) Ghost employees ii) Temporary employees
iii) Falsified overtime iv) Commission
A. i , ii & iii
B. i , iii & iv
C. ii , iii & iv
D. i , ii & iv
7 In which of the following is the computer incidental to the crime?
A. Computer manipulation
B. Money laundering
C. Data alteration
D. Theft of services
8 In which of the following is a computer not incidental to the crime?
A. Computer manipulation
B. Money laundering
C. Criminal enterprises
D. Sex crimes
9 Which Standard on Auditing among the following describes the importance of red
flags:
A. SA 240
B. SA 210
C. SA 250
D. SA 260
10 The most popular software forensic tools include all of the following except:
A. Forensics Autopsy
B. QUICKEN
C. Forensics Toolkit
D. SMART
11 Hash values are used for which of the following purposes?
A. Determining file sizes
B. Filtering known good files from potentially suspicious data
C. Reconstruction file fragments
D. Validating that the original data hasn’t changed.
12 The verification function does the following?
A. Proves that a tool performs as intended
B. Creates segmented files.
C. Proves that two sets of data are identical via hash values
D. Verifies hex editors.
13 What are the Characteristics of an Interview
I. Establishing Rapport II. Careful listening
III. Accusatory IV. Dominate the Conversation
A. All (I), (II), (III) & (IV) above
B. Both (I) and (II) above C. Both (III) and (IV) above
D. None 14 Which of the following questions are interview based questions
I. "Did you plan this fraud out for months and months in advance or did it pretty much happen on the spur of the moment?"
II. “Were there any sales after office hours, before office hours?” III. “how are these cash memos generated?” IV. "What are your duties and responsibilities?“
A. All (I), (II), (III) & (IV) above B. Both (II) and (III) above C.(II) (III) and (IV)aboveD. None 15 The style of interviewer while handling fraud cases should be
I. He should be friendly and easy-going like cracking jokes and asking about hobbies and favorite things because the information is easily extracted from the anyone whom he gets friendly to
II. He should be strict, authoritative and accusatory because otherwise the suspect can take the investigator for granted and tell lies or not answer to what is being asked
III. He should be the one who does most of the talking and asking questions to which the suspect answers in Yes or No
IV. He should maintain a non-accusatory tone and firm demeanor during an interview. he should keep his questions brief and, whenever possible, elicit a narrative response from the subject
A. Both (I) and (III) above B Only (IV) above C Only (II) above D None 16 Most frauds involve three steps. These steps are:
A. access, opportunity, need
B. decrease assets, increase expenses, misappropriation
C. theft, conversion, concealment
D. input, processing, output
17 Which section of IT Act covers most of the common crimes arising out of “Unauthorised
Access”
A. Section 66
B. Section 67
C. Section 73
D. Section 74
18 The imaginary location where the word of the parties meets in conversation is referred
to as ________________.
A. Cyberspace
B. Space
C. Cyberdyne
D. Cybernet
19 Which of the following is not a method for stealing sales and receivables but a way of
using skimmed money
A. lon term skimming
B. short term skimming
C. Understated sales
D. Unrecorded sales
20 Which of the following sentence is true?
A. Lapping is the debiting one account and crediting of another account.
B. The legal definition of forgery includes only the signing of another person’s
name to a document with fraudulent intent.
C. Lapping is the crediting of one account through abstraction of money from
another account.
D. None of the Above
21 __________ are those cheque tempering schemes in which an employee intercepts a
company cheque intended for a third party and converts the cheque by signing the third
party’s name on the endorsement line of cheque.
A. Intercepted cheques
B. Altered payee schemes
C. Authorized maker scheme.
D. Forged endorsement scheme.
22 . Which of the following is an example of a crime associated with the prevalence of
computers?
A. Computer manipulation
B. Money laundering
C. Theft of services
D. Intellectual property violations
23 Which of the following crimes targets a computer?
A. Denial of service
B. Money laundering
C. Theft of services
D. Intellectual property violations
24 Which of the following best defines computer abuse?
A. Denial of service
B. Money laundering
C. An illegal act in which knowledge of computer technology is used to
commit the act
D. An intentional act involving a computer in which the perpetrator may
have gained at the victim’s expense
25 A red flag is.........
A. Indicator of fraud
B. Indicator of situation of fraud
C. A or B Both
D. Neither A nor B
26 Direct Observation is to determine.........
A. effect of red flag on organisation
B. Cost of identified loss
C. Potential loss
D. Historical Loss
27 Costly types of fraud include
A. Financial Statement Fraud
B. Check Forgery
C. Credit Card Fraud
D. All of the above
28 Hashing, filtering and file header analysis make up which function of digital forensics
tools?
A. Validation and Verification
B. Acquisition
C. Extraction
D. Reconstruction
29 What are the function of Extraction:
A. GUI Acquisition
B. Command line acquisition
C. Carving
D. Hashing
30 Disc imaging is used to:
A. bit stream duplicate
B. no alterations to original media
C. verify integrity
D. All of above
31 While interviewing/interrogating a suspect, an investigator should do the
following:
I. Listen only to what the suspect says and ignoring his behavioral attributes II. Don’t believe at all to what he says and concentrate only to his behavioral
attributes III. Rely on the opinion of what others are talking about him (his supervisor, his
colleagues and his juniors) and on his past history of manipulation. IV. Collect Documentary Evidence and corroborate it with explanation obtained
while interviewing/interrogating considering their behavior attributes on non-judgmental basis
A. Both (I) and (III) above B. Only (I) above C. Both (II) and (III) above D. Only (IV) above 32 In order for an act to be legally considered fraud it must be all of the following except:
A. A material fact B. An injury or loss suffered by the victim C. A false statement D. No intend to deceive
33 The World‟s first computer-specific statute was enacted in 1970, by the German state,
in the form of a ___________________ .
A. Data Protection Act.
B. Cyber Law
C. Copy right
D. Patent right.
34 Which of the following should be covered in employee anti-fraud training?
A. The exact procedures management uses to detect fraud
B. A detailed explanation of the company’s anti-fraud control
C. Examples of past transgressions and how they are handled
D. All of the above
35 Jackson is a receiving clerk at a warehouse. His job is to count the number of units in
incoming shipments, record the figures in receiving reports, and forward copies of the
reports to the accounts payable department. One day, Jackson received a box of 20
laptop computers at the warehouse. His wife's computer just broke, so he stole one of
the computers from the box. To conceal his scheme, Jackson sent a receiving report to
accounts payable that 20 computers arrived, but he only recorded 19 on the copy of the
receiving report used for the inventory records. What type of scheme did Jackson
commit?
A. An asset transfer scheme
B. A purchasing and receiving scheme
C. A non-cash larceny scheme
D. None of the above
36 Which of the following schemes refers to the falsification of personnel or payroll
records, causing paychecks to be generated to someone who does not actually work for
the victim company?
A. Falsified salary scheme
B. Record alteration scheme
C. Ghost employee scheme
D. Inflated commission scheme
37 . On recent Windows installations, the standard location for storing critical system files
is ________.
A. C:/Program Files/
B. C:/System/
C. C:/Important/
D. C:/Windows/
38 8. The intersection of a hard disk's sector and track is called a ________.
A. block
B. cluster
C. byte
D. bit
39 9. File system drivers impose limitations and boundaries, such as ________.
A. file usage
B. minimum file size
C. file name length
D. swap usability
40 . What is a “Hacktivist”?
A) Politically motivated hacker
B) Denial of service attacker
C) A proponent of Napster
D) A person engaging in an intentional act involving a computer in which
the person may have gained at the victim’s expense
41 . Which of the following individuals developed one of the first systems to define
computer crimes in 1976?
A) David Carter
B) Donn Parker
C) Jay Nelson
D) Robert Taylor
42 Which of the following is an example of a computer manipulation crime?
A) An intruder removes valuable information from a computer system.
B) Hacking
C) A person alters payroll records to attain a higher rate of pay.
D) Medical records are altered.
43 Employee life style changes (expensive car, jewelry) will come under which component
of Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say
44 Employee’s significant personal debt & credit problems will come under which
component of Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say
45 The reconstruction function is needed for which of the following purposes?
A. Re create a suspect drive to show what happened
B. Create a copy of a drive for other investigators
C. Recover file headers
D. Re create a drive compromised by malware
46 ___ is the set of instructions compiled into a program that performs a particular task.
A. Software
B. Hardware
C. OS
D. None of the above
47 Which of the following is Indicator of truth while conducting a forensic Interview
A. Week Denials
B. Direct Brief Answers
C. Verbal attacks directed at Interviewer
D. Answering with a different question
48 What is Voice Biometric
A. Technology for Voice recognition while Conducting interviews
telephonically
B. Voice Recognition for Service Access
C. Technology to authenticate a person’s voice
D. All of the Above
49 Which of the following pressures are classified as Management Characteristics that can
lead to financial statement fraud?
A. High management and/or employee turnover
B. Declining industry
C. New regulatory requirements that impair financial stability or
profitability
D. Intense pressure to meet or exceed earnings expectations
50 Which of the following is issued online for use over the Internet and is stored in an
electronic device such as a chip card or computer memory?
A. Hard Cash
B. Business Card
C. E-Cash
D. E- Card
51 With a view to facilitate ___________________, it is proposed to provide for the use and
acceptance of electronic records and digital signatures in the Govt. Offices and its
agencies.
A. Electronic Governance
B. Paper Governance.
C. Oral Testimony.
D. Mechanical Governance.
52 Data, record or data generated image or sound stored, received or sent in an electronic
form or micro film or computer generated micro fiche as per the [Sec., 2(t) of I.T. Act,
2000] means ______________________
A. Electronic Document.
B. Electronic Record
C. Hard Record
D. Hard Document.
53 Of the following, who should conduct physical observations of a company's inventory in
order to most effectively prevent inventory theft?
A. Warehouse personal
B. Purchasing agents
C. Purchasing supervisor
D. A sales representative 54 Which of the following fraudulent entries is most likely to be made to conceal the theft
of an asset?
A. debit expenses and credit the asset
B. debit the asset, credit another asset account
C. debit revenue , credit the asset
D. debit another asset account and credit the asset
55 Corporate officers who knowingly violate certification requirements under criminal
certifications (section 906) are subject to –
A. fine of up to $1 million or up to 10 years imprisonment
B. fine of up to $ 1 million and up to 10 years imprisonment, or both
C. fine of up to $ 5 million or up to 20 years of imprisonment
D. fine of up to $ 5 million and up to 20 years of imprisonment, or both.
56 Using metadata, forensics investigators can ________. (Select the three that apply)
A. search for files that were created at a specific time
B. filter files that do not contain evidence
C. filter files by size
D. search for file names that match patterns
57 On Linux and UNIX, the /home directory structure is the standard location for storing
________.
A. user installed applications
B. data specific to users
C. critical system files
D. temporarily deleted data
58 Which one of the following is a benefit of a RAID configuration of disks?
A. Capacity
B. Performance
C. Redundancy
D. All of the above
59 . An intruder removes valuable information from a computer system. What term
describes this crime?
A. Computer vandalism
B. Hacking
C. A person alters payroll records to attain a higher rate of pay.
D. Data alteration
60 11. Which of the following is a computer crime that deprives the legitimate owner of a
tangible asset?
A. Hacking
B. Money laundering
C. Manipulating the price of a stock
D. Salami slice
61 12. Which of the following is not a similarity between real-world stalking and cyber
stalking?
A) Most victims are women.
B) Most stalkers are men.
C) The stalker and victim are near to each other.
D) Stalkers are generally motivated by the desire to control the victim.
62 High Employee turnover especially in areas vulnerable to fraud will come under which
component of Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say
63 The type of forensics that involves examining malicious software
a) Software forensics
b) Hardware forensics
c) Network forensics
d) Digital forensics
64 Many password recovery tools have a feature for generating potential password lists
for a(n) ____ attack.
A. Password Dictionary
B. Brute Force Attack
C. Key Logger Attack
65 Voice Analysis can detect?
A. Temperament of a person during the interview
B. Whether person is lying
C. Whether he is telling the facts
D. All of the above
66 During the interview, what should be safety concerns must include
A. Awareness
B. Interview Location
C. Physical Red Flags
D. All of the above
67 The Sarbanes-Oxley Act is also called what?
A. Corporate Fraud Protection Act of 2002
B. Public Corporation Accounting Oversight Act
C. Public Company Accounting Reform and Investor Protection Act of 2002
D. Principles of Federal Prosecution of Business Organizations
68 The requirement to reimburse a company for any bonuses or other compensation
received during the 12-month period following the restatement of financials as a result
of misconduct is called:
A. Disgorgement
B. Executive penalty
C. Insider trading
D. Corporate accountability
69 The _________________ provides for authentication of a document by means of digital
signatures under Article 7.
A. E-Commerce
B. Model Law
C. E-Law
D. Dynamic Law.
70 According the IT act 2000, _______________ means a person who is intended by the
originator to receive the electronic record but does not include any intermediary.
A. “Address”
B. “Affixing Digital Signature”
C. “Computer Resource”
D. "Data"
71 Section 301 of the SOX requires that the auditor should report directly to ______.
A. Management
B. Government
C. Audit committee
D. Stakeholders/ Owners/Investors 72 Data is organized as files mostly because ________. (Choose the best answer)
A. computers cannot store very large files
B. it is easier for the computer to store many smaller chunks of data than it is to
store one large chunk of data
C. it is easier for people to store many smaller chunks of data than it is to store
one large chunk of data
D. people need to store their data with labels to make retrieval easier
73 13. Which of the following crimes may be facilitated by the use of a computer?
A. Loan-sharking
B. Drug rings
C. Prostitution rings
D. All of the above
74 Which of the following is the Security feature provided by bank to its
accountholders so that only authorized electronic transaction are allowed.
A. ACH
B. AHC
C. CAH
D. CHA
75 new process is always "called" or "created" as a result of ________.
A. the process manager reading programs from disk media
B. one process requesting a program to be loaded and executed
C. system processes starting new services
D. the memory manager reading the program file to start execution
76 Which two of the following answers do NOT describe the responsibility of the
memory manager?
A. Selecting which process to run
B. Allocating memory to processes
C. Swapping memory from RAM to Disk
D. Formatting newly allocated memory
77 A computer's boot process begins when what event occurs?
A. The computer BIOS turns on the processor.
B. The operating system loads.
C. The Master Boot Record is read.
D. The computer is powered on.
78 Which of the following crimes is done using a computer as the instrument?
A) Computer manipulation
B) Money laundering
C) Data alteration
D) Theft of services
MODEL TEST PAPER -3
I. NIST is
A. national institute of standard technology
B. national institute of service technology
C. national institute of security training
D. None of these
II. “Suspicious” refers to which of the following:
A. Inconsistent signatures on file.
B. Driver’s license photo doesn’t match person.
C. Inability to recall mother’s maiden name.
D. Any and all of the above.
III. Red Flag procedures must be implemented by individual departments. That means:
A. The procedures just have to be written and accessible to everyone.
B. The procedures have to be written and everyone needs to be trained to use
them.
C. The procedure & policy will be drafted
D. A & B Both
IV. Financial statement fraud is often attributed to pressures, such as all of the following
except:
A. Investment losses
B. Meeting analysts’ expectations
C. Deadlines, and cutoffs
D. Qualifying for bonuses
V. Which of the following is/are red flags for embezzlement:
A. Carrying usually large sum of money
B. Continuous rollover of loans
C. Significant downsizing in a healthy market
D. Photocopied or missing documents
VI. Which of the following is not a required part of an Identity Theft Prevention Program?
A. Reasonable policies and procedures to identify potential “red flags”
B. A dedicated phone line for customers to call in identity theft reports.
C. Specific procedures to detect the “red flags” identified as potential threats.
D. A plan for regularly re-evaluating the program.
VII. The Red Flag Rules apply to anyone who deals with-
A. Financing and credit
B. Retail merchants
C. University healthcare practices
D. All of above
VIII. Under the Red Flag Rules, all “covered accounts” must be marked
A. Small red flag symbol
B. Riskier red flag symbol
C. Red flags indicating high impact on financial statement
D. None of the above
IX. Personal Identification Information (PII) includes:
A. Any name or number.
B. Any name or number, used alone or in conjunction with any other information.
C. Any name or number that may be used, alone or in conjunction with any other
information, to identify a specific individual.
D. None of the above.
X. There are many threats to accounting information systems. Which of the following is an
example of an Intentional Act
A. War and attack by terrorists
B. Hardware or software failure
C. Computer fraud
D. Logic errors
XI. The _________________ provides for authentication of a document by means of digital
signatures under Article 7.
A. E-Commerce
B. Model Law
C. E-Law
D. Dynamic Law.
XII. A virus can infect a system by:
A. Booting up a computer with an infected disk
B. Running an infected program
C. Opening a file on a disk that is infected
D. All of the above
XIII. In the United States, approximately what percentage of software in use is pirated?
A. 90%
B. 75%
C. 26%
D. 10%
XIV. Is the science of ________________ is the science of acquiring, preserving, retrieving, and
presenting data that has been processed electronically and stored on computer media.
A. Anonymous remailing
B. Digital forensic analysis
C. Using a firewall
D. None of the above
XV. Which of the following describes a firewall?
A. A copy of data
B. Data that cannot be lost
C. Digital forensic analysis
D. Device or software that acts as a checkpoint between a network or stand-
alone computer and the Internet
XVI. Which of the following techniques do not help prevent computer crime?
A. Backups
B. Digital forensic analysis
C. Firewalls
D. Encryption
XVII. The type of forensics that involves analyzing information stored in a storage media such
as a hard drive
A. Disc Forensics
B. Network Forensics
C. Live forensics
D. Internet forensics
XVIII. There are three c's in computer forensics. Which is one of the three?
A. Control
B. Chance
C. Chains
D. Core
XIX. The investigator-in-charge is suppose to Identifying and _____________ e-evidence.
A. Collecting
B. Classification
C. Analyzing
D. None of these
XX. __________ are those cheque tempering schemes in which an employee intercepts a
company cheque intended for a third party and converts the cheque by signing the third
party’s name on the endorsement line of cheque.
A. Intercepted cheques
B. Altered payee schemes
C. Authorized maker scheme.
D. Forged endorsement scheme.
XXI. Of the following, who should conduct physical observations of a company's inventory in
order to most effectively prevent inventory theft?
A. Warehouse personal
B. Purchasing agents
C. Purchasing supervisor
D. A sales representative
XXII. The process by which several bidders conspire to split contracts up and ensure each gets
a certain amount of work is called
A. Bid pooling
B. Fictitious suppliers
C. Kickback payments
D. Bidding agreements
XXIII. Bribery schemes generally fall into two broad categories which are-
I. Kickbacks
II. Overbilling schemes
III. Bid rigging schemes
IV. Extortions
A. I and II
B. I and III
C. II and IV
D. II and III
XXIV. Which of the following is Indicator of truth while conducting a forensic Interview
A. Week Denials
B. Direct Brief Answers
C. Verbal attacks directed at Interviewer
D. Answering with a different question
XXV. Confrontational Interviews and recording of any interviews should be done
A. With the advice of legal counsel only if there is need to prosecute the fraudster later.
B. With the advice of legal counsel to get proper legal guidance to protect the
interviewer, the Company, Directors/Management and prosecute the
fraudster later if needed.
C. Without the advice of legal counsel since the confidentiality of strategy is
compromised.
D. Without the advice of legal counsel since they have no role to play till the fraud is
established.
XXVI. The possible profiles of a fraud perpetrator are
A. Very friendly, but self centered and egoistic
B. Unfriendly and an introvert
C. Surly and angry but good in work
D. Very slow in work that he/she is used to doing for years together
XXVII. Which one of the following would be considered an informal written communication?
A. An electronic document such as a spreadsheet that is attached to an email update to
an attorney
B. An email that updates a peer investigator on the status of a particular case
C. A disk image that is sent to a peer investigator for review
D. An email that notifies an attorney that all evidence has been reviewed and analysed
XXVIII. Forensic reports are written to answer questions about which one of the following
topics? (Select the BEST answer)
A. Forensic investigations involving computer crime
B. All forensic investigations
C. Intrusion/Incident response and vulnerability assessment
D. All incidents involving investigations, vulnerability assessment, and intrusion
response
XXIX. What is the basic purpose of any digital forensic report? (Select the BEST response)
A. Report who did what and when.
B. Report the conclusion of the investigation.
C. Report what was done and what was found.
D. List or itemize the evidence.
XXX. The process of providing answers to the legal system is called ________.
A. Investigation
B. Evidence reporting
C. Question answering
D. Deposition
XXXI. Which one of the following question answers would NOT be found in the executive
summary portion of the forensic report?
A. Why the investigation was initiated
B. What forensic challenges were faced and overcome in the investigation
C. Who authorized the investigation
D. What significant results were found
XXXII. Which one of the following would NOT be included in the "full documentation" of
evidence collected?
A. Who collected the evidence
B. What evidence was collected
C. The version of software that produced the evidence
D. The procedure followed to collect the evidence
XXXIII. Which one of the following definitions best describes informal reports for digital
forensic investigations?
A. All written or electronic reports that document results from a digital forensic
investigation
B. Reports on investigations that are not made directly to a judge or jury
C. All oral reports that are presented to court in addition to all written or electronic
documents resulting from an investigation.
D. Reports on digital investigations made in casual attire to a board of directors or
one's employers
XXXIV. Why would a digital forensic expert be expected to write "absolutely nothing unless it is
a fact supported by evidence"?
A. It may confuse the forensic reporter who produces the final written report years
after the investigation concludes.
B. It is a principle of computer forensics to think through all statements before
committing them to paper or electronic document.
C. The evidence may later be excluded from the investigation.
D. It may be disclosed in discovery and inadvertently cast a shadow of doubt on
the case.
XXXV. Which one of the following is an example of formal oral reporting for a crime involving
digital computers?
A. Swearing-In
B. Record
C. Deposition
D. Testimony
XXXVI. Which officer in a company is most likely to be the perpetrator of financial statement
fraud?
A. Chief financial officer (CFO).
B. Chief operating officer (COO).
C. Chief executive officer (CEO).
D. Controller.
XXXVII. When looking for financial statement fraud, auditors should look for indicators of fraud
by:
A. Evaluating changes in financial statements.
B. Examining relationships the company has with other parties.
C. Examining operating characteristics of the company.
D. All of the above.
XXXVIII. The three aspects of management that a fraud examiner needs to be aware of include all
of the following except:
A. Their backgrounds.
B. Their religious convictions.
C. Their influence in making decisions for the organization.
D. Their motivations.
XXXIX. In the Phar-Mor fraud case, several different methods were used for manipulating the
financial statements. These included all of the following except:
A. Funneling losses into unaudited subsidiaries.
B. Recognizing revenue that should have been deferred.
C. Overstating inventory.
D. Manipulating accounts.
XL. Most financial statement frauds occur in smaller organizations with simple
management structures, rather than in large, historically profitable organizations.
This is because:
A. It is easier to implement good internal controls in a small organization.
B. Management fraud is more difficult to commit when there is a more formal
organizational structure of management.
C. People in large organizations are more honest.
D. Smaller organizations do not have investors.
XLI. Management fraud is usually committed on behalf of the organization rather than
against it. Which of the following would not be a motivation of fraud on behalf of an
organization?
A. CEO needs a new car.
B. Pressure to meet expected earnings.
C. Restructure debt covenants that can’t be met.
D. A highly competitive industry.
XLII. During an audit, an auditor considers the conditions of the auditee and plans the audit
accordingly. This is an example of which of the following?
A. Zero-order reasoning.
B. First-order reasoning.
C. Fraudulent reasoning.
D. High-order reasoning.
XLIII. In the context of strategic reasoning, if an auditor only follows the established audit
plan and does not consider other factors relating to the auditee, then this is an example
of which of the following?
A. Zero-order reasoning.
B. First-order reasoning.
C. Fraudulent reasoning.
D. Higher-order reasoning.
XLIV. In recent years, many SEC investigations have taken place on the improper issuance of
stock options to corporate executives. These practices increase executive compensation
at the expense of shareholders. This practice is known as:
A. Backdrafting stock options.
B. Stock option reversals.
C. Stock option extensions.
D. Backdating stock options.
XLV. Backdating is:
A. Deliberately changing stock options for the purpose of securing extra pay for
management.
B. Using insider information to profit from stock trading.
C. Using "bucket" accounts rather than recording cost of goods sold.
D. Banks providing favorable loans to companies in return for the opportunity to make
money from other transactions and fees.
XLVI. Generally accepted accounting principles (GAAP):
A. Tend to be more principles-based than standards in other countries.
B. Enable companies to find specific rules to support their fraudulent transactions.
C. Tend to be more objectives-based than standards in other countries.
D. Allow for companies to exploit loopholes in the standards.
XLVII. Committing financial statement fraud is easiest:
A. In large, historically-profitable organizations.
B. When decision making is done by one or two individuals.
C. When three or more people work together to cover up the fraud.
D. With an active audit committee and board of directors.
MODEL TEST PAPER -4
1. Who are the primary victims of financial statement fraud?
A. Middle management
B. Organizations that buy goods or services
C. Analysts
D. Stockholders
2. A forensics certification provides _________.
A. a reason for continuing education
B. external validation of one's forensics skills
C. breadth in the computer industry
D. depth in a particular subject
3. Payment to vendors who aren’t on an approved vendor list, a -
A. Management Red flag
B. Red flag in purchasing
C. Red flag in payroll
D. Red flag in account receivable
4. Sudden activity in a dormant banking account, a-
A. Management Red flag
B. Red flag in purchasing
C. Red flag in payroll
Red flag in cash/ account receivable
5. How frequently do most people rationalize?
A. Sometimes
B. Often
C. Never
D. Rarely
6. Fraudulent financial reporting is most likely to be committed by whom?
A. Line employees of the company
B. Outside members of the company’s board of directors
C. Company management
D. The company’s auditors
7. Who Commits Financial Statement Fraud:
A. Senior Management
B. Middle and lower level employees
C. Organized Criminals
D. All the above
8. SA 250 related to:
A. Auditor’s Responsibilities Relating to fraud in an audit of Financial Statements
B. Consideration of Laws and Regulations in an Audit of Financial Statements
C. Both A and B
D. None of the above
9. Maximum Imprisonment Punishment for fraud for criminal liability as per Section 447
of Companies Act, 2013.
A. 3 Years
B. 5 Year
C. 7 Year
D. 10 Year
10. Why Do People Commit Financial Statement Fraud
A. To conceal true business performance
B. To preserve personal status/control
C. To maintain personal income/wealth
D. All the above
11. The reconstruction function is needed for which of the following purposes?
E. Re create a suspect drive to show what happened
F. Create a copy of a drive for other investigators
G. Recover file headers
H. Re create a drive compromised by malware
12. The following is used as forensic software except ____.
A. The Coroner’s Toolkit
B. Outlook
C. ILook
D. Forensic Toolkit
13. When conducting _________ analysis, the first step is to recover undeleted files.
A. Research
B. Forensic
C. Process
D. Security
14. Because the federal Red Flag Rules are so comprehensive, Minnesota’s state laws
concerning identity theft prevention no longer apply.
A. True
B. False
C. Depends on situation of identity theft
D. Can’t say
15. Theft of an employer’s property which was not entrusted to employee will be defined
as-
A. Lapping
B. Larceny
C. Check kitting
D. None of the above
16. A “habitual criminal” who steals for the sake of stealing is known as-
A. Psychotic
B. Egocentric
C. Ideological
D. Economic
17. A Personal prestige, goal achievement is termed as
A. Psychotic
B. Egocentric
C. Ideological
D. Economic
18. Which of the following statements is CORRECT: As per Beneish Model:
A. A score less than -2.22 indicates a strong likelihood of a firm being a
manipulator.
B. A score greater than -2.22 indicates a strong likelihood of a firm being a
manipulator.
C. A score between -2.22 and +2.22 indicates a strong likelihood of a firm being
a manipulator.
D. A score between -2.22 and +7.88 indicates a strong likelihood of a firm being
a manipulator.
19. Ideological means-
A. Personal prestige, goal achievement.
B. Cause is morally superior, justified in making other victims
C. Desperate need for money, greed, economic achievement
D. None of the above
20. What is a telephone “phreaker”?
A. People who obtain free cellular phone service through theft or forgery of
subscriber information or through employee collusion.
B. People who exploit weaknesses in the cellular network’s technology to
defraud the cellular service provider.
C. People who stalk others on the Internet.
D. People who trick telephone systems into believing that long-distance and
airtime are being legitimately purchased.
21. Which of the following is not a tool utilized by computer criminals?
A. NMAP
B. ToneLoc
C. Cyber-stalker
D. Cryptanalysis
22. What is the purpose of cryptanalysis software?
A. Breaking encryption
B. Taking advantage of a security hole
C. Impairing or destroying function in a computer
D. Delivering attack software
23. What is the delivery vehicle of choice for exploit software?
A. NMAP
B. Cryptanalysis
C. Tone Loc
D. Trojan Horse Programs
24. What is the primary distinction between viruses and worms?
A. Worms do not rely on a host program to infect.
B. Worms masquerade as legitimate while causing damage.
C. Viruses do not rely on a host program to infect.
D. A computer virus is active without a host.
25. Which of the following is not a feature of a “cookie”?
A. It is saved on the user’s hard drive.
B. It tracks which sites a computer has visited.
C. It may assist in an investigation.
D. They are evil programs that scan the hard drive of a computer.
26. Which of the following describes the demographic profile of a hacker?
A. White male
B. 14 to 25 years of age
C. Highly intelligent, yet an underachiever in school
D. All of the above
27. ________________ is the science of acquiring, preserving, retrieving, and presenting data
that has been processed electronically and stored on computer media.
A. Anonymous remailing
B. Digital forensic analysis
C. Using a firewall
D. None of the above
28. The term disk geometry refers to ________.
A. the physical dimensions of the storage media
B. the number of blocks on the disk
C. the total size and number of cylinders, heads, and sectors
D. the number of bits that can be stored on the disk
29. The stored bits of flash media are located in ________.
A. rooms
B. cells
C. sectors
D. blocks
30. Which of the following are challenges to data recovery for "highly available" memory?
A. The data is distributed across several physical disks.
B. The data is encrypted.
C. The "highly available" solution contains unusually large and un-wieldy
capacity.
D. The data cannot be made unavailable for any length of time and therefore
proper.
31. Which of the following statements is true about a computer's boot process?
A. The boot process begins when the Central Processing Unit is initialized.
B. The user can accelerate the boot process by pressing "Windows" key (also
known as the turbo button).
C. The first process in Linux is called 'kernel'.
D. A Power-On Self-Test is performed once firmware is loaded
32. Which one of the following questions is NOT one to be answered by the investigation
plan?
A. Where is the evidence likely to be located?
B. What age is the suspect?
C. What local laws and court processes will affect this investigation?
D. What skills are needed to extract the evidence?
33. Vulnerability assessment experts will perform the task of ________. (Select the three that
apply)
A. assessing the prevalence of a known weakness by scanning entire networks
B. assessing the damage and impact of an exploited vulnerability
C. scanning hosts for known weaknesses and vulnerabilities
D. validating the integrity of the host or network equipment
34. Which three of the following would help investigators set the scope for strategies to
extract evidence from acquired images?
A. The password of the suspect
B. The type of files that are not sought by a warrant
C. The question or questions to be answered by the evidence
D. Items found in pockets of clothing owned by the suspect
35. A process is best described as a _______.
A. list of steps to complete a procedure
B. list of steps which together complete a single task or part of a task for a
forensics investigation
C. list of tasks which together complete a forensics investigation
D. list of tasks that together complete one step in a procedure
36. Separation of duties within an investigation describes how _______ and _______ should be
accomplished by different staff.
A. collection of physical evidence / collection of digital evidence
B. extraction / acquisition
C. acquisition / validation
D. All of the above
37. In order to maintain the _________, both a single-evidence form and a multi-evidence
form are used to document and catalog evidence.
A. proper signatures
B. evidence validation
C. image reconstruction
D. chain of custody
38. According to the Federal Rules for Evidence (FRE) section 702, the opinion of an expert
witness can be based on all of the following EXCEPT ________.
A. the product of consultations from peers with other expertise
B. sufficient facts or data
C. the product of accepted and reliable principles or methods
D. application of accepted and reliable principles or methods
39. Which one of the following factors can sabotage the quality of digital evidence reports
between the investigation and the presentation of the evidence to a court?
A. A forensic professional reporting the work of a retired forensic investigator.
B. The promotion of the detective who had been leading a criminal investigation.
C. The procedures used to analyze the data may have been invalidated by court.
D. All of the above
40. The best evidence rule of a case is the expectation that the evidence of a case ________.
A. is the prime evidence that prove the theory of an attorney
B. has been collected with the best and most current software tools available
C. is the best and most scientific evidence collection procedures for that case
D. is the best available evidence given the nature of the case
41. Which three "off-the-job" characteristics below are used to determine the "quality" of
an expert witness?
A. Income level of the expert
B. The nature of the expert's morals
C. Compliance with laws expected of average citizens
D. Compliance with ethic standards for average citizens
42. Examination can be described as telling a story that ________.
A. uses digital forensic investigators to support facts of the story with evidence
B. disproves alternative theories when necessary
C. presents evidence by asking digital forensic investigators to provide "question
answers"
D. All of the above
43. Employee embezzlement can be direct or indirect. Indirect fraud occurs when:
A. an employee uses company assets to run his/her private business
B. employees establish dummy companies and have their employers pay for
goods that are not actually delivered
C. an employee receives a kickback from a vendor
D. an employee steals company cash, inventory, tools, or other assets
44. Which of the following is NOT a way in which fraud can be committed?
A. By false representation
B. By failing to disclose information
C. By abuse of position
D. By obtaining property by deception
45. Audits, public record searches, and net worth calculations are used to gather what type
of evidence in fraud investigation?
A. Testimonial
B. Forensic
C. Documentary
D. Observation
46. Which of the following is NOT a part of the evidence square?
A. Management evidence
B. Documentary evidence
C. Testimonial evidence
D. Physical evidence
47. Section 447 of the Companies Act, 2013 defines fraud - Any act/ omission/
concealment of any fact committed by any person or other person (third party) with
connivance in any manner with intent to deceive/ gain undue advantage or to injure
interest of:
A. Company
B. Shareholders
C. Creditors
D. All the Above.
48. Fine/Penalty Punishment for fraud for civil liability as per Section 447 of Companies
Act, 2013
A. Equal to the amount of fraud
B. 2 times of amount of fraud
C. 3 times of amount of fraud
D. 4 times of amount of fraud
49. Which of the following is an example of the crime of counterfeit credit card fraud?
A. An illegally obtained credit card is used to pay for a purchase
B. An illegally created credit card is used to pay for a purchase
C. An illegally altered credit card is used to pay for a purchase
D. A credit card is obtained and used based on false application information
50. Which of the following recommendations may prevent identity fraud?
A. Patrol residential areas on trash collection days
B. Enforce trespass laws at dump sites
C. Advise citizens to shred documents
D. All of the above
51. A computer crime that involves attacking phone lines is:
A. data diddling
B. phreaking
C. phishing
D. pharming
52. Hackers use all of the techniques except:
A. war dialing
B. war driving
C. war chalking
D. war walking
53. The computer crime of piggybacking
A. involves the clandestine use of another user's WIFI
B. usually results from spamming
C. requires the permission of another user to gain access
D. None of the above
54. A network of computers used in a denial-of-service (DoS) attack iscalled a (an):
A. Worm
B. Botnet
C. Rootkit
D. Splog
55. Spyware infections came from:
A. worms/viruses
B. drive-by downloads
C. file-sharing programs
D. All of the above
56. Which of the following is a method used to embezzle money a smallamount at a
time from many different accounts?
A. Data diddling
B. Pretexting
C. Spoofing
D. Salamitechnique
57. A computer fraud and abuse technique that steals information, tradesecrets, and
intellectual property.
A. Cyber-extortion
B. Data diddling
C. Economic espionage
D. Skimming
58. Which of the following is a threat that organizations need to take account of in
cyberspace?
A. Password
B. Objectionable content filter
C. Denial of service attack
D. Firewall
59. Desperate need for money, greed, economic achievement termed as-
A. Psychotic
B. Egocentric
C. Ideological
D. Economic
60. Stealing money from one customer account & crediting into another customer account
is known as-
A. Lapping
B. Larceny
C. Check kitting
D. None of the above
61. Which among the following will not be an example of Green flag-
A. Auditee nice behavior with auditor during audit (eg. Offering drinks during
lunch)
B. Auditee is too much friendly with staff and vendors
C. Regular receipt of material of same qty
D. Employee with few or no payroll deductions
62. Factors contributing to red flag includes-
A. Poor Internal Controls
B. Management overrides Internal Control
C. Collusion between employees & third party
D. All of the above
63. Management Red Flags is/are-
A. Management decisions are dominated by an individual or small group
B. Managers engage in frequent disputes with auditors
C. Reluctance to provide information to auditors
D. All of the above
64. Common Types of Fraud in School Districts would be-
A. Unreimbursed personal calls
B. Theft of inventory items.
C. Inappropriate charges to a travel or account payable voucher
D. All of the above
65. Employees with duplicate social security numbers, names and addresses, a-
A. Management Red flag
B. Red flag in purchasing
C. Red flag in payroll
D. Red flag in cash/ account receivable
66. Excessive number of year end transaction, a
A. Management Red flag
B. Red flag in purchasing
C. Red flag in payroll
D. Red flag in cash/ account receivable
1. The process of dividing large data and rearranging it into logical groups is called
A. Encryption
B. Sampling
C. Stratification
D. Steganography
2. The First step in data analytics is
A. Data classification
B. Data cleansing
C. Data Stratification
D. Data Analysis
3. The function (in Excel) which is useful in fetching value from another database; and
also useful for linking two databases is:
A. Sum if
B. V Lookup
C. H Lookup
D. Transpose
4. Which of the following is (are) success factor(s) in auditing huge voluminous data in
electronic form?
A. Balance and effective use of
both CAT-Tool and CAT-Technique
B. Only use of CAT-Tool
C. Only use of CAT-Technique
D. None of the above
5. In detecting fraud, CAATTs are indispensable because of which of the following
reasons
A. Increasing Audit Regulations
B. Scarce Resources
C. Data Volume and paperless records
D. All of the above
6. Which of the following are Database Functions?
A. IF’ in Combination with ‘AND’ & ‘OR’ B. Pivot Table
C. All of the above
D. None of the above
7. Flaws in data provided for audit can be detected through which of the following?
A. Detecting Missing/Gaps B. Finding Duplicates C. Both of the above
D. None of the above
8. The process of arranging data into homogenous group or classes according to some
common characteristics present in the data is called__________
A. Classification
B. Steganography
C. Encryption
D. Data recovery
9. Pivot Table is useful for which of the following?
A. Expanding and collapsing levels to focus on results, drill-downs to details from
the summary
B. Subtotaling and aggregating numeric data, summarizing data by categories and
subcategories, and creating custom calculations and formulae.
C. Filtering, sorting, grouping and Moving rows to column or vice-versa; see
different summaries
D. All of the above
10. Which of the following are (is) CAAT – Tool(s)?
A. Generalized audit software such as ACL, Active Data
B. Common software such as MS Excel, Lotus
C. All of the above
D. None of the above
11. In a fraud investigation assignment, which of the following is (are) matter(s) of
concern?
A. Green flag
B. Red flags
C. All of the above
D. None of the above
12. Which of the following is NOT correct with regard to Benford’s law?
A. It is a mathematical tool to help detecting possible fraud
B. It suggests an expected digit frequency
C. The records should represent the sizes of factors or events
D. All the records should be sequentially numbered such as roll numbers of students in a class
13. Which of the following are EXPECTATIONS from forensic audit?
A. Identify wrongdoer and monetary Impact
B. Collect Evidences as admissible in legal proceedings.
C. Identify the control weakness and advise for corrective actions.
D. All of the above
14. A Forensic Auditor would focus on which of the following?
A. Data beyond documents
B. Reality checking
C. All of the above
D. None of the above
15. Which of the following is/are NOT a useful technique(s) in fraud detection?
A. Distrust the obvious
B. Juxta position
C. 3-D Vision
D. Encryption
16. To be successful, the Forensic team as a whole should have knowledge of which of the
following domains?
A. Law
B. Criminology
C. Accounting and investigative auditing
D. All of the above
17. Which of the following is Not a good quality of an effective forensic auditor?
A. Having specialized knowledge in accounting, audit, law and criminology domains
B. Possessing Communicative skills, Absolute clear thinking and Open mindedness
C. Deceit and distrust
D. Demonstrating tactic and investigative skills
18. Which of the following methods are employed to solicit information about a person’s
honesty?
A. Interview
B. Graphology
C. Voice Stress Test & Polygraphs
D. All of the above
19. Which of the following is the CENTRAL purpose of the interview?
A. Threatening the suspect
B. Forcing the suspect to agree to the pre-defined purpose
C. Find evidence to suspend the employee on disciplinary grounds
D. Gathering and assimilating relevant facts
20. Which of the following is(are) interviewing technique(s)?
A. Kinesics
B. Cognitive
C. Both
D. None
21. Which of the following is NOT a characteristic of a successful Interview?
A. Objective in scope
B. Aimed at gathering information in fair and impartial manner
C. Being of sufficient ‘length and depth’
D. Ending on a negative note
22. People in crises demonstrate the following sequence of reactions?
A. Denial
B. Rationalisation
C. Acceptance
D. All of the above
23. Depending on the type of interviewees, they should be dealt with differently. Which
of the following describes the type(s) of interviewees?
A. Friendly
B. Neutral
C. Hostile
D. All of the above
24. The forensic audit team should include all the below mentioned EXCEPT-
A. Legal expert
B. Data Analyst
C. Accountant
D. Fraudster
25. Which of the below mentioned elements of conversation does NOT inhibit and
facilitate effective communication?
A. Showing courtesy and Respect
B. Threatening Demeanor
C. Being an Active Listener
D. Being thorough but remain relevant
26. Which of the following is NOT an effective Mechanism while for a successful
interview?
A. Taking notes
B. Maintaining eye contact
C. Maintaining Privacy
D. Making overall opinions or impressions of a witness
27. Which of the following is (are) types of questions that can be used in an interview?
A. Informational
B. Assessment
C. Admission seeking
D. All of the above
28. Which of the following is NOT a red flag:
A. Negative Cash flows
B. Paid dividend per payout ratio
C. Significant sales to related parties
D. Sudden increase in profits for specific quarters
29. The most cost-effective way to minimize the total cost of fraud is
A. Investigation
B. Detection
C. Prevention
D. Prosecution
30. The chances of fraud would be HIGH if:
A. Pressures and opportunities are high and personal integrity is low
B. Pressures and opportunities are low and personal integrity is high
C. Both A&B
D. Neither A Nor B
31. Which of the following statements is most correct regarding errors and fraud?
A. Frauds occur more often than errors in financial statements.
B. Errors are always fraud and frauds are always errors.
C. An error is unintentional, whereas fraud is intentional.
D. Auditors have more responsibility for finding fraud than errors.
32. Which of the following is the single largest source for fraud detection?
A. Inspections by Regulatory authorities
B. Statutory Audit
C. Tips
D. Internal Audit
33. SA 250 is related to:
A. Auditor’s Responsibilities Relating to fraud in an audit of Financial Statements
B. Consideration of Laws and Regulations in an Audit of Financial Statements
C. Both A and B
D. None of the above
34. Sec. 25 of the IPC defines term fraudulently as Intent to defraud.
Which of the following form(s) element(s) of ‘Defraud’?
A. Deceit or intention to deceive
B. Actual or possible injury
C. Both (A) & (B)
D. Neither A nor B
35. FATF works to
A. Conducts trial of those whose involvement is suspected in the anti-money
laundering (AML) and counter-terrorist financing (CTF) areas.
B. Formulates rules and regulations to govern international stock exchanges to
improve transparency for better governance of market related activities
C. Formulates standards and defines procedures for manufacturers of electronic
equipment to ensure consumers get the compatible products across the globe and
thereby reduce cybercrime
D. Generate the necessary political will to bring about national legislative and
regulatory reforms in the anti-money laundering (AML) and counter-terrorist
financing (CTF) areas.
36. Which of the following significant features of the Prevention of Anti Money Laundering Act
(PMLA) is NOT true?
A. The Act Overrides contrary provisions of other laws
B. CPC Not to be followed by Adjudicating Authority, Appellate Authority and
Special Courts
C. Offences are non-cognizable and bailable
D. Onus to prove not guilty lies on the person charged
37. Which of the following categories of entities are obliged to comply with the requirements
under the Prevention of Anti Money Laundering Act (PMLA)?
A. Banking Companies
B. Financial Institutions
C. Intermediaries
D. All of the above
38. Which of the following \obligations are covered under the Prevention of Anti Money
Laundering Act (PMLA)?
A. Maintenance of Records
B. Furnishing of information
C. Verification of identity of the clients.
D. All of the above
39. Why Do People Commit Financial Statement Fraud?
A. To show better business performance on paper
B. To preserve / improve market perception
C. To show compliance with certain loan covenants
D. All of the above
40. Which of the following is (are) used as forensic software(s) ?
A. The Coroner’s Toolkit
B. ILook
C. Forensic Toolkit
D. All of the above
41. Which of the following represent(s) payroll related red flag(s)
A. Large no. of Write- off of accounts
B. Overtime time charged during a slack period
C. Excessive or unjustified transactions
D. None of the above
42. Which of the following statements is CORRECT: As per Beneish Model:
E. A score between -2.22 and +7.88 indicates a strong likelihood of a firm being a
manipulator.
F. A score greater than -2.22 indicates a strong likelihood of a firm being a
manipulator.
G. A score between -2.22 and +2.22 indicates a strong likelihood of a firm being a
manipulator.
H. A score less than -2.22 indicates a strong likelihood of a firm being a
manipulator.
43. Distinction between viruses and worms is..
A. Worms do not rely on a host program to infect.
B. Worms masquerade as legitimate while causing damage.
C. Viruses do not rely on a host program to infect.
D. A computer virus is active without a host.
44. Which of the following statements is true about a computer's boot process?
A. The boot process begins when the Central Processing Unit is initialized.
B. The user can accelerate the boot process by pressing "Windows" key (also known
as the turbo button).
C. The first process in Linux is called 'kernel'.
D. A Power-On Self-Test is performed once firmware is loaded
45. Assessing the damage and impact of an exploited vulnerability is the task performed
by:
A. Vulnerability assessment experts
B. System architects
C. Computer operators
D. Application development programmers
46. In order to maintain the _________, both a single-evidence form and a multi-evidence
form are used to document and catalog evidence.
A. Proper signatures
B. Evidence validation
C. Image reconstruction
D. Chain of custody
47. As per the Report to the Nations 2014, issued by the ACFE, impact of the Fraud
(Globally) is estimated as:
A. 0.5%
B. 2.5%
C. 5%
D. None of the above
48. Audits, public record searches, and net worth calculations are used to gather what
type of evidence in fraud investigation?
A. Testimonial
B. Forensic
C. Documentary
D. Observation
49. Which of the following is NOT a part of the evidence square?
A. Management evidence
B. Documentary evidence
C. Testimonial evidence
D. Physical evidence
50. Section 447 of the Companies Act, 2013 defines fraud - Any act/ omission/
concealment of any fact committed by any person or other person (third party) with
connivance in any manner with intent to deceive/ gain undue advantage or to injure
interest of:
A. Company
B. Shareholders
C. Creditors
D. All of the Above.
51. Which of the following is an example of the crime of counterfeit credit card fraud?
A. An illegally obtained credit card is used to pay for a purchase
B. An illegally created credit card is used to pay for a purchase
C. An illegally altered credit card is used to pay for a purchase
D. A credit card is obtained and used based on false application information
52. A computer crime that involves attacking phone lines is:
A. Data Mining
B. Phreaking
C. Data Didling
D. Spamming
53. Hackers use all of the techniques except:
A. war dialing
B. war driving
C. war chalking
D. war walking
54. Social engineering facilitates what type of computer fraud?
A. Piggy backing
B. Identity theft
C. Spoofing
D. Shoulder surfing
55. The computer crime of piggybacking
A. involves the clandestine use of another user's WIFI
B. usually results from spamming
C. requires the permission of another user to gain access
D. None of the above
56. A network of computers used in a denial-of-service (DoS) attack is called a (an):
A. Worm
B. Botnet
C. Key logger
D. Virus
57. Which of the following is a method used to embezzle money a small amount at a time
from many different accounts?
A. Data diddling
B. Pretexting
C. Spoofing
D. Salami technique
58. Which of the following is NOT a method that is used for identity theft?
A. Dumpster diving
B. Phishing
C. Shoulder surfing
D. Spamming
59. Stealing money from one customer account & crediting into another customer
account is known as-
A. Skimming
B. Lapping
C. Larceny
D. None of the above
60. Factors contributing to red flag include-
A. Poor Internal Controls
B. Management overrides Internal Control
C. Collusion between employees & third party
D. All of the above
61. Values that are used for validating that the original data hasn’t changed and proves
that two sets of data are identical are called:
A. Hash totals
B. Sub-totals
C. Batch totals
D. Encrypted values
62. Fraud Triangle talks about which of the following?
A. Rationalisation
B. Pressure
C. Opportunity
D. All of the above
63. Section 301 of the SOX requires that the auditor should report directly to ______.
A. Management
B. Government
C. Audit committee
D. Regulatory inspectors
64. According to the opportunity part of the fraud triangle, a person may do all of the
following acts except:
A. Convert the theft or misrepresentation for personal gain
B. Control the fraud
C. Commit the fraud
D. Conceal the fraud
65. A system of checks and balances between management and all other interested parties
with the aim of producing an effective, efficient, and law-abiding corporation is
known as:
A. Process efficiency
B. Performance improvement
C. Code of conduct
D. Corporate governance
66. The Sarbanes-Oxley Act is also known as?
A. Corporate Fraud Protection Act of 2002
B. Public Corporation Accounting Oversight Act
C. Public Company Accounting Reform and Investor Protection Act of 2002
D. Principles of Federal Prosecution of Business Organizations
67. Which of the following fraudulent entries is most likely to be made to conceal the theft
of an asset?
A. Debit expenses and credit the asset
B. Debit the asset, credit another asset account
C. Debit revenue , credit the asset
D. Debit another asset account and credit the asset
68. Employee’s behavioral changes (alcohol, gambling) will come under which
component of Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. None of the above
69. Personal Identification Information (PII) includes:
A. Any name or number.
B. Any name or number, used alone or in conjunction with any other information.
C. Any name or number that may be used, alone or in conjunction with any other
information, to identify a specific individual.
D. None of the above.
70. Which of the following need(s) to be performed after the red flags of ID theft is
identified?
A. Set up procedures to detect those red flags in your day-to-day operations.
B. Train all employees who will use the procedures.
C. Decide what actions to take when a red flag is detected.
D. All of the above
71. E-commerce is the commercial transaction of services in a/an ______________ format
A. Mechanical format.
B. Electronic format
C. Paper
D. None of the above
72. The World‟s first computer-specific statute was enacted in 1970, by the German
state, in the form of a ___________________ .
A. Data Protection Act.
B. Cyber Law
C. Copy right
D. Patent right.
73. ____________________ is a generic term which refers to all the legal and regulator
aspects of Internet and the World Wide Web
A. Merchant Law
B. Cyber Café
C. Cyber Law
D. Electronic Law
74. A virus can infect a system by:
A. Booting up a computer with an infected disk
B. Running an infected program
C. Opening a file on a disk that is infected
D. All of the above
75. Which of the following are relevant/related to the area of fraud and forensics?
A. FATF recommendations (OECD)
B. FCPA (USA)
C. SoX (USA)
D. All of the above
76. For a thing to be termed as ‘counterfeit’, there should be some sort of resemblance sufficient
to cause deception. Which of the following are the main ingredients of the term ‘counterfeit’
as laid down under Section 28 of IPC
A. Causing one thing to resemble another thing.
B. Intending by means of such resemblance to practice deception.
C. Knowing it to be likely that deception will thereby be practiced
D. All of the above
77. A case of mischief under Section 425 is essentially governed with a criminal intent to cause
wrongful loss or damage to a person, or a criminal intent to commit any offence to intimidate
any person in possession of a property. Which of the following are the essential ingredients
of the term?
A. Intention or knowledge of the likelihood to cause wrongful loss or damage to the
public or to any person.
B. Causing the destruction of some property or any change in it or in its situation
C. Such destruction or change must destroy or diminish its value
D. All of the above
78. Which of the following construed(s) reason(s) for suspicion for a bank under the Prevention
of Anti Money Laundering Act (PMLA)?
A. Sudden activity in dormant accounts
B. Identification documents which could not be verified within reasonable time
C. Both A & B
D. Neither A nor B
79. Which of the following construed(s) reason(s) for suspicion for a bank under the Prevention
of Anti Money Laundering Act (PMLA)?
A. Value just under the reporting threshold amount in an apparent attempt to avoid reporting
B. Frequent purchases of drafts or other negotiable instruments with cash
C. Both A & B
D. Neither A nor B
80. The Foreign Corrupt Practices ACT (FCPA) of the USA permits small facilitation payments
to secure performance of non-discretionary foreign government services vide its 1988
amendments. These payments are called__________
A. Watergate payments
B. Handshake payments
C. Grease payments
D. Corrupt payments
81. Which of the following is NOT the term relevant/related to cyber-attacks?
A. Logic bombs
B. Trojan horse
C. Money mules
D. Denial of Service
82. Which of the following is (are) risk management strategy(ies)?
A. Risk mitigation
B. Risk avoidance
C. Risk acceptance
D. All of the above
83. Which of the following is (are) generally used for designing and implementing control
framework in an organisation?
A. COSO
B. COBIT
C. Both COSO and COBIT
D. None of the above
84. COSO Integrated Framework of Internal Controls has _____ number of components
A. 5
B. 4
C. 8
D. 6
85. To curb/minimise the bribery in international transactions, primary focus to control
/ monitor is recommended to be on______
A. Supply side
B. Demand side
C. Both A & B
D. Neither A nor B
86. Which of the following is Not a term that represents phases in the Money laundering?
A. Integration
B. Demonitisation
C. Layering
D. Placement
87. A fraud perpetrated by tricking a person into disclosing confidential information,
such as a password, is called
A. A Trojan horse
B. Hacking
C. Social engineering
D. Scavenging
88. The type of forensics that involves analyzing information stored in a storage media such as a
hard drive
A. Disc Forensics
B. Network Forensics
C. Live forensics
D. Internet forensics
89. Which of the following schemes refers to the falsification of personnel or payroll records,
causing paychecks to be generated to someone who does not actually work for the victim
company?
A. Falsified salary scheme
B. Record alteration scheme
C. Ghost employee scheme
D. Inflated commission scheme
90. Which of the following is the indicator of deception while conducting Forensic
Interview
A. Quick, spontaneous answers
B. Consistent strong denial
C. Direct, brief answers
D. Hesitant
91. Forensic Interviewing Techniques does not include which of the following?
A. Investigation
B. Polygraph test
C. Physical Behaviour Analysis
D. Disk Imaging
92. Which of the following are performed by auditors When looking for financial
statement fraud?
A. Horizontal and vertical analysis
B. Industry benchmarking
C. Operating characteristics of the company.
D. All of the above.
93. Which of the following is (are) forensic audit test(s) that help (s) detecting fraud?
A. Luhn’s Algorithm
B. Benford’s Law
C. RSF
D. All of the above.
94. The term used to describe the legal issues related to use of communication technology,
particularly the Internet is called ________.
A. Cyberspace
B. Cyberlaw
C. Cyberwar
D. Cyberattack
95. FATF’s Recommendations are recognized as the global anti-money laundering (AML) and
counter-terrorist financing (CFT) standard. These recommendations are ________ in total
number.
A. 29
B. 49
C. 59
D. 39
96. FAFT is a (an) _____________
A. International court
B. Regulatory body governing its international stock exchange members
C. Policy-making body
D. A wing of Interpol issuing red alerts across the globe
97. Which of the following is NOT true as per the Indian Evidence Act?
A. The law of evidence is the same in civil and criminal proceedings
B. Evidence must be confined to the matter in issue;
C. Hearsay evidence must be admitted
D. Best evidence must be given in all cases.
98. Forensic accounting is BROADER than Fraud Examination in the sense it covers variety of
Other services such as:
a) Transaction tracing
b) Data Analysis
c) Damage analysis
d) Business valuation
E. (a), (b) & (c) only F. (b) & (c) only
G. (a) & (b) only H. All of the above
99. Section 415 of the IPC defines Cheating. Which of the following form(s) part of the definition
of Cheating?
A. There should be inducement
B. Inducement must be dishonest or fraudulent
C. Inducement should be intentional
D. None of the above
100. The main difference between cheating and forgery is that
A. In cheating the deception is in writing, whereas in forgery it is orals
B. Deception can be described as merely the means to achieve an end; the end being
Forgery
C. In cheating the deception is oral, whereas in forgery it is in writing
D. None of the above