You are on page 1of 6

Course Hero has millions of student submitted documents similar to the one below including study guides, practice

problems, reference materials, practice exams, textbook help and tutor support. Information Accounting Systems, 12e (Romney/Steinbart) Chapter 6 Computer Fraud and Abuse Techniques 1) Wally Hewitt maintains an online brokerage account. In early March, Wally received an email from the firm that explained that there had been a computer error and that provided a phone number so that Wally could verify his customer information. When he called, a recording asked that he enter the code from the email, his account number, and his social security number. After he did so, he was told that he would be connected with a customer service representative, but the connection was terminated. He contacted the brokerage company and was informed that they had not sent the email. Wally was a victim of A) Bluesnarfing. B) splogging. C) vishing. D) typosquatting. Answer: C Page Ref: 157 Objective: Learning Objective 2 Difficulty : Easy AACSB: Analytic 2) When a computer criminal gains access to a system by searching records or the trash of the target company, this is referred to as A) data diddling. B) dumpster diving. C) eavesdropping. D) piggybacking. Answer: B Page Ref: 159 Objective: Learning Objective 2 Difficulty : Easy AACSB: Analytic 3) Jerry Schneider was able to amass operating manuals and enough technical data to steal $1 million of electronic equipment by A) scavenging. B) skimming. C) Internet auction fraud. D) cyber extortion. Answer: A Page Ref: 159 Objective: Learning Objective 2 Difficulty : Easy AACSB: Analytic 1 Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall 4) A part of a program that remains idle until some date or event occurs and then is activated to cause havoc in the system is a A) trap door. B) data diddle. C) logic bomb. D) virus. Answer: C Page Ref: 161 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 5) The unauthorized copying of company data is known as A) data leakage. B) eavesdropping. C) masquerading. D) phishing. Answer: A Page Ref: 154 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 6) Computer fraud perpetrators who use telephone lines to commit fraud and other illegal acts are typically called A) hackers. B) crackers. C) phreakers. D) jerks. Answer: C Page Ref: 154 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 7) What is a denial of service attack? A) A denial of service attack occurs when the perpetrator sends hundreds of messages from randomly generated false addresses, overloading an Internet service provider's e-mail server. B) A denial of service attack occurs when an e-mail message is sent through a re-mailer, who removes the message headers making the message anonymous, then resends the message to selected addresses. C) A denial of service attack occurs when a cracker enters a system through an idle modem, captures the PC attached to the modem, and then gains access to the network to which it is connected. D) A denial of service attack occurs when the perpetrator e-mails the same message to everyone on one or more Usenet newsgroups LISTSERV lists. Answer: A Page Ref: 150 Objective: Learning Objective 1 Difficulty : Moderate AACSB: Analytic 2 Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall 8) Gaining control of someone else's computer to carry out illicit activities without the owner's knowledge is known as A) hacking. B) hijacking. C) phreaking. D) sniffings. Answer: B Page Ref: 150 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 9) Illegally obtaining and using confidential information about a person for economic gain is known as A) eavesdropping. B) identity theft. C) packet sniffing. D) piggybacking. Answer: B Page Ref: 156 Objective: Learning Objective 2 Difficulty : Easy AACSB: Analytic 10) Tapping into a communications line and then entering the system by accompanying a legitimate user without their knowledge is called A) superzapping. B) data leakage. C) hacking. D) piggybacking. Answer: D Page Ref: 153 Objective: Learning Objective

1 Difficulty : Easy AACSB: Analytic 11) Which of the following is not a method of identify theft? A) Scavenging B) Phishing C) Shoulder surfing D) Phreaking Answer: D Page Ref: 154 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 3 Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall 12) Which method of fraud is physical in its nature rather than electronic? A) cracking B) hacking C) eavesdropping D) scavenging Answer: D Page Ref: 159 Objective: Learning Objective 2 Difficulty : Easy AACSB: Analytic 13) Which of the following is the easiest method for a computer criminal to steal output without ever being on the premises? A) dumpster diving B) by use of a Trojan horse C) using a telescope to peer at paper reports D) electronic eavesdropping on computer monitors Answer: D Page Ref: 159 Objective: Learning Objective 2 Difficulty : Easy AACSB: Analytic 14) The deceptive method by which a perpetrator gains access to the system by pretending to be an authorized user is called A) cracking. B) masquerading. C) hacking. D) superzapping. Answer: B Page Ref: 153 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 15) The unauthorized access to, and use of, computer systems is known as A) hacking. B) hijacking. C) phreaking. D) sniffing. Answer: A Page Ref: 149 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 4 Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall 16) A fraud technique that slices off tiny amounts from many projects is called the ________ technique. A) Trojan horse B) round down C) salami D) trap door Answer: C Page Ref: 154 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 17) Data diddling is A) gaining unauthorized access to and use of computer systems, usually by means of a personal computer and a telecommunications network. B) unauthorized copying of company data such as computer files. C) unauthorized access to a system by the perpetrator pretending to be an authorized user. D) changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data. Answer: D Page Ref: 154 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 18) Spyware is A) software that tells the user if anyone is spying on his computer. B) software that monitors whether spies are looking at the computer. C) software that monitors computing habits and sends the data it gathers to someone else. D) none of the above Answer: C Page Ref: 159 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 19) The unauthorized use of special system programs to bypass regular system controls and perform illegal act is called A) a Trojan horse. B) a trap door. C) the salami technique. D) superzapping. Answer: D Page Ref: 162 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 5 Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall 20) Computer fraud perpetrators that modify programs during systems development, allowing access into the system that bypasses normal system controls are using A) a Trojan horse. B) a trap door. C) the salami technique. D) superzapping. Answer: B Page Ref: 162 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 21) A fraud technique that allows a perpetrator to bypass normal system controls and enter a secured system is called A) superzapping. B) data diddling. C) using a trap door. D) piggybacking. Answer: C Page Ref: 162 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 22) A set of unauthorized computer instructions in an otherwise properly functioning program is known as a A) logic bomb. B) spyware. C) trap door. D) Trojan horse. Answer: D Page Ref: 161 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 23) A ________ is similar to a ________, except that it is a program rather than a code segment hidden in a host program. A) worm; virus B) Trojan horse; worm C) worm; Trojan horse D) virus; worm Answer: A Page Ref: 163 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 6 Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall 24) Wally Hewitt is an accountant with a large accounting firm. The firm has a

very strict policy of requiring all users to change their passwords every sixty days. In early March, Wally received an email from the firm that explained that there had been an error updating his password and that provided a link to a Web site with instructions for re-entering his password. Something about the email made Wally suspicious, so he called the firm's information technology department and found that the email was fictitious. The email was an example of A) social engineering. B) phishing. C) piggybacking. D) spamming. Answer: B Page Ref: 157 Objective: Learning Objective 2 Difficulty : Easy AACSB: Analytic 25) Developers of computer systems often include a user name and password that is hidden in the system, just in case they need to get into the system and correct problems in the future. This is referred to as a A) Trojan horse. B) key logger. C) spoof. D) back door. Answer: D Page Ref: 162 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 26) In the 1960s, techniques were developed that allowed individuals to fool the phone system into providing free access to long distance phone calls. The people who use these methods are referred to as A) phreakers. B) hackers. C) hijackers. D) superzappers. Answer: A Page Ref: 154 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 7 Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall 27) During a routine audit, a review of cash receipts and related accounting entries revealed discrepancies. Upon further analysis, it was found that figures had been entered correctly and then subsequently changed, with the difference diverted to a fictitious customer account. This is an example of A) kiting. B) data diddling. C) data leakage. D) phreaking. Answer: B Page Ref: 154 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 28) It was late on a Friday afternoon when Troy Willicott got a call at the help desk for Taggitt Finances. A man with an edge of panic clearly discernible in his voice was on the phone. "I'm really in a bind and I sure hope that you can help me." He identified himself as Chet Frazier from the Accounting Department. He told Troy that he had to work on a report that was due on Monday morning and that he had forgotten to bring a written copy of his new password home with him. Troy knew that Taggitt's new password policy, that required that passwords must be at least fifteen characters long, must contain letters and numbers, and must be changed every sixty days, had created problems. Consequently, Troy provided the password, listened as it was read back to him, and was profusely thanked before ending the call. The caller was not Chet Frazier, and Troy Willicott was a victim of A) phreaking. B) war dialing. C) identity theft. D) social engineering. Answer: D Page Ref: 156 Objective: Learning Objective 2 Difficulty : Easy AACSB: Analytic 29) Chiller451 was chatting online with 3L3tCowboy. "I can't believe how lame some people are! :) I can get into any system by checking out the company web site to see how user names are defined and who is on the employee directory. Then, all it takes is brute force to find the password." Chiller451 is a ________ and the fraud he is describing is ________. A) phreaker; dumpster diving B) hacker; social engineering C) phreaker; the salami technique D) hacker; password cracking Answer: D Page Ref: 153 Objective: Learning Objective 1 Difficulty : Moderate AACSB: 2012 Analytic 8 Copyright Pearson Education, Inc. publishing as Prentice Hall 30) After graduating from college with a communications degree, Sylvia Placer experienced some difficulty in finding full-time employment. She free-lanced during the summer as a writer and then started a blog in the fall. Shortly thereafter she was contacted by Clickadoo Online Services, who offered to pay her to promote their clients by mentioning them in her blog and linking to their Web sites. She set up several more blogs for this purpose and is now generating a reasonable level of income. She is engaged in A) Bluesnarfing. B) splogging. C) vishing. D) typosquatting. Answer: B Page Ref: 150 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 31) Telefarm Industries is a telemarketing firm that operates in the Midwest.

The turnover rate among employees is quite high. Recently, the information technology manager discovered that an unknown employee had used a Bluetooth-enabled mobile phone to access the firm's database and copy a list of customers from the past three years that included credit card information. Telefarm was a victim of A) Bluesnarfing. B) splogging. C) vishing. D) typosquatting. Answer: A Page Ref: 165 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 32) Jim Chan decided to Christmas shop online. He linked to Amazon.com, found a perfect gift for his daughter, registered, and placed his order. It was only later that he noticed that the Web site's URL was actually Amazom.com. Jim was a victim of A) Bluesnarfing. B) splogging. C) vishing. D) typosquatting. Answer: D Page Ref: 158 Objective: Learning Objective 2 Difficulty : Easy AACSB: Analytic 9 Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall 33) Computers that are part of a botnet and are controlled by a bot herder are referred to as A) posers. B) zombies. C) botsquats. D) evil twins. Answer: B Page Ref: 150 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 34) Jiao Jan had been the Web master for Folding Squid Technologies for only three months when the Web site was inundated with access attempts. The only solution was to shut down the site and then selectively open it to access from certain Web addresses. FST suffered significant losses during the period. The company had been the victim of a(an) A) denial-of-service attack. B) zero-day attack. C) malware attack. D) cyber-extortion attack. Answer: A Page Ref: 150 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 35) Jiao Jan had been the Web master for Folding Squid Technologies for only three months when he received an anonymous email that threatened to inundate the company Web site with access attempts unless a payment was wired to an account in Eastern Europe. Jiao was concerned that FST would suffer significant losses if the threat was genuine. The author of the email was engaged in A) a denial-of-service attack. B) Internet terrorism. C) hacking. D) cyber-extortion. Answer: D Page Ref: 154 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 36) Mo Chauncey was arrested in Emporia, Kansas, on February 29, 2008, for running an online business that specialized in buying and reselling stolen credit card information. Mo was charged with A) typosquatting. B) carding. C) pharming. D) phishing. Answer: B Page Ref: 158 Objective: Learning Objective 2 Difficulty : Easy AACSB: Analytic 10 Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall 37) I work in the information technology department of a company I'll call CMV. On Wednesday morning, I arrived at work, scanned in my identity card and punched in my code. This guy in a delivery uniform came up behind me carrying a bunch of boxes. I opened the door for him, he nodded and went on in. I didn't think anything of it until later. Then I wondered if he might have been A) pretexting. B) piggybacking. C) posing. D) spoofing. Answer: B Page Ref: 153 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 38) The call to tech support was fairly routine. A first-time computer user had purchased a brand new PC two months ago and it was now operating much more slowly and sluggishly than it had at first. Had he been accessing the Internet? Yes. Had he installed any "free" software? Yes. The problem is likely to be a(an) A) virus. B) zero-day attack. C) denial of service attack. D) dictionary attack. Answer: A Page Ref: 163 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 39) In November of 2005 it was discovered that many of the new CDs distributed by Sony BMG installed software when they were played on a computer. The software was intended to protect the CDs from copying. Unfortunately, it also made the computer vulnerable to attack by malware run over the Internet. The scandal and resulting backlash was very costly. The software installed by the CDs is a A) virus. B) worm. C) rootkit. D) squirrel. Answer: C Page Ref: 162 Objective: Learning Objective 3 Difficulty : Moderate

AACSB: Analytic 11 Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall 40) Which of the following would be least effective to reduce exposure to a computer virus? A) Only transfer files between employees with USB flash drives. B) Install and frequently update antivirus software. C) Install all new software on a stand-alone computer for until it is tested. D) Do not open email attachments from unknown senders. Answer: A Page Ref: 164 Objective: Learning Objective 3 Difficulty : Moderate AACSB: Analytic 41) Which of the following is not an example of social engineering? A) Obtaining and using another person's Social Security Number, credit card, or other confidential information B) Creating phony Web sites with names and URL addresses very similar to legitimate Web sites in order to obtain confidential information or to distribute malware or viruses C) Using email to lure victims into revealing passwords or user IDs D) Setting up a computer in a way that allows the user to use a neighbors unsecured wireless network Answer: D Page Ref: 156-159 Objective: Learning Objective 2 Difficulty : Moderate AACSB: Analytic 42) How can a system be protected from viruses? Answer: Install reliable antivirus software that scans for, identifies, and isolates or destroys viruses. Use caution when copying files on to your diskettes from unknown machines. Ensure the latest version of the antivirus program available is used. Scan all incoming emails for viruses at the server level. All software should be certified as virus-free before loading it into the system. If you use jump drives, diskettes, or CDs, do not put them in unfamiliar machines as they may become infected. Obtain software and diskettes only from known and trusted sources. Use caution when using or purchasing software or diskettes from unknown sources. Deal with trusted software retailers. Ask whether the software you are purchasing comes with electronic techniques that makes tampering evident. Check new software on an isolated machine with virus detection software before installing on the system. Cold boot to clear and reset the system. When necessary, "cold boot" the machine from a write-protected diskette. Have two backups of all files. Restrict the use of public bulletin boards. Page Ref: 164 Objective: Learning Objective 3 Difficulty : Moderate AACSB: Analytic 12 Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall 43) Describe at least six computer attacks and abuse techniques. Answer: Round-down technique rounded off amounts from calculations and the fraction deposited in perpetrator's account. Salami technique small amounts sliced off and stolen from many projects over a period of time. Software piracy unauthorized copying of software, probably the most committed computer crime. Data diddling changing data in an unauthorized way. Data leakage unauthorized copying of data files. Piggybacking latching onto a legitimate user in data communications. Masquerading or Impersonation the perpetrator gains access to the system by pretending to be an authorized user. Hacking unauthorized access and use of a computer system. E-mail threats threatening legal action and asking for money via e-mail. E-mail forgery removing message headers, using such anonymous e-mail for criminal activity. Denial of service attack sending hundreds of e-mail messages from false addresses until the attacked server shuts down. Internet terrorism crackers using the Internet to disrupt electronic commerce and communication lines. Internet misinformation using the Internet to spread false or misleading information. War dialing searching for an idle modem by dialing thousands of telephones and intruding systems through idle modems. Spamming e-mailing the same message to everyone on one or more Usenet groups. Page Ref: 165-167 Objective: Learning Objective 1 Difficulty : Moderate AACSB: Analytic 13 Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall 44) Describe at least four social engineering techniques. Answer: Piggybacking latching onto a legitimate user in data communications. Masquerading or Impersonation the perpetrator gains access to the system by pretending to be an authorized user. Social engineering a perpetrator

tricks an employee into giving him the information he needs to get into the system. Identity theft illegally assuming someone else's identity, usually with the social security number. Pretexting using an invented scenario to increase the likelihood the victim will give away information. Posing fraudsters try to collect personal information by pretending to be legitimate business colleagues. Phishing sending email, pretending to be a legitimate business colleague, requesting user ID or password or other confidential data. Vishing pretending to be a legitimate business colleague and attempting to get a victim to provide confidential information over the phone. Carding using stolen credit card information. Pharming redirecting Web site traffic to a spoofed Web site. Typosquatting setting up Web sites with names similar to real Web sites. Scavenging gaining access to confidential data by searching corporate records in dumpsters or computer storage. Shoulder surfing looking over a person's shoulder in a public place to see PIN or passwords. Skimming manually swiping a credit card through a handheld card reader and storing the data for future use. Eavesdropping observation of private communications by wiretapping or other surveillance techniques. E-mail forgery removing message headers, using such anonymous e-mail for criminal activity. Page Ref: 157-159 Objective: Learning Objective 2 Difficulty : Easy AACSB: Analytic 45) Describe the differences between a worm and a virus? Answer: A computer virus is a segment of executable code that attaches itself to computer software. A virus has two phases: it replicates itself and spreads to other systems or files, and in the attack phase, the virus carries out its mission to destroy files or the system itself. A worm is similar to a virus, except that it is a program rather than a code segment hidden in a host program. A worm can reside in e-mail attachments, which when opened or activated can damage a user's system. Worms can also reproduce themselves by mailing themselves to the addresses found in the recipient's mailing list. Worms do not have long lives, but their lives can be very destructive nonetheless. Page Ref: 163 Objective: Learning Objective 3 Difficulty : Moderate AACSB: Analytic 14 Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall