AIS 12e Romney Chapter 6

Accounting Information Systems, 14e (Romney/Steinbart)
Chapter 6 Computer Fraud and Abuse Techniques
1 Compare and contrast computer attack and abuse tactics.
1) ________ consists of the unauthorized copying of company data.

A) Phishing
B) Masquerading
C) Data leakage
D) Eavesdropping
Answer: C
Concept: Computer attacks and abuse
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
2) Individuals who use telephone lines to commit fraud and other illegal acts are typically called
A) phreakers.
B) crackers.
C) phishers.
D) hackers.
Answer: A
Difficulty: Easy
3) A hacker who changed the voice mail greeting of a company to say that it is offering free
products by asking customers to dial a different phone number to claim their gifts is engaging in
A) diddling.
B) phreaking
C) phishing.
D) hacking.
Answer: B
Difficulty: Easy
1
Copyright © 2018 Pearson Education, Inc.
4) What is a denial of service attack?
A) It is an attack when the perpetrator is inserting malicious query in input such that it is passed
to and executed by an application program.
B) It is an attack when the perpetrator is inputting so much data that the input buffer overflows.
The overflow contains code that takes control of the company's computer.
C) It is an attack when the perpetrator uses software to guess company's addresses, send
employees blank e-mails, and add unreturned messages to spammer e-mail list.
D) It is an attacked when the perpetrator sends hundreds of messages from randomly generated
false addresses, overloading an Internet service provider's e-mail server.
Answer: D
Difficulty: Moderate
5) What is a dictionary attack?

Answer: C
6) What is a buffer overflow attack?

Answer: B
Difficulty: Easy
2
7) What is a SQL injection attack?
Answer: A
8) Gaining control of somebody's computer without their knowledge and using it to carry out
illicit activities is known as
A) hacking.
B) spamming.
C) posing.
D) hijacking.
Answer: D
Difficulty: Easy
9) Creating a seemingly legitimate business, collecting personal data while making a sale, and
never delivering items sold is known as
A) hacking.
B) spamming.
C) posing.
D) hijacking.
Answer: C
Difficulty: Easy
3
10) Sending an unsolicited message to many people at the same time is known as
A) hacking.
B) spamming.
C) posing.
D) hijacking.
Answer: B
Difficulty: Easy
11) Unauthorized access, modification, or use of an electronic device or some element of a

computer
system is known as
A) hacking.
B) spamming.
C) posing.
D) hijacking.
Answer: A
Difficulty: Easy
12) Tapping into a communications line and then entering the system by accompanying a
legitimate user without their knowledge is called
A) superzapping.
B) tabnapping.
C) pretexting.
D) piggybacking.
Answer: D
Difficulty: Easy
13) Using special software to bypass system controls and perform illegal acts is called
A) superzapping.
B) tabnapping.
C) pretexting.
D) piggybacking.
Answer: A
Difficulty: Easy
4
14) Secretly changing an already open browser tab using JavaScript is called
A) superzapping.
B) tabnapping.
C) pretexting.
D) piggybacking.
Answer: B
Difficulty: Easy
15) Acting under false pretenses to gain confidential information is called

A) superzapping.
B) tabnapping.
C) pretexting.
D) piggybacking.
Answer: C
Difficulty: Easy
16) Which of the following is not a method of identity theft?

A) Scavenging
B) Phishing
C) Shoulder surfing
D) Phreaking
Answer: D
Difficulty: Easy
17) The deceptive method by which a perpetrator gains access to the system by pretending to be
an authorized user is called
A) masquerading.
B) bluebugging.
C) eavesdropping.
D) podslurping.
Answer: A
Difficulty: Easy
5
18) Taking control of a phone to make calls, send text messages, listen to calls, or read text
messages is called
A) masquerading.
B) bluebugging.
C) eavesdropping.
D) podslurping.
Answer: B
Difficulty: Easy
19) Listening to private voice or data transmissions is called

A) masquerading.
B) bluebugging.
C) eavesdropping.
D) podslurping.
Answer: C
Difficulty: Easy
20) Using a small device with storage capacity (iPod, Flash drive) to download unauthorized
data from
a computer is called
A) masquerading.
B) bluebugging.
C) eavesdropping.
D) podslurping.
Answer: D
Difficulty: Easy
21) The unauthorized access to, or use of, a computer system is known as
A) pharming.
B) cyber-bullying.
C) hacking.
D) vishing.
Answer: C
Difficulty: Easy
6
22) Redirecting traffic to a spoofed website to obtain confidential information is known as
A) pharming.
B) cyber-bullying.
C) hacking.
D) vishing.
Answer: A
Difficulty: Easy
23) Voice phishing, in which e-mail recipients are asked to call a phone number that asks them to
divulge confidential data is known as
A) pharming.
B) cyber-bullying.
C) hacking.
D) vishing.
Answer: D
Difficulty: Easy
24) Using computer technology to harm another person is known as

A) pharming.
B) cyber-bullying.
C) hacking.
D) vishing.
Answer: B
Difficulty: Easy
25) A fraud technique that slices off tiny amounts from many projects is called the ________
technique.
A) Trojan horse
B) man-in-the-middle
C) salami
D) trap door
Answer: C
Difficulty: Easy
7
26) A fraud technique that uses a back door into a system that bypasses normal system controls is
called the ________ technique.
A) Trojan horse
C) salami
D) trap door
Answer: D
Difficulty: Easy
27) A fraud technique that uses unauthorized codes in an authorized and properly functioning
program is called the ________ technique.
A) Trojan horse
C) salami
D) trap door
Answer: A
Difficulty: Easy
28) A fraud technique that allows a hacker to place himself or herself between a client and a host
to intercept network traffic is called the ________ technique.
A) Trojan horse
C) salami
D) trap door
Answer: B
Difficulty: Easy
8
29) Data diddling is
A) verifying credit card validity; buying and selling stolen credit cards.
B) inserting a sleeve into an ATM so that it will not eject the victim's card, pretending to help the
victim as a means of obtaining his PIN, and using the card and PIN to drain the account.
C) a technique that tricks a person into disclosing confidential information.
D) changing data before, during, or after it is entered into the system in order to delete, alter, or
add key system data.
Answer: D
Difficulty: Easy
30) Social engineering is

Answer: C
Difficulty: Easy
31) Lebanese looping is

Answer: B
Difficulty: Easy
9
32) Carding is
Answer: A
Difficulty: Easy
33) In the 1960s, techniques were developed that allowed individuals to fool the phone system
into providing free access to long distance phone calls. The people who use these methods are
referred to as
A) phreakers.
B) hackers.
C) hijackers.
D) superzappers.
Answer: A
Difficulty: Easy
34) During a routine audit, a review of cash receipts and related accounting entries revealed
discrepancies. Upon further analysis, it was found that figures had been entered correctly and
then subsequently changed, with the difference diverted to a fictitious customer account. This is
an example of
A) kiting.
B) data diddling.
C) data leakage.
D) phreaking.
Answer: B
Difficulty: Easy
10
35) LOLer was chatting online with l33ter. "I can't believe how lame some people are! :) I can
get into any system by checking out the company website to see how user names are defined and
who is on the employee directory. Then, all it takes is brute force to find the password." LOLer is
a ________, and the fraud he is describing is ________.
A) hacker; social engineering
B) phreaker; dumpster diving
C) hacker; password cracking
D) phreaker; the salami technique
Answer: C
36) After graduating from college, Rob Johnson experienced some difficulty in finding full-time
employment. He free-lanced during the summer as a writer and then started a blog in the fall.
Shortly thereafter he was contacted by SitePromoter Incorporated, who offered to pay him to
promote their clients in his blog. He set up several more blogs for this purpose and is now
generating a reasonable level of income. He is engaged in
A) splogging.
B) Bluesnarfing.
C) vishing.
D) typosquatting.
Answer: A
Difficulty: Easy
37) After graduating from college, Rob Johnson experienced some difficulty in finding full-time
employment. Trying to make ends meet, Rob used all of his saving to buy a significant number
of shares in small, low-priced, thinly traded penny stocks. He then uses spam e-mails and blog
postings to disseminate overly optimistic information about the company in hope to drives up the
company's stock price. He is waiting to sell his shares to investors and pocket a profit. He is
engaged in
A) internet pump-and-dump.
B) Bluesnarfing.
C) vishing.
D) typosquatting.
Answer: A
Difficulty: Easy
11
38) Computers that are part of a botnet and are controlled by a bot herder are referred to as
A) sniffers.
B) zombies.
C) botsquats.
D) evil twins.
Answer: B
Difficulty: Easy
39) Inspecting information packets as they travel across computer networks are referred to as
A) sniffers.
B) zombies.
C) botsquats.
D) evil twins.
Answer: A
Difficulty: Easy
40) A wireless network with the same name as another wireless access point is referred to as
A) sniffers.
B) zombies.
C) botsquats.
D) evil twins.
Answer: D
Difficulty: Easy
41) Ashley Baker has been the webmaster for Berryhill Finance only ten days when Berryhill's
website was flooded with access attempts. Ashley shut down the site and only opened it to Web
addresses which she specifically identified as legitimate. As a result, many of Berryhill's
customers were unable to obtain loans, causing Berryhill to lose a significant amount of business.
Berryhill Finance suffered from a
A) denial-of-service attack.
B) zero-day attack.
C) phreaking attack.
D) cyber-extortion attack.
Answer: A
Difficulty: Easy
12
42) Ashley Baker has been the webmaster for Berryhill Finance only ten days when Berryhill's
website was scheduled for a routine security patch update. Unbeknown to Ashley, cybercrooks
found out the timing of the patch update and launched attacks right before Berryhill's update
from a remote location miles away. As a result of the attack, Berryhill lost a significant amount
of clients' private information. Berryhill Finance suffered from a
A) hacking attack.
B) zero-day attack.
C) identity theft attack.
D) cyber-extortion attack.
Answer: B
43) Ashley Baker has been the webmaster for Berryhill Finance only ten days when she received
an e-mail that threatened to shut down Berryhill's website unless Ashley wired payment to an
overseas account. Ashley was concerned that Berryhill Finance would suffer huge losses if its
website went down, so she wired money to the appropriate account. The author of the e-mail
successfully committed
A) a denial-of-service attack.
B) Internet terrorism.
C) hacking.
D) cyber-extortion.
Answer: D
Difficulty: Easy
44) Ashley Baker works in the information technology department of Core Company. On
Monday morning, she arrived at work, scanned her identity card, and entered her access code. At
that moment, a man in a delivery uniform came up behind Ashley with a bunch of boxes.
Although Ashley held the door for the delivery man, she later wondered if the man was engaged
in
A) pretexting.
B) piggybacking.
C) posing.
D) spoofing.
Answer: B
Difficulty: Easy
13
45) Describe at least six computer attacks and abuse techniques.
Answer: Round-down technique — rounded off amounts from calculations and the fraction
deposited in perpetrator's account.
Salami technique — small amounts sliced off and stolen from many projects over a period of
time.
Software piracy — unauthorized copying of software, probably the most committed computer
crime.
Data diddling — changing data in an unauthorized way.
Data leakage — unauthorized copying of data files.
Piggybacking — latching onto a legitimate user in data communications.
Masquerading or Impersonation — the perpetrator gains access to the system by pretending to be
an authorized user.
Hacking — unauthorized access and use of a computer system.
E-mail threats — threatening legal action and asking for money via e-mail.
E-mail forgery — removing message headers, using such anonymous e-mail for criminal
activity.
Denial of service attack — sending hundreds of e-mail messages from false addresses until the
attacked server shuts down.
Internet terrorism — crackers using the Internet to disrupt electronic commerce and
communication lines.
Internet misinformation — using the Internet to spread false or misleading information.
War dialing — searching for an idle modem by dialing thousands of telephones and intruding
systems through idle modems.
Spamming — e-mailing the same message to everyone on one or more Usenet groups.
46) Zeus is an example of a

A) virus.
B) worm.
C) Trojan horse.
D) war dialing.
Answer: C
14
47) Recall that students used Facebook and VKontakte to identify Russian money laundering
mules. What fraud case did these students help foil?
A) Zeus
B) Trident Breach
C) Nigerian Banking
D) InfraGard
Answer: B
Difficulty: Challenging
48) On the weekends, Mary Andersen climbs into her Toyota Camry and drives around the city
of Las Vegas looking for unprotected wireless networks to exploit. Mary is most likely engaging
in
A) snarfing.
B) Wi-pilfering.
C) war driving.
D) data slurping.
Answer: C
49) Offering a free website, then charging the phone bills of the individuals who signed up for
the free website is known as
A) snarfing.
B) web cramming.
C) podpounding.
D) e-scraping.
Answer: B
50) Describe the various form of spoofing. Select one type of spoofing and search for an actual
case about the spoofing. Discuss what has happened and provide recommendations as to how the
spoofing could have been prevented.
Answer: Types of spoofing include: e-mail spoofing, caller ID spoofing, IP address spoofing,
address resolution protocol (ARP) spoofing, SMS spoofing, web-page spoofing, and DNS
spoofing. Students' answers would vary depending on the type of spoofing they chose to discuss.
Difficulty: Challenging
AACSB: Reflective Thinking
15
2 Explain how social engineering techniques are used to gain physical or logical access to
computer resources.
1) Mircea Vasilescu maintains an online brokerage account. In early March, Mircea received an
e-mail from the firm that explained that there had been a computer error and asked Mircea to call
a phone number to verify his customer information. When Mircea called the number, a recording
asked that he enter the code from the e-mail, his account number, and his social security number.
After he did so, he was told that he would be connected with a customer service representative,
but the connection was terminated. He contacted the brokerage company and was informed that
they had not sent the e-mail. Mircea was a victim of
A) Bluesnarfing.
B) vishing.
C) splogging.
D) typosquatting.
Answer: B
Concept: Social engineering
Difficulty: Easy
2) When a computer criminal gains access to a system by searching through discarded records,
this is referred to as
A) data diddling.
B) dumpster diving.
C) eavesdropping.
D) data squatting.
Answer: B
3) Jerry Schneider was able to amass operating manuals and enough technical data to steal $1
million of electronic equipment by
A) scavenging.
B) skimming.
C) Internet auction fraud.
D) cyber extortion.
Answer: A
Difficulty: Easy
16
4) Illegally obtaining and using confidential information about a person for economic gain is
known as
A) eavesdropping.
B) identity theft.
C) packet sniffing.
D) piggybacking.
Answer: B
Difficulty: Easy
5) Which method of fraud is physical in its nature rather than electronic?

A) cracking
B) hacking
C) eavesdropping
D) scavenging
Answer: D
Difficulty: Easy
6) Which of the following is the easiest method for a computer criminal to steal output without
ever being on the premises?
A) dumpster diving
B) use of a Trojan horse
C) using a telescope to peer at paper reports
D) electronic eavesdropping on computer monitors
Answer: D
Difficulty: Easy
17
7) Hunter Carr is an accountant with AcctSmart. The firm has a very strict policy of requiring all
users to change their passwords every sixty days. In early March, Hunter received an e-mail
claiming that there had been an error updating his password and it provided Hunter with a link to
a website with instructions for re-updating his password. Something about the e-mail made
Hunter suspicious, so he called AcctSmart's information technology department and found that
the e-mail was fictitious. The e-mail was an example of
A) social engineering.
B) piggybacking.
C) spamming.
D) phishing.
Answer: D
Difficulty: Easy
8) It was late on a Friday afternoon when Chloe Pike got a call at the help desk for Taggart Corp.
A man with an edge of panic in his voice was on the phone. "I'm really in a bind and I sure hope
that you can help me." He identified himself as Joe Andrew from the accounting department of
Taggart Corp. He told Chloe that he had to work on a report that was due on Monday morning
and that he had forgotten to bring a written copy of his new password home with him. Chloe
knew that Taggart's new password policy required that passwords be at least fifteen characters
long, must contain letters and numbers, and must be changed every sixty days, had created
problems for many users. Consequently, Chloe provided the password to Joe. The caller turned
out not to be Joe Andrew, and Chloe was a victim of
A) phreaking.
B) war dialing.
C) identity theft.
D) social engineering.
Answer: D
Difficulty: Easy
18
9) Jim Cooper decided to do some Christmas shopping online. He visited Amazon.com, found a
perfect gift for his daughter, and placed his order. It was only later when he noticed that the
website's URL that he had placed the order was actually Amazom.com and not Amazon.com. Jim
was a victim of
A) Bluesnarfing.
B) splogging.
C) vishing.
D) typosquatting.
Answer: D
Difficulty: Easy
10) Maureen Boyd was arrested in Kansas City for running an online business that specialized in
buying and reselling stolen credit card information. Maureen was charged with
A) typosquatting.
B) carding.
C) pharming.
D) phishing.
Answer: B
Difficulty: Easy
11) Which of the following is not an example of social engineering?

A) Developing phony websites with names and URL addresses very similar to legitimate
websites in order to obtain confidential information.
B) Setting up a computer that allows the user to use a next door neighbor's unsecured wireless
network
C) Using e-mail to request others into revealing their user IDs and passwords.
D) Obtaining another person's credit card number without consent.
Answer: B
19
12) Describe at least four social engineering techniques. Provide an example for one of the
techniques.
Answer: Piggybacking — latching onto a legitimate user in data communications.
Masquerading or Impersonation — the perpetrator gains access to the system by pretending to be
an authorized user.
Social engineering — a perpetrator tricks an employee into giving him the information he needs
to get into the system.
Identity theft — illegally assuming someone else's identity, usually with the social security
number.
Pretexting — using an invented scenario to increase the likelihood the victim will give away
information.
Posing — fraudsters try to collect personal information by pretending to be legitimate business
colleagues.
Phishing — sending e-mail, pretending to be a legitimate business colleague, requesting user ID
or password or other confidential data.
Vishing — pretending to be a legitimate business colleague and attempting to get a victim to
provide confidential information over the phone.
Carding — using stolen credit card information.
Pharming — redirecting website traffic to a spoofed website.
Typosquatting — setting up websites with names similar to real websites.
Scavenging — gaining access to confidential data by searching corporate records in dumpsters or
computer storage.
Shoulder surfing — looking over a person's shoulder in a public place to see PIN or passwords.
Skimming — manually swiping a credit card through a handheld card reader and storing the data
for future use.
Eavesdropping — observation of private communications by wiretapping or other surveillance
techniques.
E-mail forgery — removing message headers, using such anonymous e-mail for criminal
activity.
Student's answers may vary depending on the example they use.

13) What is social engineering? Provide an example.

Answer: Social engineering refers to techniques or psychological tricks used to get people to
comply with the perpetrator's wishes in order to gain physical or logical access to a building,
computer, server, or network. Generally, social engineering is used in computer abuse to access a
system to obtain confidential data.
20
14) Which of the following is not a human trait social engineers take advantage of to entice
people to reveal information they should keep confidential?
A) Compassion
B) Sloth
C) Sex Appeal
D) Authority
Answer: D
15) Which of the following websites likely poses the most fraud and security risk?
A) Your school's website
B) A file sharing website
C) A social media website
D) Your personal website
Answer: B
16) Identify theft has always been a federal crime.

Answer: FALSE
17) Pretexting is best described as a social engineering technique that uses

A) text messages to gain sensitive information.
B) an invented scenario to gain sensitive information.
C) threat of physical force to gain sensitive information.
D) impersonation of somebody you know to gain sensitive information.
Answer: B
21
18) On a Friday evening you use a bar's ATM to withdraw $50 from your bank account.
However, as you complete your withdrawal, your card gets jammed in the ATM machine. The
individual waiting in line behind you approaches you and suggests re-entering your PIN number.
You do. However, your card remains jammed. You leave the bar to call your bank to report the
incident. However, after you left the individual who offered to help you removed a sleeve he
inserted in the ATM to jam your card. He now has your ATM card and PIN number. You just fell
victim to a ________ fraud.
A) tabnapping
B) Lebanese looping
C) phishing
D) pharming
Answer: B
19) Someone knocked on your door on a Friday afternoon. When you answered the door, a man
dressed in a city official uniform approached you and introduced himself to you. The man said,
"Hi, I am Andrew from the city public work department. We are updating our system and would
like to obtain just a few piece of information from you." He proceeded to ask you several
questions and obtained your driver license information and the last 4 digits of your social
security number. As the man left your front porch, you saw that he was getting into his car which
does not bear the city official logo. You later called the city public work department and found
that they have no knowledge of a worker named Andrew and that they did not send anyone out to
collect your information. You just fell victim to a ________ fraud.
A) pretexting
B) pharming
C) phishing
D) posing
Answer: A
20) Describe ways to help minimize social engineering.

Answer: Never let people follow you into a restricted building. Never log in for someone else on
a computer, especially if you have administrative access. Never give sensitive information over
the phone or through e-mail. Never share passwords or user IDs. Be cautious of anyone you do
not know who is trying to gain access through you.
22
3 Describe the different types of malware used to harm computers.
1) A part of a program that remains idle until a specified date or event activates it to cause havoc
is called a
A) virus.
B) logic bomb.
C) trap door.
D) data diddle.
Answer: B
Concept: Malware
Difficulty: Easy
2) Executable code that attaches itself to software, replicates itself, and spreads to other systems
or files. When triggered, it makes unauthorized alterations to the way a system operates, which is
called a
A) virus.
B) logic bomb.
C) trap door.
D) data diddle.
Answer: A
Concept: Malware
Difficulty: Easy
3) A back door into a system that bypasses normal system controls is called a
A) virus.
B) logic bomb.
C) trap door.
D) data diddle.
Answer: C
Concept: Malware
Difficulty: Easy
23
4) Changing data before or during entry into a computer system to delete, alter, add, or
incorrectly update data is called a
A) virus.
B) logic bomb.
C) trap door.
D) data diddle.
Answer: D
Concept: Malware
Difficulty: Easy
5) Spyware is
A) software that tells the user if anyone is spying on his computer.
B) software that monitors whether spies are looking at the computer.
C) software that monitors computing habits and sends the data it gathers to someone else.
D) none of the above
Answer: C
Concept: Malware
Difficulty: Easy
6) The unauthorized use of special program that bypass regular system controls to perform illegal
acts is called
A) a Trojan horse.
B) a trap door.
C) the salami technique.
D) superzapping.
Answer: D
Concept: Malware
Difficulty: Easy
7) Computer fraud perpetrators that modify programs during systems development, allowing
access into the system that bypasses normal system controls are using
A) a Trojan horse.
B) a trap door.
C) the salami technique.
D) superzapping.
Answer: B
Concept: Malware
Difficulty: Easy
24
8) A fraud technique that allows a perpetrator to bypass normal system controls and enter a
secured system is called
A) superzapping.
B) data diddling.
C) using a trap door.
D) piggybacking.
Answer: C
Concept: Malware
Difficulty: Easy
9) A set of unauthorized computer instructions in an otherwise properly functioning program is

known as a
A) logic bomb.
B) spyware.
C) trap door.
D) Trojan horse.
Answer: D
Concept: Malware
Difficulty: Easy
10) A ________ is similar to a ________, except that it is a program rather than a code segment
hidden in a host program.
A) worm; virus
B) Trojan horse; worm
C) worm; Trojan horse
D) virus; worm
Answer: A
Concept: Malware
Difficulty: Easy
25
11) Developers of computer systems often include a user name and password that is hidden in
the system, just in case they need to get into the system and correct problems in the future. This
is referred to as a
A) Trojan horse.
B) key logger.
C) spoof.
D) back door.
Answer: D
Concept: Malware
Difficulty: Easy
12) Individuals who create new viruses, spyware, and Trojan horses that are used to infect
computers are referred to as
A) malware owners.
B) malware writers.
C) botnet owners.
D) bad actors.
Answer: B
Concept: Malware
13) Individuals who buy the malware are referred to as

A) malware owners.
B) malware writers.
C) botnet owners.
D) bad actors.
Answer: A
Concept: Malware
Difficulty: Easy
14) Individuals who control an army of malware-infected zombie computers are referred to as
A) malware owners.
B) malware writers.
C) botnet owners.
D) bad actors.
Answer: C
Concept: Malware
26
15) Woodlane Direct Sales is a telemarketing firm that operates out of Indiana. The turnover rate
among employees is quite high. Recently, the information technology manager discovered that
an unknown employee had used a Bluetooth-enabled mobile phone to access the firm's database
and copied a list of customers from the past three years and their credit card information.
Woodlane Direct Sales was a victim of
A) bluesnarfing.
B) splogging.
C) vishing.
D) bluetoothing.
Answer: A
Concept: Malware
Difficulty: Easy
16) Megan has purchased a brand new laptop about three months ago. Recently, she feels that her
computer is operating much more slowly and sluggishly than before. Since purchasing the
computer, Megan had been accessing the Internet and had installed a variety of free software.
The problem is mostly likely to be
A) a zero-day attack.
B) a virus.
C) a spoof.
D) a sluggishness infection.
Answer: B
Concept: Malware
17) In November of 2005 it was discovered that many of the new CDs distributed by Sony BMG
installed software when they were played on a computer. The software was intended to protect
the CDs from copying. Unfortunately, it also made the computer vulnerable to attack by malware
run over the Internet. The scandal and resulting backlash was very costly. The software installed
by the CDs is a
A) virus.
B) worm.
C) rootkit.
D) squirrel.
Answer: C
Concept: Malware
27
18) Which of the following would be least effective to reduce exposure to a computer virus?
A) Only transfer files between employees with USB flash drives.
B) Install and frequently update antivirus software.
C) Install all new software on a stand-alone computer until it is tested.
D) Do not open e-mail attachments from unknown senders.
Answer: A
Concept: Malware
19) How can a system be protected from viruses?

Answer: Install reliable antivirus software that scans for, identifies, and isolates or destroys
viruses. Use caution when copying files on to your diskettes from unknown machines. Ensure the
latest version of the antivirus program available is used. Scan all incoming e-mails for viruses at
the server level. All software should be certified as virus-free before loading it into the system. If
you use jump drives, diskettes, or CDs, do not put them in unfamiliar machines as they may
become infected. Obtain software and diskettes only from known and trusted sources. Use
caution when using or purchasing software or diskettes from unknown sources. Deal with trusted
software retailers. Ask whether the software you are purchasing comes with electronic
techniques that makes tampering evident. Check new software on an isolated machine with virus
detection software before installing on the system. Cold boot to clear and reset the system. When
necessary, "cold boot" the machine from a write-protected diskette. Have two backups of all
files. Restrict the use of public bulletin boards.
Concept: Malware
20) Describe the differences between a worm and a virus.

Answer: A computer virus is a segment of executable code that attaches itself to computer
software. A virus has two phases: it replicates itself and spreads to other systems or files, and in
the attack phase, the virus carries out its mission to destroy files or the system itself. A worm is
similar to a virus, except that it is a program rather than a code segment hidden in a host
program. A worm can reside in e-mail attachments, which when opened or activated can damage
a user's system. Worms can also reproduce themselves by mailing themselves to the addresses
found in the recipient's mailing list. Worms do not have long lives, but their lives can be very
destructive nonetheless.
Concept: Malware
28
21) Describe the differences between spyware, scareware, and ransomware.
Answer: Spyware is a software that secretly monitors and collects personal information about
users and sends it to someone else. The information is gathered by logging keystrokes,
monitoring websites visited, and scanning documents on the computer's hard drive. Spyware can
also hijack a browser, replacing a computer's home page with a page the spyware creator wants
you to visit. Scareware is software that is often malicious, is of little or no benefit, and is sold
using scare tactics. That is, it uses fear to motivate some sort of user action. The most common
scare tactic is a dire warning that a computer is infected with a virus, spyware, or some other
catastrophic problem. When activated, well-written ransomware can lock users out of all their
programs and data by encrypting them. However, ransomware is not as common as other
malware. Most ransomware is delivered via websites or a spam e-mail that motivates the
recipient to open an infected file.
Concept: Malware
22) Spyware that pops banner ads on a monitor, then collects information about the users web-
surfing and spending habits is an example of
A) a Trojan horse.
B) scareware.
C) adware.
D) a keylogger.
Answer: C
Concept: Malware
Difficulty: Easy
23) Ransomware often comes in the form of

A) fake antivirus software.
B) an e-mail that threatens to kidnap the reader unless a ransom is paid.
C) free performance-maximizing software.
D) free apps.
Answer: A
Concept: Malware
24) Law enforcement uses key logging software, a form of malware, to detect crime.
Answer: TRUE
Concept: Malware
Difficulty: Easy
29
25) Terrorists often use ________ because it is an effective way to transmit information and
receive orders.
A) steganography
B) packet sniffers
C) trap doors
D) time bombs
Answer: A
Concept: Malware
26) Steganography malware uses encryption to increase its effectiveness.

Answer: FALSE
Concept: Malware
30

AIS 12e Romney Chapter 6

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AIS 12e Romney Chapter 6

Uploaded by

Copyright:

Available Formats

Accounting Information Systems, 14e (Romney/Steinbart)

Chapter 6 Computer Fraud and Abuse Techniques

1 Compare and contrast computer attack and abuse tactics.

1) ________ consists of the unauthorized copying of company data.

5) What is a dictionary attack?

6) What is a buffer overflow attack?

11) Unauthorized access, modification, or use of an electronic device or some element of a

15) Acting under false pretenses to gain confidential information is called

16) Which of the following is not a method of identity theft?

19) Listening to private voice or data transmissions is called

24) Using computer technology to harm another person is known as

30) Social engineering is

31) Lebanese looping is

46) Zeus is an example of a

5) Which method of fraud is physical in its nature rather than electronic?

11) Which of the following is not an example of social engineering?

Student's answers may vary depending on the example they use.

13) What is social engineering? Provide an example.

16) Identify theft has always been a federal crime.

17) Pretexting is best described as a social engineering technique that uses

20) Describe ways to help minimize social engineering.

9) A set of unauthorized computer instructions in an otherwise properly functioning program is

13) Individuals who buy the malware are referred to as

19) How can a system be protected from viruses?

20) Describe the differences between a worm and a virus.

23) Ransomware often comes in the form of

26) Steganography malware uses encryption to increase its effectiveness.

You might also like