Professional Documents
Culture Documents
Total Marks: 100 Time Allowed: 1 Hour 40 Mins (i.e. 100 mins)
GENERAL INSTRUCTIONS
(1×100)
10. If pressures and opportunities are high and personal integrity is low, the chance of
fraud is:
A. High
B. Medium
C. Very Low
D. Low
A. SA 240
B. SA 250
C. SA 300
D. SA 450
17. Maximum Imprisonment Punishment for fraud for criminal liability as per Section 447
of Companies Act, 2013.
A. 3 Years
B. 5 Year
C. 7 Year
D. 10 Year
19. The use of _____________________ may be particularly valuable in cases of white- collar
crime.
A. Fingerprint examiners
B. Forensic photography
C. Forensic accountants
D. None of the above
20. Hashing, filtering and file header analysis make up which function of digital forensics
tools?
A. Validation and Verification
B. Acquisition
C. Extraction
D. Reconstruction
21. The reconstruction function is needed for which of the following purposes?
A. Re create a suspect drive to show what happened
B. Create a copy of a drive for other investigators
C. Recover file headers
D. Re create a drive compromised by malware
22. ___ is the set of instructions compiled into a program that performs a particular
task.
A. Software
B. Hardware
C. OS
D. None of these
I. Person’s dressing sense: the chances of the one being a suspect is more who
dresses shabbily than the one who dresses immaculately
II. Person’s Gender : the chances of the one being a suspect is more if he is a Male
than the one who is a Female
III. Other Characteristics like Race, Religion, Community, Color, Hierarchy, Age,
Height Weight, no of years of service etc
25. When conducting _________ analysis, the first step is to recover undeleted files.
A. Research
B. Forensic
C. Process
D. Security
27. Because the federal Red Flag Rules are so comprehensive, Minnesota’s state laws
concerning identity theft prevention no longer apply.
A. True
B. False
C. Depends on situation of identity theft
D. Can’t say
28. Among the following which would be the red flags for payroll –
A. Overtime time charged during a slack period
B. Excessive or unjustified transactions
C. Large no. of Write- off of accounts
D. All of the above
29. Theft of an employer’s property which was not entrusted to employee will be defined
as-
A. Lapping
B. Larceny
C. Check kitting
D. None of the above
30. A “habitual criminal” who steals for the sake of stealing is known as-
A. Psychotic
B. Egocentric
C. Ideological
D. Economic
41. ________________ is the science of acquiring, preserving, retrieving, and presenting data
that has been processed electronically and stored on computer media.
A. Anonymous remailing
B. Digital forensic analysis
C. Using a firewall
D. None of the above
42. Which of the following techniques is most effective in preventing computer crime?
A. Backups
B. Digital forensic analysis
C. Using a firewall
D. None of the above
43. The term disk geometry refers to ________.
A. the physical dimensions of the storage media
B. the number of blocks on the disk
C. the total size and number of cylinders, heads, and sectors
D. the number of bits that can be stored on the disk
45. Which of the following are challenges to data recovery for "highly available" memory?
A. The data is distributed across several physical disks.
B. The data is encrypted.
C. The "highly available" solution contains unusually large and un-wieldy
capacity.
D. The data cannot be made unavailable for any length of time and therefore
proper.
46. Which of the following statements is true about a computer's boot process?
A. The boot process begins when the Central Processing Unit is initialized.
B. The user can accelerate the boot process by pressing "Windows" key (also
known as the turbo button).
C. The first process in Linux is called 'kernel'.
D. A Power-On Self-Test is performed once firmware is loaded
47. Which one of the following questions is NOT one to be answered by the investigation
plan?
A. Where is the evidence likely to be located?
B. What age is the suspect?
C. What local laws and court processes will affect this investigation?
D. What skills are needed to extract the evidence?
48. Vulnerability assessment experts will perform the task of ________. (Select the three that
apply)
A. assessing the prevalence of a known weakness by scanning entire networks
B. assessing the damage and impact of an exploited vulnerability
C. scanning hosts for known weaknesses and vulnerabilities
D. validating the integrity of the host or network equipment
49. Which three of the following would help investigators set the scope for strategies to
extract evidence from acquired images?
A. The password of the suspect
B. The type of files that are not sought by a warrant
C. The question or questions to be answered by the evidence
D. Items found in pockets of clothing owned by the suspect
51. Separation of duties within an investigation describes how _______ and _______ should be
accomplished by different staff.
A. collection of physical evidence / collection of digital evidence
B. extraction / acquisition
C. acquisition / validation
D. All of the above
52. In order to maintain the _________, both a single-evidence form and a multi-evidence
form are used to document and catalog evidence.
A. proper signatures
B. evidence validation
C. image reconstruction
D. chain of custody
53. According to the Federal Rules for Evidence (FRE) section 702, the opinion of an expert
witness can be based on all of the following EXCEPT ________.
A. the product of consultations from peers with other expertise
B. sufficient facts or data
C. the product of accepted and reliable principles or methods
D. application of accepted and reliable principles or methods
54. Which one of the following factors can sabotage the quality of digital evidence reports
between the investigation and the presentation of the evidence to a court?
A. A forensic professional reporting the work of a retired forensic investigator.
B. The promotion of the detective who had been leading a criminal investigation.
C. The procedures used to analyze the data may have been invalidated by court.
D. All of the above
55. The best evidence rule of a case is the expectation that the evidence of a case ________.
A. is the prime evidence that prove the theory of an attorney
B. has been collected with the best and most current software tools available
C. is the best and most scientific evidence collection procedures for that case
D. is the best available evidence given the nature of the case
56. Which three "off-the-job" characteristics below are used to determine the "quality" of
an expert witness?
A. Income level of the expert
B. The nature of the expert's morals
C. Compliance with laws expected of average citizens
D. Compliance with ethic standards for average citizens
58. Employee embezzlement can be direct or indirect. Indirect fraud occurs when:
A. an employee uses company assets to run his/her private business
B. employees establish dummy companies and have their employers pay for
goods that are not actually delivered
C. an employee receives a kickback from a vendor
D. an employee steals company cash, inventory, tools, or other assets
59. Which of the following is NOT one of the major types of fraud classification schemes?
A. Employee embezzlement
B. Government fraud
C. Investment scams
D. Customer fraud
61. Which of the following is NOT a way in which fraud can be committed?
A. By false representation
B. By failing to disclose information
C. By abuse of position
D. By obtaining property by deception
62. All of the following are methods that organization can adopt to proactively
eliminate fraud opportunities EXCEPT:
A. Accurately identifying sources and measuring risks
B. Implementing appropriate preventative and detective controls
C. Creating widespread monitoring by employees
D. Eliminating protections for whistle blowers
63. Audits, public record searches, and net worth calculations are used to gather what type
of evidence in fraud investigation?
A. Testimonial
B. Forensic
C. Documentary
D. Observation
67. Fine/Penalty Punishment for fraud for civil liability as per Section 447 of Companies
Act, 2013
A. Equal to the amount of fraud
B. 2 times of amount of fraud
C. 3 times of amount of fraud
D. 4 times of amount of fraud
68. Which of the following is an example of the crime of counterfeit credit card fraud?
A. An illegally obtained credit card is used to pay for a purchase
B. An illegally created credit card is used to pay for a purchase
C. An illegally altered credit card is used to pay for a purchase
D. A credit card is obtained and used based on false application information
78. Which of the following is a method used to embezzle money a small amount at a
time from many different accounts?
A. Data diddling
B. Pretexting
C. Spoofing
D. Salami technique
79. Which of the following is NOT a method that is used for identity theft?
A. Dumpster diving
B. Phishing
C. Shoulder surfing
D. Spamming
80. A computer fraud and abuse technique that steals information, trade secrets, and
intellectual property.
A. Cyber-extortion
B. Data diddling
C. Economic espionage
D. Skimming
81. Which of the following is a threat that organizations need to take account of in
cyberspace?
A. Password
B. Objectionable content filter
C. Denial of service attack
D. Firewall
82. Desperate need for money, greed, economic achievement termed as-
A. Psychotic
B. Egocentric
C. Ideological
D. Economic
83. Stealing money from one customer account & crediting into another customer account
is known as-
A. Lapping
B. Larceny
C. Check kitting
D. None of the above
84. Which among the following will not be an example of Green flag-
A. Auditee nice behavior with auditor during audit (eg. Offering drinks during
lunch)
B. Auditee is too much friendly with staff and vendors
C. Regular receipt of material of same qty
D. Employee with few or no payroll deductions
88. Employees with duplicate social security numbers, names and addresses, a-
A. Management Red flag
B. Red flag in purchasing
C. Red flag in payroll
D. Red flag in cash/ account receivable
90. The most popular software forensic tools include all of the following except:
A. Forensics Autopsy
B. QUICKEN
C. Forensics Toolkit
D. SMART
91. Hash values are used for which of the following purposes?
A. Determining file sizes
B. Filtering known good files from potentially suspicious data
C. Reconstruction file fragments
D. Validating that the original data hasn’t changed.
95. Acquisition to ISO standard 27037, which of the following is an important factor in
data acquisition?
A. The DEFR’s Competency
B. The DEFR’s skills in using the command lines
C. Use of validated tools
D. Condition at the acquisition setting
96. The physical Cheque tempering prevention method in which extremely small printing,
too small to be read with naked eye becomes distorted when photocopied is called
_______.
A. High resolution microprinting
B. Microline printing
C. Watermark backers
D. None of above
97. Which among the following are the three payroll fraud schemes
I. Ghost employees
II. Temporary employees
III. Falsified overtime
IV. Commission
Option:
A. I , II & III
B. I , III & IV
C. II , III & IV
D. I , II & IV
98. Which of the following is the Security feature provided by bank to its accountholders so
that only authorized electronic transaction are allowed.
A. ACH
B. AHC
C. CAH
D. CHA
I. He should be friendly and easy-going like cracking jokes and asking about
hobbies and favorite things because the information is easily extracted from
the anyone whom he gets friendly to
II. He should be strict, authoritative and accusatory because otherwise the
suspect can take the investigator for granted and tell lies or not answer to
what is being asked
III. He should be the one who does most of the talking and asking questions to
which the suspect answers in Yes or No
IV. He should maintain a non-accusatory tone and firm demeanor during an
interview. he should keep his questions brief and, whenever possible, elicit a
narrative response from the subject
I. Listen only to what the suspect says and ignoring his behavioral attributes
II. Don’t believe at all to what he says and concentrate only to his behavioral
attributes
III. Rely on the opinion of what others are talking about him (his supervisor, his
colleagues and his juniors) and on his past history of manipulation.
IV. Collect Documentary Evidence and corroborate it with explanation obtained
while interviewing/interrogating considering their behavior attributes on
non-judgmental basis