certificate course on forensic accounting & fraud...

COMMITTEE ON INFORMATION TECHNOLOGY

INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA

Certificate Course on Forensic Accounting & Fraud Detection

MODEL TEST PAPER -1

OBJECTIVE TYPE QUESTIONS (1Marks each)

1. Employee’s behavioral changes (alcohol, gambling) will come under which component

of Fraud Triangle?

A. Opportunity

B. Pressure

C. Rationality

D. Can’t Say

2. The purpose of the Red Flags Rule is:

A. To detect the warning signs – or “red flags” – of identity theft in day-to-day

operations

B. take steps to prevent the crime

C. Mitigate the damage it inflicts.

D. All of the above

3. The interrelationship among auditing, fraud examination, and financial forensics is:

A. Established and maintained by legal structures and justice processes

B. Constant even while social and cultural pressures are exerted on it

C. Cased on the SOX Act and SAS 99

E. Dynamic and changes over time

4. What is one of the primary differences between a Financial Statement auditor and a

Forensic Accountant?

A. Financial statement auditors are likely to follow leads suggested by

immaterial items whereas Forensic Accountants often must restrict their

efforts to searching for material misstatements.

B. Forensic Accountants are likely to follow leads suggested by immaterial

items whereas .financial statement auditors often must restrict their efforts

to searching for material misstatements

C. .Forensic Accountants must focus on specific legal areas that produce fraud

charges under the courts of law whereas financial statement auditors focus

their attention on the Generally Accepted Accounting Principles.

D. Forensic Accountants are likely to ask individuals to fix discrepancies found

in financial statements whereas financial statement auditors will fail a

corporations financial statement certification, therefore having

repercussions with the SEC.

5. Among the following which would be the red flags for payroll –

A. Overtime time charged during a slack period

B. Excessive or unjustified transactions

C. Large no. of Write- off of accounts

D. All of the above

6. If pressures and opportunities are high and personal integrity is low, the chance of

fraud is:

A. High

B. Medium

C. Very Low

D. Low

7. Which is not a red flag among following:

A. Negative Cash flows

B. Significant sales to related parties

C. Sudden above-average profits for specific quarters

D. Paid dividend according to dividend payout ratio

8. At a minimum, professional skepticism:

A. is supportive of client’s claim of fraud

B. is a neutral but disciplined approach to detection and investigation

C. assumes that the management is dishonest and therefore must “pull every

loose thread” to find the evidence and fraud

D. assumes unquestioned loyalty by newer and younger employees

9. Which of the following techniques is most effective in preventing computer crime?

A. Backups

B. Digital forensic analysis

C. Using a firewall

D. None of the above

10. Which of the following types of organizations typically use Forensic Accountants?

A. Publicly held corporations.

B. Private/non-profit corporations.

C. Federal/State Agencies.

D. All of the above.

11. Which of the following is not a common type of fraud pressure?

A. Pressure to outsmart peers

B. Financial pressures

C. Work-related pressures

D. Vices

12. In comparing management fraud with employee fraud, the auditor’s risk of failing to

discover the fraud is:

A. greater for management fraud because managers are inherently more

deceptive than employees

B. greater for management fraud because of management’s ability to override

existing internal controls

C. greater for employee fraud because of the higher crime rate among blue

collar workers

D. greater for employee fraud because of the larger number of employees in

the organization

13. ____ is the science of writing hidden messages I such a way that no one apart from th

sender and intended recipient even realizes there is a hidden message.

A. decryption

B. obfuscation

C. stenography

D. encryption

14. Why is it recommended not to put a password in your EnCase?

A. because you will secure your information

B. it’s to many steps

C. if you forget you are out of luck

D. it cannot be encrypted

15. All of the following are methods that organization can adopt to proactively

eliminate fraud opportunities EXCEPT:

A. Accurately identifying sources and measuring risks

B. Implementing appropriate preventative and detective controls

C. Creating widespread monitoring by employees

D. Eliminating protections for whistle blowers

16. Overstating revenues and understating liabilities and expenses typifies which of the

following fraud schemes?

A. Unconcealed larceny

B. Purchase and sales Skimming

C. Fraudulent statements

D. Schemes

17. From the statements below select the most correct.

A. Prevention and deterrence are typically more costly than attempting to

remediate a fraud that has already occurred.

B. Fraud deterrence refers to creating environments in which people are

prohibited from committing fraud.

C. Fraud detection refers to the process of preventing and discovering the

presence of fraud.

D. Prevention and deterrence are typically more cost beneficial than

attempting to remediate a fraud that has already occurred.

18. when working on computer forensics always work from of the evidence and never

from the original to prevent damage to the evidence.

A. Original hard drive

B. Live computer

C. Remote desktop

D. An image

19. Financial statement fraud is easiest to commit in organizations that:

A.have democratic leadership.

B.have a large internal audit department.

C.have a board of directors comprised primarily of outsiders.

D.have complex organizational structures.

20. Customer fraud includes all of the following EXCEPT:

A. Get something for nothing

B. Do not pay for goods purchased

C. Fraud perpetrated through collusion between buyers and vendors.

D. Deceive organization into giving them something they should not

21. What is the most cost-effective way to minimize the cost of fraud?

A. Prevention

B. Detection

C. Investigation

D. Prosecution

22. The Fraud Exposure Rectangle includes:

A. Rationalization

B. perceived pressure

C. relationships with others

D. All of the choices are included in the Fraud Exposure Rectangle

23. Which of the following statements is most correct regarding errors and fraud?

A. An error is unintentional, whereas fraud is intentional.

B. Frauds occur more often than errors in financial statements.

C. Errors are always fraud and frauds are always errors.

D. Auditors have more responsibility for finding fraud than errors.

24. You are suppose to maintain three types of records. Which answer is not a record?

A. Chain of custody

B. Documentation of the crime scene

C. Searching the crime scene

D. Document your actions

25. Forensic Interviewing Techniques does not include

A. Investigation

B. Polygraph test

C. Physical Behaviour Analysis

D. Disk Imaging

26. When performing forensics work, which of the guidelines below should be followed?

i. You should make a copy of a suspect's drive and interact with the copy

instead of the original

ii. If you take the evidence home with you, carry it in a locked briefcase.

iii. You should only document those tests that provide information that can be

used in court.

iv. The location and use of the evidence from the point it was seized until the

moment it is shown in court must be known.

A. i and ii

B. i and iii

C. i and ii

D. All of above

27. Which financial ratio is not useful in detecting revenue-related fraud?

A. Gross profit margin ratio

B. Account receivable ratio

C. Asset turnover ratio

D. All of the above

28. Phishing attackers use –––––––––––––––––– to commit their crimes.

A. Email

B. SMS

C. Courier

D. Whatsapp

29. The possible profiles of a fraud perpetrator are

A. Very friendly, but self centered and egoistic

B. Unfriendly and an introvert

C. Surly and angry but good in work

D. Very slow in work that he/she is used to doing for years together

30. Steganography is

A. graph of sales to technological spending

B. the science of hiding information

C. graph of mails sent to mails received

D. the science of generating random passwords

31. Tools for imaging:

(a) Dossier

(b) Tableau

(c) Encase & FTK

(d) ACL

A. (a), (b) & (c) only B. (b) & (c) only C. (a) & (b) only D. All of the above

32. most popular software forensic tools include all of the following except:

A. Forensics Autopsy

B. QUICKEN

C. Forensics Toolkit

D. SMART

33. One very well-known software used for forensic analysis is .

A. IBM

B. Google

C. Encase

D. Forensic-ripper

34. Three conditions are necessary for a fraud to occur. These three conditions are:

A. need, dissatisfaction, and challenge

B. pressure, opportunity, and rationalization

C. no separation of duties, need, and no independent performance checks

D. challenge, motivation, and failure to enforce internal controls

35. If a company wishes to improve detection methods, they should do all of the following

except:

A. use forensic accountants

B. conduct frequent audits

C. encrypt data

D. all of the above improve detection of fraud

36. Refusal to take sick leave by employees will come under which component of Fraud

Triangle?

A. Opportunity

B. Pressure

C. Rationality

D. Can’t Say

37. MS Excel has an Auditing Formula function known as :

A. Track Formula

B. Trace Dependents

C. Trace Formula

D. Track Reliability

38. A Forensic Auditor is not given any specific written mandate but a general consent to

investigate into a fraud for accounting manipulation in Customer accounts. After

completion of work, a note on which of the following aspect should NOT be included in

a Forensic Audit Report

A. Objectives that the Forensic Auditor has perceived and pursued during the

course of the investigation.

B. Severe deficiencies in the internal control mechanism observed by him with

regard to Vendor accounts which has immaterial relevance to the subject

fraud

C. A recommendation for volume/ quantum of punishment to be reprimanded

to the erring accountant against whom the Forensic Auditor has an explicit

evidence.

D. A limiting condition where certain file of important document for a specific

period that was not made available to the Forensic Auditor despite several

requests.

39. Which of the following is not a required part of an Identity Theft Prevention Program?

A. Reasonable policies and procedures to identify potential “red flags”

B. A dedicated phone line for customers to call in identity theft reports.

C. Specific procedures to detect the “red flags” identified as potential threats.

D. A plan for regularly re-evaluating the program.

40. A forensics lab will have dedicated areas for each of the following functions EXCEPT

_________.

A. forensics examination workspace

B. a secured locker area

C. a continuing education training centre

D. well-stocked inventory

41. The journal of a forensics specialist or expert will contain entries that provide the

following functions EXCEPT _______.

A. the description of WHO did WHAT and WHEN

B. the results of the examination

C. any actions taken to examine the evidence

D. any theories that result from the examination

42. Weakness in internal control environment will lead which kind of fraud-

A. Employee Red Flag

B. Management Red Flag

C. General Red Flag

D. None of above

43. Which of the following is not an example of an antishoplifting technique?

A. “Scarecrooks”

B. “Anne Droid”

C. Trojan Horse

D. Ponzi scheme

44. Lack of segregation of duties in vulnerable area will come under which component of

Fraud Triangle?

A. Opportunity

B. Pressure

C. Rationality

D. Can’t Say

45. Suspicious” refers to which of the following:

A. Inconsistent signatures on file.

B. Driver’s license photo doesn’t match person.

C. Inability to recall mother’s maiden name.

D. Any and all of the above

46. Acquisition to ISO standard 27037, which of the following is an important factor in data

acquisition?

A. The DEFR’s Competency

B. The DEFR’s skills in using the command lines

C. Use of validated tools

D. Condition at the acquisition setting

47. Computer forensics does not involves ….

A. Interpretation,

B. Preservation,

C. Delimitation

D. Documentation

48. Secretly recording a suspect’s interview will :

A. assist you as electronic notes since it is not possible to always make

comprehensive handwritten notes

B. assist you to confront the suspect later if he/she changes his/her stand or

denies certain information given earlier

C. assist you, to limited extent, to build up evidence against the suspect in a

court of law

D. all the above

49. In the context of forensics, data is most analogous to ________.

A. files and folders

B. information

C. digital evidence

D. bits

50. The use of _____________________ may be particularly valuable in cases of white- collar

crime.

A. Fingerprint examiners

B. Forensic photography

C. Forensic accountants


51. Which of the following is a not a power under PMLA?

A. Confiscation

B. Abatement of crime

C. Search & Seizure

D. Arrest

52. Social engineering facilitates what type of computer fraud?

A. Click fraud

B. Identity theft

C. Spoofing

D. Dictionary attacks

53. ……………………………... gives the expected frequencies of the digits in tabulated data.

A. Benford’s Law

B. Beneish Model

C. Relative Size Factor

54. While interviewing/interrogating an investigator should look for following outer

personality/attributes in a person to conclude him as a suspect or a non-suspect

I. Person’s dressing sense: the chances of the one being a suspect is more who dresses shabbily than the one who dresses immaculately

II. Person’s Gender : the chances of the one being a suspect is more if he is a Male than the one who is a Female

III. Other Characteristics like Race, Religion, Community, Color, Hierarchy, Age, Height Weight, no of years of service etc

A. All (I), (II) and (III) above

B. Only (III) above

C. Both (I) and (II) above

D. None

55. The following firm is not involved in accounting scandals:

A. Enron

B. Larson and Toubro

C. Worldcom

D. Satyam

56. Weak internal controls in an organization will affect which of the following elements of

fraud?

A. Motive

B. Opportunity

C. Rationalization


57. Financial statement auditors, under SAS 99, are required to make inquires about

possible fraudulent activity of all of the following parties except:

A.bond holders.

B.audit committee members.

C.management.

D.internal auditors.

58. Accounts that can be manipulated in revenue fraud include all of the following except:

A. Accounts Receivable.

B. Inventory.

C. Sales Discounts.

D. Bad Debt Expense

59. Which of the following statement related to Fraud Risk Assessment (FRA) is

INCORRECT:

A. Evaluate whether identified fraud risk controls are operating effectively.

B. It is a one-time activity, not required to be performed on periodic basis.

C. Identify and map existing preventive and detective controls to the

relevant fraud risk.

D. Identify and evaluate residual fraud risk resulting from ineffective or non-

existent controls.

60. After you have identified the red flags of ID Theft that you’re likely to come across in

your business, what do you do next?

A. Set up procedures to detect those red flags in your day-to-day operations.

B. Train all employees who will use the procedures.

C. Decide what actions to take when a red flag is detected.

D. All of the above

61. One of the key success driver of Data Analysis is the ability to keep shuffling between

the bird’s eye view (i.e macro overview) vis-à-vis the ant’s view (i.e micro view) of the

data. In that context, which of the following techniques are useful for Forensic Auditor

to get Bird’s Eyeview Or Macro overview of the Data

(i) Missing / Gap Analysis (ii) Stratification (iii) Isolated Outliers (iv) Classification (v) Ageing Analysis (vi) Round Number Analysis

A. (i), (ii) and (iii)

B. (i), (iii) and (iv)

C. (ii), (iv) and (vi)

D. (ii), (iv) and (v)

62. ____________________ is a generic term which refers to all the legal and regulator aspects of

Internet and the World Wide Web

A. Cyber Law

B. Cyber Dyne

C. Cyber Café

D. Electronic Law

63. When was the first ever cybercrime recorded?

A. 1820 by Joseph-Marie Jacquard, a textile manufacturer in France

B. 1830 by Joseph-Marie Jacquard, a textile manufacturer in London

C. 1850 by Joseph-Marie Jacquard, a textile manufacturer in Roam

D. 1880 by Joseph-Marie Jacquard, a textile manufacturer in Japan

64. A system of checks and balances between management and all other interested parties

with the aim of producing an effective, efficient, and law-abiding corporation is known

as:

A. Corporate governance

B. Code of conduct

C. Transparency

D. Culture of compliance

65. Many indicators of fraud are circumstantial; that is, they can be caused by nonfraud

factors. This fact can make convicting someone of fraud difficult. Which of the following

types of evidence would be most helpful in proving that someone committed fraud?

A. Missing documentation.

B. Analytical relationships that don’t make sense.

C. A repeated pattern of similar fraudulent acts.

D. A general ledger that is out of balance.

66. All of the following are indicators of financial statement fraud except:

E. Unusually rapid growth of profitability.

F. Dependence on one or two products.

G. Large amounts of available cash.

H. Threat of a hostile takeover.

67. Disc imaging

I. bit stream duplicate

J. no alterations to original media

K. verify integrity

L. All of above

68. FTK's Known File Filter (KFF) can be used for which of the following purposes?

i. Filter known program files from view

ii. Calculate hash values of known files to evidence files.

iii. Filter out evidence that doesn't relate to your investigation.

M. I and ii

N. Ii and iii

O. I and iii

P. All of above

69. A ____ function is any well defined procedure or mathematical function for turning some

kind of data into a relatively small integer.

A. hash

B. metadata

C. encryption

D. decryption

70. Which of the following are strategies used to attempt to minimize piracy of software or

other intellectual property?

A. Encryption

B. Intellectual property laws

C. Legal copyrighting

D. All of the above

71. A denial of service attack occurs when the perpetrator:

A. sends e-mail bombs

B. eavesdrops

C. installs a logic time bomb

D. cracks a computer system

72. A fraud perpetrated by tricking a person into disclosing confidential information, such

as a password, is called

A. a Trojan horse

B. hacking

C. social engineering

D. scavenging

73. Which of the following is a method used to embezzle money a smallamount at a time

from many different accounts?

A. Data diddling

B. Pretexting

C. Spoofing

D. Salami technique

74. A challenge relating to Cyber-crimes is the collection of ____________________

A. electronic evidence

B. paper evidence

C. mechanical evidence

D. hardware evidence

75. Lie detector test does not include

A. Polygraph Test

B. Blood Group

C. Blood Pressure

D. Computer Analysis

76. the chronological documentation showing the seizure, custody, control, transfer,

analysis, and disposition of physical or electronic evidence

A. chain of custody

B. Documentary Evidence

C. Demonstrative evidence

D. None of these

77. What is the best response of a forensic professional to an attorney who asks a

hypothetical question?

A. Provide the best answer possible given the evidence and appropriately

emphasis the hypothetical nature of the question.

B. Demonstrate anger and register a protest.

C. Refuse to answer the question.

78. Which of the following is least likely to be considered a financial reporting fraud

symptom, or red flag?

A. Grey directors.

B. Family relationships between directors or officers.

C. Large increases in accounts receivable with no increase in sales.

D. Size of the firm.

79. Which of the following is the indicator of deception while conducting Forensic

Interview

A. Quick, spontaneous answers

B. Consistent strong denial

C. Direct, brief answers

D. Hesitant

80. Which of the following is NOT one of the major types of fraud classification schemes?

A. Employee embezzlement

B. Government fraud

C. Investment scams

D. Customer fraud

81. The Auditor’s Responsibilities Relating to fraud in an audit of Financial Statements are

specified in :

A. SA 240

B. SA 250

C. SA 300

D. SA 450

82. Which of the following is not a characteristic of computer viruses?

A. They can lie dormant for a time without doing damage

B. They can mutate which increases their ability to do damage

C. They can hinder system performance

D. They are easy to detect and destroy

83. Which of the following is not a type of external fraud?

A. Delivery of substandard goods at full price

B. Creating phony vendors

C. Phishing attacks

D. Cheating on travel expense reports

84. All of the following ratios are useful in detecting large revenue frauds except:

A. Gross profit margin. B. Working capital turnover. C. Accounts receivable turnover. D. Current ratio.

85. The ratio that is computed by dividing the number of days in a period by the inventory turnover ratio is:

A. accounts receivable turnover ratio.

B. inventory turnover ratio.

C. working capital turnover ratio.

D. number of days' sales in inventory.

86. According to the opportunity part of the fraud triangle, a person may do all of the following acts except

A. Convert the theft or misrepresentation for personal gain

B. Control the fraud

C. Commit the fraud

D. Conceal the fraud

87. The most common account(s) manipulated when perpetrating financial statement fraud are:

A. Inventory

B. Expenses

C. Revenues

D. Accounts Payable

88. Which of the following is NOT a method that is used for identity theft?

A. Dumpster diving

B. Phishing

C. Shoulder surfing

D. Spamming

89. General financial statement fraud can be detected through

A. audit

B. Surprise audits /cash counts.

C. Data mining

D. All of the above

90. Which of the following is not a skill needed by a Forensic Accountant?

A. Auditing Skills.

B. Criminology.

C. Sociology

D. Information Technology

MODEL TEST PAPER -2

1 A red flag indicates that the alert is.........

A. Old

B. Follow up

C. Urgent

D. New

2 A fraud which is perpetrated by scrambling a company's files is a:

A. data fraud

B. output fraud

C. computer instructions fraud

D. Input fraud.

3 E-commerce is the commercial transaction of services in a/an ______________

A. mechanical format.

B. electronic format

C. Paper

D. Stone

4 Which of the following refers to a business platform, involving a business entity and

consumers?

A. Business-to-consumer (B2C)

B. Business-to-business (B2B)

C. Consumer-to-business (C2B)

D. Consumer-to-consumer (C2C)

5 . The physical Cheque tempering prevention method in which extremely small

printing, too small to be read with naked eye becomes distorted when photocopied

is called _______.

A. High resolution microprinting

B. Microline printing

C. Watermark backers

D. None of above

6 Which among the following are the three payroll fraud schemes

i) Ghost employees ii) Temporary employees

iii) Falsified overtime iv) Commission

A. i , ii & iii

B. i , iii & iv

C. ii , iii & iv

D. i , ii & iv

7 In which of the following is the computer incidental to the crime?

A. Computer manipulation

B. Money laundering

C. Data alteration

D. Theft of services

8 In which of the following is a computer not incidental to the crime?


B. Money laundering

C. Criminal enterprises

D. Sex crimes

9 Which Standard on Auditing among the following describes the importance of red

flags:

A. SA 240

B. SA 210

C. SA 250

D. SA 260

10 The most popular software forensic tools include all of the following except:

A. Forensics Autopsy

B. QUICKEN

C. Forensics Toolkit

D. SMART

11 Hash values are used for which of the following purposes?

A. Determining file sizes

B. Filtering known good files from potentially suspicious data

C. Reconstruction file fragments

D. Validating that the original data hasn’t changed.

12 The verification function does the following?

A. Proves that a tool performs as intended

B. Creates segmented files.

C. Proves that two sets of data are identical via hash values

D. Verifies hex editors.

13 What are the Characteristics of an Interview

I. Establishing Rapport II. Careful listening

III. Accusatory IV. Dominate the Conversation

A. All (I), (II), (III) & (IV) above

B. Both (I) and (II) above C. Both (III) and (IV) above

D. None 14 Which of the following questions are interview based questions

I. "Did you plan this fraud out for months and months in advance or did it pretty much happen on the spur of the moment?"

II. “Were there any sales after office hours, before office hours?” III. “how are these cash memos generated?” IV. "What are your duties and responsibilities?“

A. All (I), (II), (III) & (IV) above B. Both (II) and (III) above C.(II) (III) and (IV)aboveD. None 15 The style of interviewer while handling fraud cases should be

I. He should be friendly and easy-going like cracking jokes and asking about hobbies and favorite things because the information is easily extracted from the anyone whom he gets friendly to

II. He should be strict, authoritative and accusatory because otherwise the suspect can take the investigator for granted and tell lies or not answer to what is being asked

III. He should be the one who does most of the talking and asking questions to which the suspect answers in Yes or No

IV. He should maintain a non-accusatory tone and firm demeanor during an interview. he should keep his questions brief and, whenever possible, elicit a narrative response from the subject

A. Both (I) and (III) above B Only (IV) above C Only (II) above D None 16 Most frauds involve three steps. These steps are:

A. access, opportunity, need

B. decrease assets, increase expenses, misappropriation

C. theft, conversion, concealment

D. input, processing, output

17 Which section of IT Act covers most of the common crimes arising out of “Unauthorised

Access”

A. Section 66

B. Section 67

C. Section 73

D. Section 74

18 The imaginary location where the word of the parties meets in conversation is referred

to as ________________.

A. Cyberspace

B. Space

C. Cyberdyne

D. Cybernet

19 Which of the following is not a method for stealing sales and receivables but a way of

using skimmed money

A. lon term skimming

B. short term skimming

C. Understated sales

D. Unrecorded sales

20 Which of the following sentence is true?

A. Lapping is the debiting one account and crediting of another account.

B. The legal definition of forgery includes only the signing of another person’s

name to a document with fraudulent intent.

C. Lapping is the crediting of one account through abstraction of money from

another account.

D. None of the Above

21 __________ are those cheque tempering schemes in which an employee intercepts a

company cheque intended for a third party and converts the cheque by signing the third

party’s name on the endorsement line of cheque.

A. Intercepted cheques

B. Altered payee schemes

C. Authorized maker scheme.

D. Forged endorsement scheme.

22 . Which of the following is an example of a crime associated with the prevalence of

computers?


B. Money laundering

C. Theft of services

D. Intellectual property violations

23 Which of the following crimes targets a computer?

A. Denial of service

B. Money laundering

C. Theft of services

D. Intellectual property violations

24 Which of the following best defines computer abuse?

A. Denial of service

B. Money laundering

C. An illegal act in which knowledge of computer technology is used to

commit the act

D. An intentional act involving a computer in which the perpetrator may

have gained at the victim’s expense

25 A red flag is.........

A. Indicator of fraud

B. Indicator of situation of fraud

C. A or B Both

D. Neither A nor B

26 Direct Observation is to determine.........

A. effect of red flag on organisation

B. Cost of identified loss

C. Potential loss

D. Historical Loss

27 Costly types of fraud include

A. Financial Statement Fraud

B. Check Forgery

C. Credit Card Fraud

D. All of the above

28 Hashing, filtering and file header analysis make up which function of digital forensics

tools?

A. Validation and Verification

B. Acquisition

C. Extraction

D. Reconstruction

29 What are the function of Extraction:

A. GUI Acquisition

B. Command line acquisition

C. Carving

D. Hashing

30 Disc imaging is used to:

A. bit stream duplicate

B. no alterations to original media

C. verify integrity

D. All of above

31 While interviewing/interrogating a suspect, an investigator should do the

following:

I. Listen only to what the suspect says and ignoring his behavioral attributes II. Don’t believe at all to what he says and concentrate only to his behavioral

attributes III. Rely on the opinion of what others are talking about him (his supervisor, his

colleagues and his juniors) and on his past history of manipulation. IV. Collect Documentary Evidence and corroborate it with explanation obtained

while interviewing/interrogating considering their behavior attributes on non-judgmental basis

A. Both (I) and (III) above B. Only (I) above C. Both (II) and (III) above D. Only (IV) above 32 In order for an act to be legally considered fraud it must be all of the following except:

A. A material fact B. An injury or loss suffered by the victim C. A false statement D. No intend to deceive

33 The World‟s first computer-specific statute was enacted in 1970, by the German state,

in the form of a ___________________ .

A. Data Protection Act.

B. Cyber Law

C. Copy right

D. Patent right.

34 Which of the following should be covered in employee anti-fraud training?

A. The exact procedures management uses to detect fraud

B. A detailed explanation of the company’s anti-fraud control

C. Examples of past transgressions and how they are handled

D. All of the above

35 Jackson is a receiving clerk at a warehouse. His job is to count the number of units in

incoming shipments, record the figures in receiving reports, and forward copies of the

reports to the accounts payable department. One day, Jackson received a box of 20

laptop computers at the warehouse. His wife's computer just broke, so he stole one of

the computers from the box. To conceal his scheme, Jackson sent a receiving report to

accounts payable that 20 computers arrived, but he only recorded 19 on the copy of the

receiving report used for the inventory records. What type of scheme did Jackson

commit?

A. An asset transfer scheme

B. A purchasing and receiving scheme

C. A non-cash larceny scheme


36 Which of the following schemes refers to the falsification of personnel or payroll

records, causing paychecks to be generated to someone who does not actually work for

the victim company?

A. Falsified salary scheme

B. Record alteration scheme

C. Ghost employee scheme

D. Inflated commission scheme

37 . On recent Windows installations, the standard location for storing critical system files

is ________.

A. C:/Program Files/

B. C:/System/

C. C:/Important/

D. C:/Windows/

38 8. The intersection of a hard disk's sector and track is called a ________.

A. block

B. cluster

C. byte

D. bit

39 9. File system drivers impose limitations and boundaries, such as ________.

A. file usage

B. minimum file size

C. file name length

D. swap usability

40 . What is a “Hacktivist”?

A) Politically motivated hacker

B) Denial of service attacker

C) A proponent of Napster

D) A person engaging in an intentional act involving a computer in which

the person may have gained at the victim’s expense

41 . Which of the following individuals developed one of the first systems to define

computer crimes in 1976?

A) David Carter

B) Donn Parker

C) Jay Nelson

D) Robert Taylor

42 Which of the following is an example of a computer manipulation crime?

A) An intruder removes valuable information from a computer system.

B) Hacking

C) A person alters payroll records to attain a higher rate of pay.

D) Medical records are altered.

43 Employee life style changes (expensive car, jewelry) will come under which component

of Fraud Triangle?

A. Opportunity

B. Pressure

C. Rationality

D. Can’t Say

44 Employee’s significant personal debt & credit problems will come under which

component of Fraud Triangle?

A. Opportunity

B. Pressure

C. Rationality

D. Can’t Say

45 The reconstruction function is needed for which of the following purposes?

A. Re create a suspect drive to show what happened

B. Create a copy of a drive for other investigators

C. Recover file headers

D. Re create a drive compromised by malware

46 ___ is the set of instructions compiled into a program that performs a particular task.

A. Software

B. Hardware

C. OS


47 Which of the following is Indicator of truth while conducting a forensic Interview

A. Week Denials

B. Direct Brief Answers

C. Verbal attacks directed at Interviewer

D. Answering with a different question

48 What is Voice Biometric

A. Technology for Voice recognition while Conducting interviews

telephonically

B. Voice Recognition for Service Access

C. Technology to authenticate a person’s voice

D. All of the Above

49 Which of the following pressures are classified as Management Characteristics that can

lead to financial statement fraud?

A. High management and/or employee turnover

B. Declining industry

C. New regulatory requirements that impair financial stability or

profitability

D. Intense pressure to meet or exceed earnings expectations

50 Which of the following is issued online for use over the Internet and is stored in an

electronic device such as a chip card or computer memory?

A. Hard Cash

B. Business Card

C. E-Cash

D. E- Card

51 With a view to facilitate ___________________, it is proposed to provide for the use and

acceptance of electronic records and digital signatures in the Govt. Offices and its

agencies.

A. Electronic Governance

B. Paper Governance.

C. Oral Testimony.

D. Mechanical Governance.

52 Data, record or data generated image or sound stored, received or sent in an electronic

form or micro film or computer generated micro fiche as per the [Sec., 2(t) of I.T. Act,

2000] means ______________________

A. Electronic Document.

B. Electronic Record

C. Hard Record

D. Hard Document.

53 Of the following, who should conduct physical observations of a company's inventory in

order to most effectively prevent inventory theft?

A. Warehouse personal

B. Purchasing agents

C. Purchasing supervisor

D. A sales representative 54 Which of the following fraudulent entries is most likely to be made to conceal the theft

of an asset?

A. debit expenses and credit the asset

B. debit the asset, credit another asset account

C. debit revenue , credit the asset

D. debit another asset account and credit the asset

55 Corporate officers who knowingly violate certification requirements under criminal

certifications (section 906) are subject to –

A. fine of up to $1 million or up to 10 years imprisonment

B. fine of up to $ 1 million and up to 10 years imprisonment, or both

C. fine of up to $ 5 million or up to 20 years of imprisonment

D. fine of up to $ 5 million and up to 20 years of imprisonment, or both.

56 Using metadata, forensics investigators can ________. (Select the three that apply)

A. search for files that were created at a specific time

B. filter files that do not contain evidence

C. filter files by size

D. search for file names that match patterns

57 On Linux and UNIX, the /home directory structure is the standard location for storing

________.

A. user installed applications

B. data specific to users

C. critical system files

D. temporarily deleted data

58 Which one of the following is a benefit of a RAID configuration of disks?

A. Capacity

B. Performance

C. Redundancy

D. All of the above

59 . An intruder removes valuable information from a computer system. What term

describes this crime?

A. Computer vandalism

B. Hacking

C. A person alters payroll records to attain a higher rate of pay.

D. Data alteration

60 11. Which of the following is a computer crime that deprives the legitimate owner of a

tangible asset?

A. Hacking

B. Money laundering

C. Manipulating the price of a stock

D. Salami slice

61 12. Which of the following is not a similarity between real-world stalking and cyber

stalking?

A) Most victims are women.

B) Most stalkers are men.

C) The stalker and victim are near to each other.

D) Stalkers are generally motivated by the desire to control the victim.

62 High Employee turnover especially in areas vulnerable to fraud will come under which


A. Opportunity

B. Pressure

C. Rationality

D. Can’t Say

63 The type of forensics that involves examining malicious software

a) Software forensics

b) Hardware forensics

c) Network forensics

d) Digital forensics

64 Many password recovery tools have a feature for generating potential password lists

for a(n) ____ attack.

A. Password Dictionary

B. Brute Force Attack

C. Key Logger Attack

65 Voice Analysis can detect?

A. Temperament of a person during the interview

B. Whether person is lying

C. Whether he is telling the facts

D. All of the above

66 During the interview, what should be safety concerns must include

A. Awareness

B. Interview Location

C. Physical Red Flags

D. All of the above

67 The Sarbanes-Oxley Act is also called what?

A. Corporate Fraud Protection Act of 2002

B. Public Corporation Accounting Oversight Act

C. Public Company Accounting Reform and Investor Protection Act of 2002

D. Principles of Federal Prosecution of Business Organizations

68 The requirement to reimburse a company for any bonuses or other compensation

received during the 12-month period following the restatement of financials as a result

of misconduct is called:

A. Disgorgement

B. Executive penalty

C. Insider trading

D. Corporate accountability

69 The _________________ provides for authentication of a document by means of digital

signatures under Article 7.

A. E-Commerce

B. Model Law

C. E-Law

D. Dynamic Law.

70 According the IT act 2000, _______________ means a person who is intended by the

originator to receive the electronic record but does not include any intermediary.

A. “Address”

B. “Affixing Digital Signature”

C. “Computer Resource”

D. "Data"

71 Section 301 of the SOX requires that the auditor should report directly to ______.

A. Management

B. Government

C. Audit committee

D. Stakeholders/ Owners/Investors 72 Data is organized as files mostly because ________. (Choose the best answer)

A. computers cannot store very large files

B. it is easier for the computer to store many smaller chunks of data than it is to

store one large chunk of data

C. it is easier for people to store many smaller chunks of data than it is to store

one large chunk of data

D. people need to store their data with labels to make retrieval easier

73 13. Which of the following crimes may be facilitated by the use of a computer?

A. Loan-sharking

B. Drug rings

C. Prostitution rings

D. All of the above

74 Which of the following is the Security feature provided by bank to its

accountholders so that only authorized electronic transaction are allowed.

A. ACH

B. AHC

C. CAH

D. CHA

75 new process is always "called" or "created" as a result of ________.

A. the process manager reading programs from disk media

B. one process requesting a program to be loaded and executed

C. system processes starting new services

D. the memory manager reading the program file to start execution

76 Which two of the following answers do NOT describe the responsibility of the

memory manager?

A. Selecting which process to run

B. Allocating memory to processes

C. Swapping memory from RAM to Disk

D. Formatting newly allocated memory

77 A computer's boot process begins when what event occurs?

A. The computer BIOS turns on the processor.

B. The operating system loads.

C. The Master Boot Record is read.

D. The computer is powered on.

78 Which of the following crimes is done using a computer as the instrument?

A) Computer manipulation

B) Money laundering

C) Data alteration

D) Theft of services

MODEL TEST PAPER -3

I. NIST is

A. national institute of standard technology

B. national institute of service technology

C. national institute of security training

D. None of these

II. “Suspicious” refers to which of the following:

A. Inconsistent signatures on file.

B. Driver’s license photo doesn’t match person.

C. Inability to recall mother’s maiden name.

D. Any and all of the above.

III. Red Flag procedures must be implemented by individual departments. That means:

A. The procedures just have to be written and accessible to everyone.

B. The procedures have to be written and everyone needs to be trained to use

them.

C. The procedure & policy will be drafted

D. A & B Both

IV. Financial statement fraud is often attributed to pressures, such as all of the following

except:

A. Investment losses

B. Meeting analysts’ expectations

C. Deadlines, and cutoffs

D. Qualifying for bonuses

V. Which of the following is/are red flags for embezzlement:

A. Carrying usually large sum of money

B. Continuous rollover of loans

C. Significant downsizing in a healthy market

D. Photocopied or missing documents

VI. Which of the following is not a required part of an Identity Theft Prevention Program?

A. Reasonable policies and procedures to identify potential “red flags”

B. A dedicated phone line for customers to call in identity theft reports.

C. Specific procedures to detect the “red flags” identified as potential threats.

D. A plan for regularly re-evaluating the program.

VII. The Red Flag Rules apply to anyone who deals with-

A. Financing and credit

B. Retail merchants

C. University healthcare practices

D. All of above

VIII. Under the Red Flag Rules, all “covered accounts” must be marked

A. Small red flag symbol

B. Riskier red flag symbol

C. Red flags indicating high impact on financial statement


IX. Personal Identification Information (PII) includes:

A. Any name or number.

B. Any name or number, used alone or in conjunction with any other information.

C. Any name or number that may be used, alone or in conjunction with any other

information, to identify a specific individual.

D. None of the above.

X. There are many threats to accounting information systems. Which of the following is an

example of an Intentional Act

A. War and attack by terrorists

B. Hardware or software failure

C. Computer fraud

D. Logic errors

XI. The _________________ provides for authentication of a document by means of digital

signatures under Article 7.

A. E-Commerce

B. Model Law

C. E-Law

D. Dynamic Law.

XII. A virus can infect a system by:

A. Booting up a computer with an infected disk

B. Running an infected program

C. Opening a file on a disk that is infected

D. All of the above

XIII. In the United States, approximately what percentage of software in use is pirated?

A. 90%

B. 75%

C. 26%

D. 10%

XIV. Is the science of ________________ is the science of acquiring, preserving, retrieving, and

presenting data that has been processed electronically and stored on computer media.

A. Anonymous remailing


C. Using a firewall


XV. Which of the following describes a firewall?

A. A copy of data

B. Data that cannot be lost

C. Digital forensic analysis

D. Device or software that acts as a checkpoint between a network or stand-

alone computer and the Internet

XVI. Which of the following techniques do not help prevent computer crime?

A. Backups


C. Firewalls

D. Encryption

XVII. The type of forensics that involves analyzing information stored in a storage media such

as a hard drive

A. Disc Forensics

B. Network Forensics

C. Live forensics

D. Internet forensics

XVIII. There are three c's in computer forensics. Which is one of the three?

A. Control

B. Chance

C. Chains

D. Core

XIX. The investigator-in-charge is suppose to Identifying and _____________ e-evidence.

A. Collecting

B. Classification

C. Analyzing

D. None of these

XX. __________ are those cheque tempering schemes in which an employee intercepts a

company cheque intended for a third party and converts the cheque by signing the third

party’s name on the endorsement line of cheque.

A. Intercepted cheques

B. Altered payee schemes

C. Authorized maker scheme.

D. Forged endorsement scheme.

XXI. Of the following, who should conduct physical observations of a company's inventory in

order to most effectively prevent inventory theft?

A. Warehouse personal

B. Purchasing agents

C. Purchasing supervisor

D. A sales representative

XXII. The process by which several bidders conspire to split contracts up and ensure each gets

a certain amount of work is called

A. Bid pooling

B. Fictitious suppliers

C. Kickback payments

D. Bidding agreements

XXIII. Bribery schemes generally fall into two broad categories which are-

I. Kickbacks

II. Overbilling schemes

III. Bid rigging schemes

IV. Extortions

A. I and II

B. I and III

C. II and IV

D. II and III

XXIV. Which of the following is Indicator of truth while conducting a forensic Interview

A. Week Denials

B. Direct Brief Answers

C. Verbal attacks directed at Interviewer

D. Answering with a different question

XXV. Confrontational Interviews and recording of any interviews should be done

A. With the advice of legal counsel only if there is need to prosecute the fraudster later.

B. With the advice of legal counsel to get proper legal guidance to protect the

interviewer, the Company, Directors/Management and prosecute the

fraudster later if needed.

C. Without the advice of legal counsel since the confidentiality of strategy is

compromised.

D. Without the advice of legal counsel since they have no role to play till the fraud is

established.

XXVI. The possible profiles of a fraud perpetrator are

A. Very friendly, but self centered and egoistic

B. Unfriendly and an introvert

C. Surly and angry but good in work

D. Very slow in work that he/she is used to doing for years together

XXVII. Which one of the following would be considered an informal written communication?

A. An electronic document such as a spreadsheet that is attached to an email update to

an attorney

B. An email that updates a peer investigator on the status of a particular case

C. A disk image that is sent to a peer investigator for review

D. An email that notifies an attorney that all evidence has been reviewed and analysed

XXVIII. Forensic reports are written to answer questions about which one of the following

topics? (Select the BEST answer)

A. Forensic investigations involving computer crime

B. All forensic investigations

C. Intrusion/Incident response and vulnerability assessment

D. All incidents involving investigations, vulnerability assessment, and intrusion

response

XXIX. What is the basic purpose of any digital forensic report? (Select the BEST response)

A. Report who did what and when.

B. Report the conclusion of the investigation.

C. Report what was done and what was found.

D. List or itemize the evidence.

XXX. The process of providing answers to the legal system is called ________.

A. Investigation

B. Evidence reporting

C. Question answering

D. Deposition

XXXI. Which one of the following question answers would NOT be found in the executive

summary portion of the forensic report?

A. Why the investigation was initiated

B. What forensic challenges were faced and overcome in the investigation

C. Who authorized the investigation

D. What significant results were found

XXXII. Which one of the following would NOT be included in the "full documentation" of

evidence collected?

A. Who collected the evidence

B. What evidence was collected

C. The version of software that produced the evidence

D. The procedure followed to collect the evidence

XXXIII. Which one of the following definitions best describes informal reports for digital

forensic investigations?

A. All written or electronic reports that document results from a digital forensic

investigation

B. Reports on investigations that are not made directly to a judge or jury

C. All oral reports that are presented to court in addition to all written or electronic

documents resulting from an investigation.

D. Reports on digital investigations made in casual attire to a board of directors or

one's employers

XXXIV. Why would a digital forensic expert be expected to write "absolutely nothing unless it is

a fact supported by evidence"?

A. It may confuse the forensic reporter who produces the final written report years

after the investigation concludes.

B. It is a principle of computer forensics to think through all statements before

committing them to paper or electronic document.

C. The evidence may later be excluded from the investigation.

D. It may be disclosed in discovery and inadvertently cast a shadow of doubt on

the case.

XXXV. Which one of the following is an example of formal oral reporting for a crime involving

digital computers?

A. Swearing-In

B. Record

C. Deposition

D. Testimony

XXXVI. Which officer in a company is most likely to be the perpetrator of financial statement

fraud?

A. Chief financial officer (CFO).

B. Chief operating officer (COO).

C. Chief executive officer (CEO).

D. Controller.

XXXVII. When looking for financial statement fraud, auditors should look for indicators of fraud

by:

A. Evaluating changes in financial statements.

B. Examining relationships the company has with other parties.

C. Examining operating characteristics of the company.


XXXVIII. The three aspects of management that a fraud examiner needs to be aware of include all

of the following except:

A. Their backgrounds.

B. Their religious convictions.

C. Their influence in making decisions for the organization.

D. Their motivations.

XXXIX. In the Phar-Mor fraud case, several different methods were used for manipulating the

financial statements. These included all of the following except:

A. Funneling losses into unaudited subsidiaries.

B. Recognizing revenue that should have been deferred.

C. Overstating inventory.

D. Manipulating accounts.

XL. Most financial statement frauds occur in smaller organizations with simple

management structures, rather than in large, historically profitable organizations.

This is because:

A. It is easier to implement good internal controls in a small organization.

B. Management fraud is more difficult to commit when there is a more formal

organizational structure of management.

C. People in large organizations are more honest.

D. Smaller organizations do not have investors.

XLI. Management fraud is usually committed on behalf of the organization rather than

against it. Which of the following would not be a motivation of fraud on behalf of an

organization?

A. CEO needs a new car.

B. Pressure to meet expected earnings.

C. Restructure debt covenants that can’t be met.

D. A highly competitive industry.

XLII. During an audit, an auditor considers the conditions of the auditee and plans the audit

accordingly. This is an example of which of the following?

A. Zero-order reasoning.

B. First-order reasoning.

C. Fraudulent reasoning.

D. High-order reasoning.

XLIII. In the context of strategic reasoning, if an auditor only follows the established audit

plan and does not consider other factors relating to the auditee, then this is an example

of which of the following?

A. Zero-order reasoning.

B. First-order reasoning.

C. Fraudulent reasoning.

D. Higher-order reasoning.

XLIV. In recent years, many SEC investigations have taken place on the improper issuance of

stock options to corporate executives. These practices increase executive compensation

at the expense of shareholders. This practice is known as:

A. Backdrafting stock options.

B. Stock option reversals.

C. Stock option extensions.

D. Backdating stock options.

XLV. Backdating is:

A. Deliberately changing stock options for the purpose of securing extra pay for

management.

B. Using insider information to profit from stock trading.

C. Using "bucket" accounts rather than recording cost of goods sold.

D. Banks providing favorable loans to companies in return for the opportunity to make

money from other transactions and fees.

XLVI. Generally accepted accounting principles (GAAP):

A. Tend to be more principles-based than standards in other countries.

B. Enable companies to find specific rules to support their fraudulent transactions.

C. Tend to be more objectives-based than standards in other countries.

D. Allow for companies to exploit loopholes in the standards.

XLVII. Committing financial statement fraud is easiest:

A. In large, historically-profitable organizations.

B. When decision making is done by one or two individuals.

C. When three or more people work together to cover up the fraud.

D. With an active audit committee and board of directors.

MODEL TEST PAPER -4

1. Who are the primary victims of financial statement fraud?

A. Middle management

B. Organizations that buy goods or services

C. Analysts

D. Stockholders

2. A forensics certification provides _________.

A. a reason for continuing education

B. external validation of one's forensics skills

C. breadth in the computer industry

D. depth in a particular subject

3. Payment to vendors who aren’t on an approved vendor list, a -

A. Management Red flag

B. Red flag in purchasing

C. Red flag in payroll

D. Red flag in account receivable

4. Sudden activity in a dormant banking account, a-




Red flag in cash/ account receivable

5. How frequently do most people rationalize?

A. Sometimes

B. Often

C. Never

D. Rarely

6. Fraudulent financial reporting is most likely to be committed by whom?

A. Line employees of the company

B. Outside members of the company’s board of directors

C. Company management

D. The company’s auditors

7. Who Commits Financial Statement Fraud:

A. Senior Management

B. Middle and lower level employees

C. Organized Criminals

D. All the above

8. SA 250 related to:

A. Auditor’s Responsibilities Relating to fraud in an audit of Financial Statements

B. Consideration of Laws and Regulations in an Audit of Financial Statements

C. Both A and B


9. Maximum Imprisonment Punishment for fraud for criminal liability as per Section 447

of Companies Act, 2013.

A. 3 Years

B. 5 Year

C. 7 Year

D. 10 Year

10. Why Do People Commit Financial Statement Fraud

A. To conceal true business performance

B. To preserve personal status/control

C. To maintain personal income/wealth

D. All the above

11. The reconstruction function is needed for which of the following purposes?

E. Re create a suspect drive to show what happened

F. Create a copy of a drive for other investigators

G. Recover file headers

H. Re create a drive compromised by malware

12. The following is used as forensic software except ____.

A. The Coroner’s Toolkit

B. Outlook

C. ILook

D. Forensic Toolkit

13. When conducting _________ analysis, the first step is to recover undeleted files.

A. Research

B. Forensic

C. Process

D. Security

14. Because the federal Red Flag Rules are so comprehensive, Minnesota’s state laws

concerning identity theft prevention no longer apply.

A. True

B. False

C. Depends on situation of identity theft

D. Can’t say

15. Theft of an employer’s property which was not entrusted to employee will be defined

as-

A. Lapping

B. Larceny

C. Check kitting


16. A “habitual criminal” who steals for the sake of stealing is known as-

A. Psychotic

B. Egocentric

C. Ideological

D. Economic

17. A Personal prestige, goal achievement is termed as

A. Psychotic

B. Egocentric

C. Ideological

D. Economic

18. Which of the following statements is CORRECT: As per Beneish Model:

A. A score less than -2.22 indicates a strong likelihood of a firm being a

manipulator.

B. A score greater than -2.22 indicates a strong likelihood of a firm being a

manipulator.

C. A score between -2.22 and +2.22 indicates a strong likelihood of a firm being

a manipulator.

D. A score between -2.22 and +7.88 indicates a strong likelihood of a firm being

a manipulator.

19. Ideological means-

A. Personal prestige, goal achievement.

B. Cause is morally superior, justified in making other victims

C. Desperate need for money, greed, economic achievement


20. What is a telephone “phreaker”?

A. People who obtain free cellular phone service through theft or forgery of

subscriber information or through employee collusion.

B. People who exploit weaknesses in the cellular network’s technology to

defraud the cellular service provider.

C. People who stalk others on the Internet.

D. People who trick telephone systems into believing that long-distance and

airtime are being legitimately purchased.

21. Which of the following is not a tool utilized by computer criminals?

A. NMAP

B. ToneLoc

C. Cyber-stalker

D. Cryptanalysis

22. What is the purpose of cryptanalysis software?

A. Breaking encryption

B. Taking advantage of a security hole

C. Impairing or destroying function in a computer

D. Delivering attack software

23. What is the delivery vehicle of choice for exploit software?

A. NMAP

B. Cryptanalysis

C. Tone Loc

D. Trojan Horse Programs

24. What is the primary distinction between viruses and worms?

A. Worms do not rely on a host program to infect.

B. Worms masquerade as legitimate while causing damage.

C. Viruses do not rely on a host program to infect.

D. A computer virus is active without a host.

25. Which of the following is not a feature of a “cookie”?

A. It is saved on the user’s hard drive.

B. It tracks which sites a computer has visited.

C. It may assist in an investigation.

D. They are evil programs that scan the hard drive of a computer.

26. Which of the following describes the demographic profile of a hacker?

A. White male

B. 14 to 25 years of age

C. Highly intelligent, yet an underachiever in school

D. All of the above

27. ________________ is the science of acquiring, preserving, retrieving, and presenting data

that has been processed electronically and stored on computer media.

A. Anonymous remailing


C. Using a firewall


28. The term disk geometry refers to ________.

A. the physical dimensions of the storage media

B. the number of blocks on the disk

C. the total size and number of cylinders, heads, and sectors

D. the number of bits that can be stored on the disk

29. The stored bits of flash media are located in ________.

A. rooms

B. cells

C. sectors

D. blocks

30. Which of the following are challenges to data recovery for "highly available" memory?

A. The data is distributed across several physical disks.

B. The data is encrypted.

C. The "highly available" solution contains unusually large and un-wieldy

capacity.

D. The data cannot be made unavailable for any length of time and therefore

proper.

31. Which of the following statements is true about a computer's boot process?

A. The boot process begins when the Central Processing Unit is initialized.

B. The user can accelerate the boot process by pressing "Windows" key (also

known as the turbo button).

C. The first process in Linux is called 'kernel'.

D. A Power-On Self-Test is performed once firmware is loaded

32. Which one of the following questions is NOT one to be answered by the investigation

plan?

A. Where is the evidence likely to be located?

B. What age is the suspect?

C. What local laws and court processes will affect this investigation?

D. What skills are needed to extract the evidence?

33. Vulnerability assessment experts will perform the task of ________. (Select the three that

apply)

A. assessing the prevalence of a known weakness by scanning entire networks

B. assessing the damage and impact of an exploited vulnerability

C. scanning hosts for known weaknesses and vulnerabilities

D. validating the integrity of the host or network equipment

34. Which three of the following would help investigators set the scope for strategies to

extract evidence from acquired images?

A. The password of the suspect

B. The type of files that are not sought by a warrant

C. The question or questions to be answered by the evidence

D. Items found in pockets of clothing owned by the suspect

35. A process is best described as a _______.

A. list of steps to complete a procedure

B. list of steps which together complete a single task or part of a task for a

forensics investigation

C. list of tasks which together complete a forensics investigation

D. list of tasks that together complete one step in a procedure

36. Separation of duties within an investigation describes how _______ and _______ should be

accomplished by different staff.

A. collection of physical evidence / collection of digital evidence

B. extraction / acquisition

C. acquisition / validation

D. All of the above

37. In order to maintain the _________, both a single-evidence form and a multi-evidence

form are used to document and catalog evidence.

A. proper signatures

B. evidence validation

C. image reconstruction

D. chain of custody

38. According to the Federal Rules for Evidence (FRE) section 702, the opinion of an expert

witness can be based on all of the following EXCEPT ________.

A. the product of consultations from peers with other expertise

B. sufficient facts or data

C. the product of accepted and reliable principles or methods

D. application of accepted and reliable principles or methods

39. Which one of the following factors can sabotage the quality of digital evidence reports

between the investigation and the presentation of the evidence to a court?

A. A forensic professional reporting the work of a retired forensic investigator.

B. The promotion of the detective who had been leading a criminal investigation.

C. The procedures used to analyze the data may have been invalidated by court.

D. All of the above

40. The best evidence rule of a case is the expectation that the evidence of a case ________.

A. is the prime evidence that prove the theory of an attorney

B. has been collected with the best and most current software tools available

C. is the best and most scientific evidence collection procedures for that case

D. is the best available evidence given the nature of the case

41. Which three "off-the-job" characteristics below are used to determine the "quality" of

an expert witness?

A. Income level of the expert

B. The nature of the expert's morals

C. Compliance with laws expected of average citizens

D. Compliance with ethic standards for average citizens

42. Examination can be described as telling a story that ________.

A. uses digital forensic investigators to support facts of the story with evidence

B. disproves alternative theories when necessary

C. presents evidence by asking digital forensic investigators to provide "question

answers"

D. All of the above

43. Employee embezzlement can be direct or indirect. Indirect fraud occurs when:

A. an employee uses company assets to run his/her private business

B. employees establish dummy companies and have their employers pay for

goods that are not actually delivered

C. an employee receives a kickback from a vendor

D. an employee steals company cash, inventory, tools, or other assets

44. Which of the following is NOT a way in which fraud can be committed?

A. By false representation

B. By failing to disclose information

C. By abuse of position

D. By obtaining property by deception

45. Audits, public record searches, and net worth calculations are used to gather what type

of evidence in fraud investigation?

A. Testimonial

B. Forensic

C. Documentary

D. Observation

46. Which of the following is NOT a part of the evidence square?

A. Management evidence

B. Documentary evidence

C. Testimonial evidence

D. Physical evidence

47. Section 447 of the Companies Act, 2013 defines fraud - Any act/ omission/

concealment of any fact committed by any person or other person (third party) with

connivance in any manner with intent to deceive/ gain undue advantage or to injure

interest of:

A. Company

B. Shareholders

C. Creditors

D. All the Above.

48. Fine/Penalty Punishment for fraud for civil liability as per Section 447 of Companies

Act, 2013

A. Equal to the amount of fraud

B. 2 times of amount of fraud

C. 3 times of amount of fraud

D. 4 times of amount of fraud

49. Which of the following is an example of the crime of counterfeit credit card fraud?

A. An illegally obtained credit card is used to pay for a purchase

B. An illegally created credit card is used to pay for a purchase

C. An illegally altered credit card is used to pay for a purchase

D. A credit card is obtained and used based on false application information

50. Which of the following recommendations may prevent identity fraud?

A. Patrol residential areas on trash collection days

B. Enforce trespass laws at dump sites

C. Advise citizens to shred documents

D. All of the above

51. A computer crime that involves attacking phone lines is:

A. data diddling

B. phreaking

C. phishing

D. pharming

52. Hackers use all of the techniques except:

A. war dialing

B. war driving

C. war chalking

D. war walking

53. The computer crime of piggybacking

A. involves the clandestine use of another user's WIFI

B. usually results from spamming

C. requires the permission of another user to gain access


54. A network of computers used in a denial-of-service (DoS) attack iscalled a (an):

A. Worm

B. Botnet

C. Rootkit

D. Splog

55. Spyware infections came from:

A. worms/viruses

B. drive-by downloads

C. file-sharing programs

D. All of the above

56. Which of the following is a method used to embezzle money a smallamount at a

time from many different accounts?

A. Data diddling

B. Pretexting

C. Spoofing

D. Salamitechnique

57. A computer fraud and abuse technique that steals information, tradesecrets, and

intellectual property.

A. Cyber-extortion

B. Data diddling

C. Economic espionage

D. Skimming

58. Which of the following is a threat that organizations need to take account of in

cyberspace?

A. Password

B. Objectionable content filter

C. Denial of service attack

D. Firewall

59. Desperate need for money, greed, economic achievement termed as-

A. Psychotic

B. Egocentric

C. Ideological

D. Economic

60. Stealing money from one customer account & crediting into another customer account

is known as-

A. Lapping

B. Larceny

C. Check kitting


61. Which among the following will not be an example of Green flag-

A. Auditee nice behavior with auditor during audit (eg. Offering drinks during

lunch)

B. Auditee is too much friendly with staff and vendors

C. Regular receipt of material of same qty

D. Employee with few or no payroll deductions

62. Factors contributing to red flag includes-

A. Poor Internal Controls

B. Management overrides Internal Control

C. Collusion between employees & third party

D. All of the above

63. Management Red Flags is/are-

A. Management decisions are dominated by an individual or small group

B. Managers engage in frequent disputes with auditors

C. Reluctance to provide information to auditors

D. All of the above

64. Common Types of Fraud in School Districts would be-

A. Unreimbursed personal calls

B. Theft of inventory items.

C. Inappropriate charges to a travel or account payable voucher

D. All of the above

65. Employees with duplicate social security numbers, names and addresses, a-




D. Red flag in cash/ account receivable

66. Excessive number of year end transaction, a




D. Red flag in cash/ account receivable

1. The process of dividing large data and rearranging it into logical groups is called

A. Encryption

B. Sampling

C. Stratification

D. Steganography

2. The First step in data analytics is

A. Data classification

B. Data cleansing

C. Data Stratification

D. Data Analysis

3. The function (in Excel) which is useful in fetching value from another database; and

also useful for linking two databases is:

A. Sum if

B. V Lookup

C. H Lookup

D. Transpose

4. Which of the following is (are) success factor(s) in auditing huge voluminous data in

electronic form?

A. Balance and effective use of

both CAT-Tool and CAT-Technique

B. Only use of CAT-Tool

C. Only use of CAT-Technique


5. In detecting fraud, CAATTs are indispensable because of which of the following

reasons

A. Increasing Audit Regulations

B. Scarce Resources

C. Data Volume and paperless records

D. All of the above

6. Which of the following are Database Functions?

A. IF’ in Combination with ‘AND’ & ‘OR’ B. Pivot Table

C. All of the above


7. Flaws in data provided for audit can be detected through which of the following?

A. Detecting Missing/Gaps B. Finding Duplicates C. Both of the above


8. The process of arranging data into homogenous group or classes according to some

common characteristics present in the data is called__________

A. Classification

B. Steganography

C. Encryption

D. Data recovery

9. Pivot Table is useful for which of the following?

A. Expanding and collapsing levels to focus on results, drill-downs to details from

the summary

B. Subtotaling and aggregating numeric data, summarizing data by categories and

subcategories, and creating custom calculations and formulae.

C. Filtering, sorting, grouping and Moving rows to column or vice-versa; see

different summaries

D. All of the above

10. Which of the following are (is) CAAT – Tool(s)?

A. Generalized audit software such as ACL, Active Data

B. Common software such as MS Excel, Lotus

C. All of the above


11. In a fraud investigation assignment, which of the following is (are) matter(s) of

concern?

A. Green flag

B. Red flags

C. All of the above


12. Which of the following is NOT correct with regard to Benford’s law?

A. It is a mathematical tool to help detecting possible fraud

B. It suggests an expected digit frequency

C. The records should represent the sizes of factors or events

D. All the records should be sequentially numbered such as roll numbers of students in a class

13. Which of the following are EXPECTATIONS from forensic audit?

A. Identify wrongdoer and monetary Impact

B. Collect Evidences as admissible in legal proceedings.

C. Identify the control weakness and advise for corrective actions.

D. All of the above

14. A Forensic Auditor would focus on which of the following?

A. Data beyond documents

B. Reality checking

C. All of the above


15. Which of the following is/are NOT a useful technique(s) in fraud detection?

A. Distrust the obvious

B. Juxta position

C. 3-D Vision

D. Encryption

16. To be successful, the Forensic team as a whole should have knowledge of which of the

following domains?

A. Law

B. Criminology

C. Accounting and investigative auditing

D. All of the above

17. Which of the following is Not a good quality of an effective forensic auditor?

A. Having specialized knowledge in accounting, audit, law and criminology domains

B. Possessing Communicative skills, Absolute clear thinking and Open mindedness

C. Deceit and distrust

D. Demonstrating tactic and investigative skills

18. Which of the following methods are employed to solicit information about a person’s

honesty?

A. Interview

B. Graphology

C. Voice Stress Test & Polygraphs

D. All of the above

19. Which of the following is the CENTRAL purpose of the interview?

A. Threatening the suspect

B. Forcing the suspect to agree to the pre-defined purpose

C. Find evidence to suspend the employee on disciplinary grounds

D. Gathering and assimilating relevant facts

20. Which of the following is(are) interviewing technique(s)?

A. Kinesics

B. Cognitive

C. Both

D. None

21. Which of the following is NOT a characteristic of a successful Interview?

A. Objective in scope

B. Aimed at gathering information in fair and impartial manner

C. Being of sufficient ‘length and depth’

D. Ending on a negative note

22. People in crises demonstrate the following sequence of reactions?

A. Denial

B. Rationalisation

C. Acceptance

D. All of the above

23. Depending on the type of interviewees, they should be dealt with differently. Which

of the following describes the type(s) of interviewees?

A. Friendly

B. Neutral

C. Hostile

D. All of the above

24. The forensic audit team should include all the below mentioned EXCEPT-

A. Legal expert

B. Data Analyst

C. Accountant

D. Fraudster

25. Which of the below mentioned elements of conversation does NOT inhibit and

facilitate effective communication?

A. Showing courtesy and Respect

B. Threatening Demeanor

C. Being an Active Listener

D. Being thorough but remain relevant

26. Which of the following is NOT an effective Mechanism while for a successful

interview?

A. Taking notes

B. Maintaining eye contact

C. Maintaining Privacy

D. Making overall opinions or impressions of a witness

27. Which of the following is (are) types of questions that can be used in an interview?

A. Informational

B. Assessment

C. Admission seeking

D. All of the above

28. Which of the following is NOT a red flag:

A. Negative Cash flows

B. Paid dividend per payout ratio

C. Significant sales to related parties

D. Sudden increase in profits for specific quarters

29. The most cost-effective way to minimize the total cost of fraud is

A. Investigation

B. Detection

C. Prevention

D. Prosecution

30. The chances of fraud would be HIGH if:

A. Pressures and opportunities are high and personal integrity is low

B. Pressures and opportunities are low and personal integrity is high

C. Both A&B

D. Neither A Nor B

31. Which of the following statements is most correct regarding errors and fraud?

A. Frauds occur more often than errors in financial statements.

B. Errors are always fraud and frauds are always errors.

C. An error is unintentional, whereas fraud is intentional.

D. Auditors have more responsibility for finding fraud than errors.

32. Which of the following is the single largest source for fraud detection?

A. Inspections by Regulatory authorities

B. Statutory Audit

C. Tips

D. Internal Audit

33. SA 250 is related to:

A. Auditor’s Responsibilities Relating to fraud in an audit of Financial Statements

B. Consideration of Laws and Regulations in an Audit of Financial Statements

C. Both A and B


34. Sec. 25 of the IPC defines term fraudulently as Intent to defraud.

Which of the following form(s) element(s) of ‘Defraud’?

A. Deceit or intention to deceive

B. Actual or possible injury

C. Both (A) & (B)

D. Neither A nor B

35. FATF works to

A. Conducts trial of those whose involvement is suspected in the anti-money

laundering (AML) and counter-terrorist financing (CTF) areas.

B. Formulates rules and regulations to govern international stock exchanges to

improve transparency for better governance of market related activities

C. Formulates standards and defines procedures for manufacturers of electronic

equipment to ensure consumers get the compatible products across the globe and

thereby reduce cybercrime

D. Generate the necessary political will to bring about national legislative and

regulatory reforms in the anti-money laundering (AML) and counter-terrorist

financing (CTF) areas.

36. Which of the following significant features of the Prevention of Anti Money Laundering Act

(PMLA) is NOT true?

A. The Act Overrides contrary provisions of other laws

B. CPC Not to be followed by Adjudicating Authority, Appellate Authority and

Special Courts

C. Offences are non-cognizable and bailable

D. Onus to prove not guilty lies on the person charged

37. Which of the following categories of entities are obliged to comply with the requirements

under the Prevention of Anti Money Laundering Act (PMLA)?

A. Banking Companies

B. Financial Institutions

C. Intermediaries

D. All of the above

38. Which of the following \obligations are covered under the Prevention of Anti Money

Laundering Act (PMLA)?

A. Maintenance of Records

B. Furnishing of information

C. Verification of identity of the clients.

D. All of the above

39. Why Do People Commit Financial Statement Fraud?

A. To show better business performance on paper

B. To preserve / improve market perception

C. To show compliance with certain loan covenants

D. All of the above

40. Which of the following is (are) used as forensic software(s) ?

A. The Coroner’s Toolkit

B. ILook

C. Forensic Toolkit

D. All of the above

41. Which of the following represent(s) payroll related red flag(s)

A. Large no. of Write- off of accounts

B. Overtime time charged during a slack period

C. Excessive or unjustified transactions


42. Which of the following statements is CORRECT: As per Beneish Model:

E. A score between -2.22 and +7.88 indicates a strong likelihood of a firm being a

manipulator.

F. A score greater than -2.22 indicates a strong likelihood of a firm being a

manipulator.

G. A score between -2.22 and +2.22 indicates a strong likelihood of a firm being a

manipulator.

H. A score less than -2.22 indicates a strong likelihood of a firm being a

manipulator.

43. Distinction between viruses and worms is..

A. Worms do not rely on a host program to infect.

B. Worms masquerade as legitimate while causing damage.

C. Viruses do not rely on a host program to infect.

D. A computer virus is active without a host.

44. Which of the following statements is true about a computer's boot process?

A. The boot process begins when the Central Processing Unit is initialized.

B. The user can accelerate the boot process by pressing "Windows" key (also known

as the turbo button).

C. The first process in Linux is called 'kernel'.

D. A Power-On Self-Test is performed once firmware is loaded

45. Assessing the damage and impact of an exploited vulnerability is the task performed

by:

A. Vulnerability assessment experts

B. System architects

C. Computer operators

D. Application development programmers

46. In order to maintain the _________, both a single-evidence form and a multi-evidence

form are used to document and catalog evidence.

A. Proper signatures

B. Evidence validation

C. Image reconstruction

D. Chain of custody

47. As per the Report to the Nations 2014, issued by the ACFE, impact of the Fraud

(Globally) is estimated as:

A. 0.5%

B. 2.5%

C. 5%


48. Audits, public record searches, and net worth calculations are used to gather what

type of evidence in fraud investigation?

A. Testimonial

B. Forensic

C. Documentary

D. Observation

49. Which of the following is NOT a part of the evidence square?

A. Management evidence

B. Documentary evidence

C. Testimonial evidence

D. Physical evidence

50. Section 447 of the Companies Act, 2013 defines fraud - Any act/ omission/

concealment of any fact committed by any person or other person (third party) with

connivance in any manner with intent to deceive/ gain undue advantage or to injure

interest of:

A. Company

B. Shareholders

C. Creditors

D. All of the Above.

51. Which of the following is an example of the crime of counterfeit credit card fraud?

A. An illegally obtained credit card is used to pay for a purchase

B. An illegally created credit card is used to pay for a purchase

C. An illegally altered credit card is used to pay for a purchase

D. A credit card is obtained and used based on false application information

52. A computer crime that involves attacking phone lines is:

A. Data Mining

B. Phreaking

C. Data Didling

D. Spamming

53. Hackers use all of the techniques except:

A. war dialing

B. war driving

C. war chalking

D. war walking

54. Social engineering facilitates what type of computer fraud?

A. Piggy backing

B. Identity theft

C. Spoofing

D. Shoulder surfing

55. The computer crime of piggybacking

A. involves the clandestine use of another user's WIFI

B. usually results from spamming

C. requires the permission of another user to gain access


56. A network of computers used in a denial-of-service (DoS) attack is called a (an):

A. Worm

B. Botnet

C. Key logger

D. Virus

57. Which of the following is a method used to embezzle money a small amount at a time

from many different accounts?

A. Data diddling

B. Pretexting

C. Spoofing

D. Salami technique

58. Which of the following is NOT a method that is used for identity theft?

A. Dumpster diving

B. Phishing

C. Shoulder surfing

D. Spamming

59. Stealing money from one customer account & crediting into another customer

account is known as-

A. Skimming

B. Lapping

C. Larceny


60. Factors contributing to red flag include-

A. Poor Internal Controls

B. Management overrides Internal Control

C. Collusion between employees & third party

D. All of the above

61. Values that are used for validating that the original data hasn’t changed and proves

that two sets of data are identical are called:

A. Hash totals

B. Sub-totals

C. Batch totals

D. Encrypted values

62. Fraud Triangle talks about which of the following?

A. Rationalisation

B. Pressure

C. Opportunity

D. All of the above

63. Section 301 of the SOX requires that the auditor should report directly to ______.

A. Management

B. Government

C. Audit committee

D. Regulatory inspectors

64. According to the opportunity part of the fraud triangle, a person may do all of the

following acts except:

A. Convert the theft or misrepresentation for personal gain

B. Control the fraud

C. Commit the fraud

D. Conceal the fraud

65. A system of checks and balances between management and all other interested parties

with the aim of producing an effective, efficient, and law-abiding corporation is

known as:

A. Process efficiency

B. Performance improvement

C. Code of conduct

D. Corporate governance

66. The Sarbanes-Oxley Act is also known as?

A. Corporate Fraud Protection Act of 2002

B. Public Corporation Accounting Oversight Act

C. Public Company Accounting Reform and Investor Protection Act of 2002

D. Principles of Federal Prosecution of Business Organizations

67. Which of the following fraudulent entries is most likely to be made to conceal the theft

of an asset?

A. Debit expenses and credit the asset

B. Debit the asset, credit another asset account

C. Debit revenue , credit the asset

D. Debit another asset account and credit the asset

68. Employee’s behavioral changes (alcohol, gambling) will come under which


A. Opportunity

B. Pressure

C. Rationality


69. Personal Identification Information (PII) includes:

A. Any name or number.

B. Any name or number, used alone or in conjunction with any other information.

C. Any name or number that may be used, alone or in conjunction with any other

information, to identify a specific individual.

D. None of the above.

70. Which of the following need(s) to be performed after the red flags of ID theft is

identified?

A. Set up procedures to detect those red flags in your day-to-day operations.

B. Train all employees who will use the procedures.

C. Decide what actions to take when a red flag is detected.

D. All of the above

71. E-commerce is the commercial transaction of services in a/an ______________ format

A. Mechanical format.

B. Electronic format

C. Paper


72. The World‟s first computer-specific statute was enacted in 1970, by the German

state, in the form of a ___________________ .

A. Data Protection Act.

B. Cyber Law

C. Copy right

D. Patent right.

73. ____________________ is a generic term which refers to all the legal and regulator

aspects of Internet and the World Wide Web

A. Merchant Law

B. Cyber Café

C. Cyber Law

D. Electronic Law

74. A virus can infect a system by:

A. Booting up a computer with an infected disk

B. Running an infected program

C. Opening a file on a disk that is infected

D. All of the above

75. Which of the following are relevant/related to the area of fraud and forensics?

A. FATF recommendations (OECD)

B. FCPA (USA)

C. SoX (USA)

D. All of the above

76. For a thing to be termed as ‘counterfeit’, there should be some sort of resemblance sufficient

to cause deception. Which of the following are the main ingredients of the term ‘counterfeit’

as laid down under Section 28 of IPC

A. Causing one thing to resemble another thing.

B. Intending by means of such resemblance to practice deception.

C. Knowing it to be likely that deception will thereby be practiced

D. All of the above

77. A case of mischief under Section 425 is essentially governed with a criminal intent to cause

wrongful loss or damage to a person, or a criminal intent to commit any offence to intimidate

any person in possession of a property. Which of the following are the essential ingredients

of the term?

A. Intention or knowledge of the likelihood to cause wrongful loss or damage to the

public or to any person.

B. Causing the destruction of some property or any change in it or in its situation

C. Such destruction or change must destroy or diminish its value

D. All of the above

78. Which of the following construed(s) reason(s) for suspicion for a bank under the Prevention

of Anti Money Laundering Act (PMLA)?

A. Sudden activity in dormant accounts

B. Identification documents which could not be verified within reasonable time

C. Both A & B

D. Neither A nor B

79. Which of the following construed(s) reason(s) for suspicion for a bank under the Prevention

of Anti Money Laundering Act (PMLA)?

A. Value just under the reporting threshold amount in an apparent attempt to avoid reporting

B. Frequent purchases of drafts or other negotiable instruments with cash

C. Both A & B

D. Neither A nor B

80. The Foreign Corrupt Practices ACT (FCPA) of the USA permits small facilitation payments

to secure performance of non-discretionary foreign government services vide its 1988

amendments. These payments are called__________

A. Watergate payments

B. Handshake payments

C. Grease payments

D. Corrupt payments

81. Which of the following is NOT the term relevant/related to cyber-attacks?

A. Logic bombs

B. Trojan horse

C. Money mules

D. Denial of Service

82. Which of the following is (are) risk management strategy(ies)?

A. Risk mitigation

B. Risk avoidance

C. Risk acceptance

D. All of the above

83. Which of the following is (are) generally used for designing and implementing control

framework in an organisation?

A. COSO

B. COBIT

C. Both COSO and COBIT


84. COSO Integrated Framework of Internal Controls has _____ number of components

A. 5

B. 4

C. 8

D. 6

85. To curb/minimise the bribery in international transactions, primary focus to control

/ monitor is recommended to be on______

A. Supply side

B. Demand side

C. Both A & B

D. Neither A nor B

86. Which of the following is Not a term that represents phases in the Money laundering?

A. Integration

B. Demonitisation

C. Layering

D. Placement

87. A fraud perpetrated by tricking a person into disclosing confidential information,

such as a password, is called

A. A Trojan horse

B. Hacking

C. Social engineering

D. Scavenging

88. The type of forensics that involves analyzing information stored in a storage media such as a

hard drive

A. Disc Forensics

B. Network Forensics

C. Live forensics

D. Internet forensics

89. Which of the following schemes refers to the falsification of personnel or payroll records,

causing paychecks to be generated to someone who does not actually work for the victim

company?

A. Falsified salary scheme

B. Record alteration scheme

C. Ghost employee scheme

D. Inflated commission scheme

90. Which of the following is the indicator of deception while conducting Forensic

Interview

A. Quick, spontaneous answers

B. Consistent strong denial

C. Direct, brief answers

D. Hesitant

91. Forensic Interviewing Techniques does not include which of the following?

A. Investigation

B. Polygraph test

C. Physical Behaviour Analysis

D. Disk Imaging

92. Which of the following are performed by auditors When looking for financial

statement fraud?

A. Horizontal and vertical analysis

B. Industry benchmarking

C. Operating characteristics of the company.


93. Which of the following is (are) forensic audit test(s) that help (s) detecting fraud?

A. Luhn’s Algorithm

B. Benford’s Law

C. RSF


94. The term used to describe the legal issues related to use of communication technology,

particularly the Internet is called ________.

A. Cyberspace

B. Cyberlaw

C. Cyberwar

D. Cyberattack

95. FATF’s Recommendations are recognized as the global anti-money laundering (AML) and

counter-terrorist financing (CFT) standard. These recommendations are ________ in total

number.

A. 29

B. 49

C. 59

D. 39

96. FAFT is a (an) _____________

A. International court

B. Regulatory body governing its international stock exchange members

C. Policy-making body

D. A wing of Interpol issuing red alerts across the globe

97. Which of the following is NOT true as per the Indian Evidence Act?

A. The law of evidence is the same in civil and criminal proceedings

B. Evidence must be confined to the matter in issue;

C. Hearsay evidence must be admitted

D. Best evidence must be given in all cases.

98. Forensic accounting is BROADER than Fraud Examination in the sense it covers variety of

Other services such as:

a) Transaction tracing

b) Data Analysis

c) Damage analysis

d) Business valuation

E. (a), (b) & (c) only F. (b) & (c) only

G. (a) & (b) only H. All of the above

99. Section 415 of the IPC defines Cheating. Which of the following form(s) part of the definition

of Cheating?

A. There should be inducement

B. Inducement must be dishonest or fraudulent

C. Inducement should be intentional


100. The main difference between cheating and forgery is that

A. In cheating the deception is in writing, whereas in forgery it is orals

B. Deception can be described as merely the means to achieve an end; the end being

Forgery

C. In cheating the deception is oral, whereas in forgery it is in writing


certificate course on forensic accounting & fraud...

Documents