Ch 12 Computer Fraud and Abuse Techniques

Question 1

) \_\_\_\_\_\_\_\_ consists of the unauthorized copying of company data.
A) Phishing
B) Masquerading
C) Data leakage
D) Eavesdropping

Answer 1

C) Data leakage

Question 2

) Individuals who use telephone lines to commit fraud and other illegal acts are typically called 
A) phreakers. 
B) crackers. 
C) phishers.
D) hackers.

Answer 2

A) phreakers.

Question 3

What is a denial of service attack?
A) A denial of service attack occurs when the perpetrator sends hundreds of messages from randomly generated false addresses, overloading an Internet service provider’s e-mail server.
B) A denial of service attack occurs when an e-mail message is sent through a re-mailer, who removes the message headers making the message anonymous, then resends the message to selected addresses.
C) A denial of service attack occurs when a cracker enters a system through an idle modem, captures the PC attached to the modem, and then gains access to the network to which it is connected.
D) A denial of service attack occurs when the perpetrator e-mails the same message to everyone on one or more Usenet newsgroups LISTSERV lists.

Answer 3

A) A denial of service attack occurs when the perpetrator sends hundreds of messages from randomly generated false addresses, overloading an Internet service provider’s e-mail server.

Question 4

Gaining control of somebody's computer without their knowledge and using it to carry out illicit activities is known as
A) hacking.
B) sniffing.
C) phreaking.
D) hijacking.

Answer 4

D) hijacking.

Question 5

Tapping into a communications line and then entering the system by accompanying a legitimate user without their knowledge is called 
A) superzapping. 
B) data leakage. 
C) hacking. 
D) piggybacking.

Answer 5

D) piggybacking.

Question 6

Which of the following is not a method of identity theft?
A) scavenging
B) phishing
C) shoulder surfing
D) phreaking

Answer 6

D) phreaking

Question 7

The deceptive method by which a perpetrator gains access to the system by pretending to be an authorized user is called
A) cracking. 
B) masquerading. 
C) hacking. 
D) superzapping.

Answer 7

B) masquerading.

Question 8

The unauthorized access to, or use of, a computer system is known as
A) hacking.
B) hijacking.
C) phreaking.
D) sniffing.

Answer 8

A) hacking.

Question 9

A fraud technique that slices off tiny amounts from many projects is called the \_\_\_\_\_\_\_\_ technique. 
A) Trojan horse 
B) round down 
C) salami 
D) trap door

Answer 9

C) salami

Question 10

Data diddling is
A) gaining unauthorized access to and use of computer systems, usually by means of a personal computer and a telecommunications network.
B) unauthorized copying of company data such as computer files.
C) unauthorized access to a system by the perpetrator pretending to be an authorized user.
D) changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data.

Answer 10

D) changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data.

Question 11

In the 1960s, techniques were developed that allowed individuals to fool the phone system into providing free access to long distance phone calls. The people who use these methods are referred to as
A) phreakers.
B) hackers.
C) hijackers.
D) superzappers.

Answer 11

A) phreakers.

Question 12

During a routine audit, a review of cash receipts and related accounting entries revealed discrepancies. Upon further analysis, it was found that figures had been entered correctly and then subsequently changed, with the difference diverted to a fictitious customer account. This is an example of
A) kiting.
B) data diddling.
C) data leakage.
D) phreaking.

Answer 12

B) data diddling.

Question 13

) LOLer was chatting online with l33ter. "I can't believe how lame some people are! :) I can get into any system by checking out the company website to see how user names are defined and who is on the employee directory. Then, all it takes is brute force to find the password." LOLer is a \_\_\_\_\_\_\_\_, and the fraud he is describing is \_\_\_\_\_\_\_\_.
A) hacker; social engineering
B) phreaker; dumpster diving
C) hacker; password cracking
D) phreaker; the salami technique

Answer 13

C) hacker; password cracking

Question 14

After graduating from college with a communications degree, Rado Ionesco experienced some difficulty in finding full-time employment. He free-lanced during the summer as a writer and then started a blog in the fall. Shortly thereafter he was contacted by SitePromoter Incorporated, who offered to pay him to promote their clients in his blog. He set up several more blogs for this purpose and is now generating a reasonable level of income. He is engaged in
A) splogging.
B) Bluesnarfing.
C) vishing.
D) typosquatting.

Answer 14

A) splogging.

Question 15

Computers that are part of a botnet and are controlled by a bot herder are referred to as
A) posers.
B) zombies.
C) botsquats.
D) evil twins.

Answer 15

B) zombies.

Question 16

Wassim Masood has been the webmaster for Woori Finance only ten days when Woori's website was flooded with access attempts. Wassim shut down the site and only opened it to Web addresses which he specifically identified as legitimate. As a result, many of Woori's customers were unable to obtain loans, causing Woori to lose a significant amount of business. Woori Finance suffered from a
A) denial-of-service attack.
B) zero-day attack.
C) malware attack.
D) cyber-extortion attack.

Answer 16

A) denial-of-service attack.

Question 17

Wassim Masood has been the webmaster for Woori Finance only ten days when he received an e-mail that threatened to shut down Woori's website unless Wassim wired payment to an account in South America. Wassim was concerned that Woori Finance would suffer huge losses if its website went down, so he wired money to the appropriate account. The author of the e-mail successfully committed 
A) a denial-of-service attack.
B) Internet terrorism.
C) hacking.
D) cyber-extortion.

Answer 17

D) cyber-extortion.

Question 18

Wassim Masood works in the information technology department of TMV. On Monday morning, he arrived at work, scanned his identity card, and entered his code. At that moment, a lady in a delivery uniform came up behind Wassim with a bunch of boxes. Although Wassim held the door for the delivery lade, he later wondered if the delivery lady was engaged in 
A) pretexting.
B) piggybacking.
C) posing.
D) spoofing.

Answer 18

B) piggybacking.

Question 19

) Zeus is an example of a
A) virus.
B) worm.
C) Trojan horse.
D) war dialing.

Answer 19

C) Trojan horse.

Question 20

Recall that students used Facebook and VKontakte to identify Russian money laundering mules. What fraud case did these students help foil?
A) Zeus
B) Trident Breach
C) Nigerian Banking
D) InfraGard

Answer 20

B) Trident Breach

Question 21

On the weekends, Thuy Nguyen climbs into her Toyota Camry and drives around the city of Las Vegas looking for unprotected wireless networks to exploit. Thuy is most likely engaging in
A) snarfing.
B) Wi-pilfering.
C) war driving.
D) data slurping.

Answer 21

C) war driving.

Question 22

Offering a free website, then charging the phone bills of the individuals who signed up for the free website is known as
A) snarfing.
B) web cramming.
C) podpounding.
D) e-scraping.

Answer 22

B) web cramming.

Question 23

Mircea Vasilescu maintains an online brokerage account. In early March, Mircea received an e-mail from the firm that explained that there had been a computer error and asked Mircea to call a phone number to verify his customer information. When Mircea called the number, a recording asked that he enter the code from the e-mail, his account number, and his social security number. After he did so, he was told that he would be connected with a customer service representative, but the connection was terminated. He contacted the brokerage company and was informed that they had not sent the e-mail. Mircea was a victim of
A) Bluesnarfing.
B) vishing.
C) splogging.
D) typosquatting.

Answer 23

B) vishing.

Question 24

When a computer criminal gains access to a system by searching through discarded records, this is referred to as 
A) data diddling. 
B) dumpster diving. 
C) eavesdropping. 
D) data squatting.

Answer 24

B) dumpster diving.

Question 25

Jerry Schneider was able to amass operating manuals and enough technical data to steal $1 million of electronic equipment by
A) scavenging.
B) skimming.
C) Internet auction fraud.
D) cyber extortion.

Answer 25

A) scavenging.

Question 26

) Illegally obtaining and using confidential information about a person for economic gain is known as
A) eavesdropping.
B) identity theft.
C) packet sniffing.
D) piggybacking.

Answer 26

B) identity theft.

Question 27

Which method of fraud is physical in its nature rather than electronic? 
A) cracking 
B) hacking 
C) eavesdropping 
D) scavenging

Answer 27

D) scavenging

Question 28

Which of the following is the easiest method for a computer criminal to steal output without ever being on the premises?
A) dumpster diving
B) use of a Trojan horse
C) using a telescope to peer at paper reports
D) electronic eavesdropping on computer monitors

Answer 28

D) electronic eavesdropping on computer monitors

Question 29

Dimitri Ivanov is an accountant with PwC. The firm has a very strict policy of requiring all users to change their passwords every sixty days. In early March, Dimitri received an e-mail claiming that there had been an error updating his password and that provided a link to a website with instructions for re-updating his password. Something about the e-mail made Dimitri suspicious, so he called PwC's information technology department and found that the e-mail was fictitious. The e-mail was an example of
A) social engineering.
B) piggybacking.
C) spamming.
D) phishing.

Answer 29

D) phishing.

Question 30

It was late on a Friday afternoon when Makari Polzin got a call at the help desk for Taggart Transcontinental. A man with an edge of panic in his voice was on the phone. "I'm really in a bind and I sure hope that you can help me." He identified himself as John Galt from the Accounting Department. He told Makari that he had to work on a report that was due on Monday morning and that he had forgotten to bring a written copy of his new password home with him. Makari knew that Taggart's new password policy required that passwords be at least fifteen characters long, must contain letters and numbers, and must be changed every sixty days, had created problems. Consequently, Makari provided the password to John. The caller was not John Galt, and Makari was a victim of
A) phreaking.
B) war dialing.
C) identity theft.
D) social engineering.

Answer 30

D) social engineering.

Question 31

) Jim Chan decided to Christmas shop online. He linked to Amazon.com, found a perfect gift for his daughter, registered, and placed his order. It was only later that he noticed that the website's URL was actually Amazom.com. Jim was a victim of
A) Bluesnarfing.
B) splogging.
C) vishing.
D) typosquatting.

Answer 31

D) typosquatting.

Question 32

Mo Chauncey was arrested in Emporia, Kansas, on February 29, 2008, for running an online business that specialized in buying and reselling stolen credit card information. Mo was charged with
A) typosquatting.
B) carding.
C) pharming.
D) phishing.

Answer 32

B) carding.

Question 33

Which of the following is not an example of social engineering?
A) obtaining and using another person’s Social Security number, credit card, or other confidential information
B) creating phony websites with names and URL addresses very similar to legitimate websites in order to obtain confidential information or to distribute malware or viruses
C) using e-mail to lure victims into revealing passwords or user IDs
D) setting up a computer in a way that allows the user to use a neighbors unsecured wireless network

Answer 33

D) setting up a computer in a way that allows the user to use a neighbors unsecured wireless network

Question 34

Which of the following is not a human trait social engineers take advantage of to entice people to reveal information they should keep confidential?
A) compassion
B) sloth
C) sex Appeal
D) authority

Answer 34

D) authority

Question 35

Which of the following websites likely poses the most fraud and security risk?
A) your school's website
B) a file sharing website
C) a social media website
D) your personal website

Answer 35

B) a file sharing website

Question 36

Pretexting is best described as a social engineering technique that uses
A) text messages to gain sensitive information.
B) an invented scenario to gain sensitive information.
C) threat of physical force to gain sensitive information.
D) impersonation of somebody you know to gain sensitive information.

Answer 36

B) an invented scenario to gain sensitive information.

Question 37

On a Friday evening you use a bar's ATM to withdraw $50 from your bank account. However, as you complete your withdrawal, your card gets jammed in the ATM machine. The individual waiting in line behind you approaches you and suggests re-entering your PIN number. You do. However, your card remains jammed. You leave the bar to call your bank to report the incident. However, after you left the individual who offered to help you removed a sleeve he inserted in the ATM to jam your card. He now has your ATM card and PIN number. You just fell victim to a \_\_\_\_\_\_\_\_ fraud.
A) tabnapping
B) Lebanese looping
C) phishing
D) pharming

Answer 37

B) Lebanese looping

Question 38

A part of a program that remains idle until a specified date or event activates it to cause havoc is called a 
A) virus. 
B) logic bomb. 
C) trap door. 
D) data diddle.

Answer 38

B) logic bomb.

Question 39

Spyware is
A) software that tells the user if anyone is spying on his computer.
B) software that monitors whether spies are looking at the computer.
C) software that monitors computing habits and sends the data it gathers to someone else.
D) none of the above

Answer 39

C) software that monitors computing habits and sends the data it gathers to someone else.

Question 40

The unauthorized use of special program that bypass regular system controls to perform illegal acts is called 
A) a Trojan horse. 
B) a trap door. 
C) the salami technique. 
D) superzapping.

Answer 40

D) superzapping.

Question 41

) Computer fraud perpetrators that modify programs during systems development, allowing access into the system that bypasses normal system controls are using 
A) a Trojan horse. 
B) a trap door. 
C) the salami technique. 
D) superzapping.

Answer 41

B) a trap door.

Question 42

A fraud technique that allows a perpetrator to bypass normal system controls and enter a secured system is called 
A) superzapping. 
B) data diddling. 
C) using a trap door. 
D) piggybacking.

Answer 42

C) using a trap door.

Question 43

A set of unauthorized computer instructions in an otherwise properly functioning program is known as a
A) logic bomb.
B) spyware.
C) trap door.
D) Trojan horse.

Answer 43

D) Trojan horse.

Question 44

A \_\_\_\_\_\_\_\_ is similar to a \_\_\_\_\_\_\_\_, except that it is a program rather than a code segment hidden in a host program. 
A) worm; virus 
B) Trojan horse; worm 
C) worm; Trojan horse 
D) virus; worm

Answer 44

A) worm; virus

Question 45

Developers of computer systems often include a user name and password that is hidden in the system, just in case they need to get into the system and correct problems in the future. This is referred to as a
A) Trojan horse.
B) key logger.
C) spoof.
D) back door.

Answer 45

D) back door.

Question 46

Narang Direct Sales is a telemarketing firm that operates out of India. The turnover rate among employees is quite high. Recently, the information technology manager discovered that an unknown employee had used a Bluetooth-enabled mobile phone to access the firm's database and copied a list of customers from the past three years and their credit card information. Narang Direct Sales was a victim of
A) Bluesnarfing.
B) splogging.
C) vishing.
D) typosquatting.

Answer 46

A) Bluesnarfing.

Question 47

Rina Misra, a first-time computer user, purchased a brand new PC two months ago and it was now operating much more slowly and sluggishly. Since purchasing the computer, she had been accessing the Internet and had installed a variety of free software. The problem is mostly likely to be
A) a zero-day attack.
B) a virus.
C) a spoof.
D) Bluesnarfing.

Answer 47

B) a virus.

Question 48

) In November of 2005 it was discovered that many of the new CDs distributed by Sony BMG installed software when they were played on a computer. The software was intended to protect the CDs from copying. Unfortunately, it also made the computer vulnerable to attack by malware run over the Internet. The scandal and resulting backlash was very costly. The software installed by the CDs is a
A) virus.
B) worm.
C) rootkit.
D) squirrel.

Answer 48

C) rootkit.

Question 49

Which of the following would be least effective to reduce exposure to a computer virus?
A) Only transfer files between employees with USB flash drives.
B) Install and frequently update antivirus software.
C) Install all new software on a stand-alone computer for until it is tested.
D) Do not open e-mail attachments from unknown senders.

Answer 49

A) Only transfer files between employees with USB flash drives.

Question 50

Spyware that pops banner ads on a monitor, then collects information about the users web-surfing and spending habits is an example of
A) a Trojan horse
B) scareware
C) adware
D) a keylogger

Answer 50

C) adware

Question 51

Ransomware often comes in the form of 
A) fake antivirus software.
B) an e-mail that threatens to kidnap the reader unless a ransom is paid.
C) free performance-maximizing software.
D) free apps.

Answer 51

A) fake antivirus software.

Question 52

Terrorists often use \_\_\_\_\_\_\_\_ because it is an effective way to transmit information and receive orders. 
A) steganography
B) packet sniffers
C) trap doors
D) time bombs

Answer 52

A) steganography