Fraud Evidence and Investigation Flashcards Preview

CIA Part 2 > Fraud Evidence and Investigation > Flashcards

Flashcards in Fraud Evidence and Investigation Deck (41):
1

Which of the following methods is acceptable to handle computer equipment seized in a computer crime investigation?
Subjecting the magnetic media to forensic testing.
Laying the magnetic media on top of electronic equipment.
Exposing the magnetic media to radio waves.
Leaving the magnetic media in the trunk of a vehicle containing a radio unit.

Subjecting the magnetic media to forensic testing.

2

Which of the following investigative tools is most effective when large volumes of evidence need to be analyzed?
Computer.
Questionnaires.
Forensic analysis.
Interviews.

Computer.

3

The concept of admissibility of evidence does not include which of the following?
Relevance.
Competence.
Materiality.
Sufficiency.

Sufficiency.

4

Data diddling can be prevented by all of the following except:
Access controls.
Integrity checking.
Program change controls.
Rapid correction of data.

Rapid correction of data.

5

In a computer-related crime investigation, computer evidence is:
Difficult and erasable.
Volatile and invisible.
Electronic and inadmissible.
Apparent and magnetic.

Volatile and invisible.

6

The final stage of reporting results of computer evidence life cycle is:
Receive.
Examine.
Report.
Return.

Return.

7

Identify the computer-related crime and fraud method that involves obtaining information that may be left in or around a computer system after the execution of a job.
Piggybacking.
Data diddling.
Scavenging.
Salami technique.

Scavenging.

8

Once evidence is seized, a law enforcement officer should follow which of the following?
Chain of control.
Chain of command.
Chain of custody.
Chain of communications.

Chain of custody.

9

If a computer or peripheral equipment involved in a computer crime is notcovered by a search warrant, what should the investigator do?
Analyze the equipment or its contents, and record it.
Leave it alone until a warrant can be obtained.
Seize it before someone takes it away.
Store it in a locked cabinet in a secure warehouse.

Leave it alone until a warrant can be obtained.

10

Are an investigator?s handwritten notes considered valid evidence in court of law?
No.
Yes.
Maybe.
Depends.

Yes.

11

The most objective and relevant evidence in a computer environment involving fraud is.
Physical examination.
Computer logs.
Physical observation.
Inquiries of people.

Computer logs.

12

What determines if a computer crime has been committed?
When the crime is reported.
When the investigation is completed.
When a computer expert has completed his or her work.
When the allegation has been substantiated.

When the allegation has been substantiated.

13

Most of the evidence submitted in a computer crime case is:
Secondary evidence.
Documentary evidence.
Admissible evidence.
Legal evidence.

Documentary evidence.

14

What is a data diddling technique?
I.Changing data before input to a computer system.
II.Changing data during input to a computer system.
III.Changing data during output from a computer system.
IV.All options.

IV.

15

An internal auditor suspects fraud. Which of the following sample plans should be used if the purpose is to select a sample with a given probability of containing at least one example of the irregularity?
Probability proportional to size.
Attributes.
Stop and go.
Discovery.

Discovery.

16

Because of control weaknesses, it is possible that the individual managers of 122 restaurants could have placed fictitious employees on the payroll. Each restaurant employs between 25 and 30 people. To efficiently determine whether this fraud exists at less than a 1% level, the auditor should use:
Discovery sampling.
Judgment sampling.
Directed sampling.
Attributes sampling.

Discovery sampling.

17

Which of the following is needed to produce technical evidence in computer-related crimes?
Audit methodology.
Criminal methodology.
Forensic methodology.
System methodology.

Forensic methodology.

18

A reliable way to detect superzapping work is by:
Noting discrepancies by those who receive reports.
Comparing current data files with previous data files.
Examining computer usage logs.
Reviewing undocumented transactions.

Comparing current data files with previous data files.

19

An auditor applying a discovery sampling plan with a 5% risk of overreliance may conclude that there is:
A 95% probability that the actual rate of occurrence in the population is less than the critical rate if only one exception is found.
Greater than a 95% probability that the actual rate of occurrence in the population is less than the critical rate if no exceptions are found.
A 95% probability that the actual rate of occurrence in the population is less than the critical rate if no exceptions are found.
A 95% probability that the actual rate of occurrence in the population is less than the critical rate if the occurrence rate in the sample is less than the critical rate.

A 95% probability that the actual rate of occurrence in the population is less than the critical rate if no exceptions are found.

20

Evidence is needed to do which of the following?
Charge a case.
Classify a case.
Prove a case.
Make a case.

Prove a case.

21

What is a salami technique?
Stealing small amounts of money from bank accounts.
Using the rounding-down concept.
Taking small amounts of assets.
All options.

All options.

22

After partially completing an internal control review of the accounts payable department, the auditor suspects that some type of fraud has occurred. To ascertain whether the fraud is present, the best sampling approach would be to use:
Judgmental sampling to select a sample of vouchers processed by clerks identified by the department manager as acting suspiciously.
Simple random sampling to select a sample of vouchers processed by the department during the past year.
Probability-proportional-to-size sampling to select a sample of vouchers processed by the department during the past year.
Discovery sampling to select a sample of vouchers processed by the department during the past year.

Discovery sampling to select a sample of vouchers processed by the department during the past year.

23

When large volumes of writing are presented in court, which type of evidence is inapplicable?
Flowchart evidence.
Demonstrative evidence.
Magnetic tapes evidence.
Best evidence.

Best evidence.

24

In a computer-related crime investigation, maintenance of evidence is important for which of the following reasons?
To protect the evidence.
To collect the evidence.
To record the crime.
To avoid problems of proof.

To avoid problems of proof.

25

The objective of which of the following team members is similar to that of the information systems security officer involved in a computer crime investigation?
District attorney.
Investigator.
Computer expert.
Internal systems auditor.

Internal systems auditor.

26

Computer fraud is discouraged by:
Ostracizing whistleblowers.
Accepting the lack of integrity in the system.
Being willing to prosecute.
Overlooking inefficiencies in the judicial system.

Being willing to prosecute.

27

With respect to computer security and fraud, a legal liability exists to an organization under which of the following conditions?
When estimated security costs are equal to estimated losses.
When estimated security costs are greater than estimated losses.
When estimated security costs are less than estimated losses.
When actual security costs are equal to actual losses.

When estimated security costs are less than estimated losses.

28

From a computer security viewpoint, courts expect what amount of care from organizations?
Great care.
Extraordinary care.
Super care.
Due care.

Due care.

29

When computers and peripheral equipment are seized in relation to a computer crime, it is an example of:
Collateral evidence.
Duplicate evidence.
Best evidence.
Physical evidence.

Physical evidence.

30

When an auditor?s sampling objective is to obtain a measurable assurance that a sample will contain at least one occurrence of a specific critical exception existing in a population, the sampling approach to use is:
Variables.
Discovery.
Random.
Probability proportional to size.

Discovery.

31

All of the following are proper ways to handle the computer equipment and magnetic media items involved in a computer crime investigation except:
Seal and store items in a cardboard box.
Seal and store items in a paper bag.
Seal and store items in a plastic bag.
Seal, store, and tag the items.

Seal and store items in a plastic bag.

32

The chain of custody does not ask which of the following questions?
Who damaged the evidence?
Who collected the evidence?
Who controlled the evidence?
Who stored the evidence?

Who damaged the evidence?

33

A search warrant is required:
Before identifying the number of investigators needed.
After establishing the probable cause(s).
After seizing the computer and related equipment.
Before the allegation has been substantiated.

After establishing the probable cause(s).

34

Which of the following security techniques allows time for response by investigative authorities?
Detect.
Deny.
Delay.
Deter.

Delay.

35

Computer fraud is increased when:
Documentation is not available.
Employee performance appraisals are not given.
Employees are not trained.
Audit trails are not available.

Audit trails are not available.

36

Management is legally required to prepare a shipping document for all movement of hazardous materials. The document must be filed with bills of lading. Management expects 100% compliance with the procedure. Which of the following sampling approaches would be most appropriate?
Discovery sampling.
Targeted sampling.
Attributes sampling.
Variables sampling.

Discovery sampling.

37

Which of the following is not a criminal activity in most jurisdictions?
Writing a computer virus program.
Spreading a computer virus program.
Using a computer virus program.
Releasing a computer virus program.

Writing a computer virus program.

38

The correct sequence of preliminary investigation is:
I.Consult with a computer expert.
II.Prepare an investigative plan.
III.Consult with a prosecutor.
IV.Substantiate the allegation.
IV, II, III, and I.
I, IV, II, and III.
III, I, II, and IV.
IV, I, II, and III.

IV, I, II, and III.

39

In the audit of a health insurance claims processing department, a sample is taken to test for the presence of fictitious payees, although none is suspected. The most appropriate sampling plan would be:
Variables sampling.
Attributes sampling.
Discovery sampling.
Stop-and-go sampling.

Discovery sampling.

40

The appropriate sampling plan to use to identify at least one irregularity, assuming some number of such irregularities exist in a population, and then to discontinue sampling when one irregularity is observed is:
Stop-and-go sampling.
Attributes sampling.
Variables sampling.
Discovery sampling.

Discovery sampling.

41

A security investigator or law enforcement officer should observe which of the following during a computer crime investigation?
Chain of logs.
Chain of custody.
Chain of events.
Chain of computers.

Chain of custody.