Test Bank Chapter 13 Cybercrime Fraud in a Digital World

CHAPTER 13

1. _________________ is an illegal offense that is committed where the computer or electronic data device is __________ the criminal act.

A. Computer phishing; reprogrammed to carry out

B. Computer hacking; a tool in

C. Computer fraud; an object of

D. Computer crime; integral to

2. ______________ and _______________ are any defalcation, fraud, or financial crime accomplished by tampering with computer programs, data files, operations, equipment, or media, and resulting in losses sustained by the organization whose computer was compromised.

A. Computer-based fraud; financial crimes

B. Cybercrime; complex frauds

C. Computer crime; asset misappropriation schemes

D. Financial crimes; blockchain compromises

3. One of the distinguishing characteristics of computer-based fraud is that access occurs ________________________.

A. Through the Dark Web where the value of the stolen funds can be stored on hidden servers

B. In violation of computer internal controls whether by management override or other means

C. With the intent to execute a fraudulent scheme or financial criminal act

D. When a hacker or virus successfully bypasses the firewall protecting financial data

4. ______________ is defined as an act where the computer hardware, software, or data is altered, destroyed, manipulated, or compromised due to acts that are not committed with the intent to execute financial fraud.

A. Computer crime

B. Hacking

C. Phishing

D. Distributed Denial of Service (DDoS)

5. Damaged equipment, restoration of data or programs, lost sales, lost productivity, and harm to reputation or goodwill are examples cited by the text of economic losses associated with:

A. Computer fraud

B. Computer crimes

C. Computer compromises

D. Computer risks

6. In a digital world, ________ is often stored on computer servers of service providers and financial institutions, which do not necessarily have to exist in the jurisdiction of activity where the account holder resides.

A. Personally Identifiable Information (PII)

B. Value

C. A virus or malware program

D. Blockchain data

7. Blockchain is an example of:

A. Anti-phishing software

B. A cryptocurrency

C. A trojan horse virus

D. Distributed ledger technology

8. One of the greatest threats to information systems, in terms of digital crime, comes from:

A. Organized criminals especially in around the former Soviet Union

B. Robotics Process Automation (RPA)

C. Employees inside an organization

D. HTTP exploits and buffer overflow exploits

9. The most prevalent method of committing computer fraud is ________________________________.

A. Alteration or falsification of input transactions (and/or documents)

B. Digital device hacking

C. Social engineering

D. Network weaving

10. Access privileges beyond those required to perform assigned job functions, exception reports not reviewed and resolved, access logs not reviewed, production programs run at unusual hours, and lack of separation of duties in the data center are cited in the text as examples of:

A. Social engineering

B. Red flags that may suggest a heightened risk to exposure from outside attacks and Distributed Denial of Service (DDoS) and ransomware such as Wannacry

C. Typical weaknesses existing in logical controls that exist in most small to medium organizations

D. Indicators of insider computer fraud that suggest increased risk and require additional security

11. You have just completed a fraud examination in which you concluded, based on security camera footage, that an outside intruder entered the company dressed as a computer repair person. The footage shows the intruder chatting amiably with several individuals in the bookkeeping department, followed by logging onto their computers as they stand watching over his shoulder, using credentials they shared when he showed them his vendor badge (which was counterfeit). This type of attack is executed using:

A. Spear phishing

B. Shoulder surfing

C. Social engineering

D. a Trojan horse

12. Properly designed and implemented ________________ can be used to minimize the risk that any intercepted data can be used for nefarious purposes.

A. Logical controls

B. Encryption techniques

C. Simulation and modeling techniques

D. Privilege escalation exploits

13. Adequate hacker detection programs contain three primary components: (1) log files should be printed and regularly reviewed by the data security officer, (2) the data security function should have sufficient resources and staff to administer passwords, maintain security software, review system activity reports and follow up on potential security violations, and (3):

A. Periodic reviews of telecommunications security should be performed by internal or external auditors or other professionals

B. Anti-social engineering training for all users with passwords

C. Buffer over-flow backup and redundancy streaming with auto EXE piggybacking

D. Use of distributed ledger technology

14. Following someone with a badge reader in through a door, using an authorized user’s identification and password to gain digital device access, and tapping into the terminal link of a user to cause the device to believe that both terminals are the same person are ways that can be used to gain access to restricted areas. These techniques are known as _________________________.

A. Piggybacking/impersonation

B. Simulation and modeling

C. Social engineering

D. Salami techniques

15. _______________ include management security policies, user authentication systems, data access controls, network firewalls, security awareness training, encryption algorithms, penetration testing, intrusion detection software, and incident response plans are examples of:

A. Privilege escalation exploits

B. Heuristic techniques

C. Anti-cybercrime social engineering

D. Logical controls

16. Which of the following is NOT one of the “top ten” Internet schemes in 2017:

A. Two-factor authentication similes

B. Advance feel loans/credit arrangers

C. Phishing/spoofing

D. Friendship and sweetheart swindles

17. Digitally connected consumers who (a) have social media presence, (b) tend to shop online, and (c) adopt new technologies have a ____ higher risk of fraud.

A. 62%

B. 30%

C. 50%

D. 110%

18. In a pyramid scheme, the real profit is earned not by the sale of the product, but by the sale of _____________.

A. Foreign “tax-free” trusts

B. Prime bank notes

C. Get rich quick schemes such as “$50,000 First Ten Months” and “Secrets of Millionaires”

D. New distributorships

19. A fraud scheme in which the fraudster offers extremely high yields in a relatively short period of time (e.g., “a year and a day”) in which they purport to have access to “bank guarantees” is known as a _________________ scheme.

A. Prime bank traunch

B. Prime bank debacle

C. Prime bank note

D. Prime bank Ponzi

20. A type of Internet fraud that is intended to fool users into entering sensitive data (such as a password or credit card number) into a malicious website that impersonates a legitimate website is known as:

A. Captcha

B. Phishing

C. Spear phishing

D. Pharming

21. The U.S. government agency charged with investigating counterfeiting, credit card fraud, and some computer crimes is the:

A. Secret Service

B. Financial Crimes Enforcement Network (FINCEN)

C. Financial Action Task Force (FATF)

D. Internet Cybercrime Counterinsurgency Center (IC3)

22. Several attributes of the Internet make it an attractive operational location for criminal enterprises. First, individuals and businesses have come to realize that information is power. Criminals have determined they can profit by stealing and selling information. Second, cyberspace gives the criminal a worldwide reach. Third, The World Wide Web is relatively anonymous. Fourth:

A. The Dark Web makes it impossible to track, identify, capture, and prosecute cybercriminals.

B. Beyond the difficulty of catching cybercriminals is successfully prosecuting them.

C. Cybercriminals frequently use blockchain technology (i.e., distributed ledgers) to conceal their cybercrime.

D. The majority of cybercrime originates from offshore havens such as Nevis and St. Kitts where local laws allow criminals to flourish.

23. Money laundering, which involves disguising the origins of illegally generated cash flow to give it the appearance of legitimate income, is ___________ on the Internet due to ___________________.

A. Challenging; the pervasive number of scams

B. Impeded; federal watchdog agencies such as FinCen that track money flows

C. Enhanced; the near anonymity that can be achieved

D. Decreasing; an increased risk of detection by law enforcement

24. Worldwide efforts, often led by U.S. law enforcement, the International Monetary Fund (IMF), and the World Bank, have tried multiple approaches to combat money laundering in cyberspace, including measures aimed at reducing the ability to make anonymous financial transactions, mapping global payments to develop a better understanding of the flow of money, facilitating international information sharing, requiring all financial transactions to include “Know Your Customers” policies, and _______________________.

A. Conducting raids on cybercriminals coordinated with law enforcement from other countries

B. Harmonizing and coordinating international money movement regulations

C. Digitizing all currency in order to improve ownership transparency

D. Inserting digital “die packs” into transactions so that money can be traced anywhere

25. A 1996 study placed the total annual value of global Internet money laundering at:

A. $500 billion

B. $50 billion

C. $500 million

D. $5 trillion

26. The primary federal law enforcement agencies that investigate domestic crime on the Internet include the FBI, the Secret Service, ICE, the U.S. Postal Inspection Service, and:

A. FinCen

B. IC3

C. The U.S. Attorney General

D. The ATF

27. IC3 refers to an agency that receives Internet-related criminal complaints, furthers research, and refers criminal complaints to federal, state, local, or international law enforcement/regulatory agencies. What do the letters stand for?

A. Internet Cybercrime Conviction Center

B. Internet Complaints Cybercrime Center

C. Internet Crime Complaint Center

D. Internet Cybercrime Counterinsurgency Center