Description

You will receive this product within 24 hours after placing the order

INSTANT DOWNLOAD

What student Can Expect From A Test Bank?

A test bank will include the following questions:

1. True/False
2. Multiple Choice Questions
3. Matching Questions
4. Fill In The Blanks
5. Essay Questions
6. Short  Questions

 

Description

Accounting Information Systems Test Bank-13th Edition – Marshall B. Romney

SAMPLE

 

Accounting Information Systems, 13e (Romney/Steinbart)
Chapter 6 Computer Fraud and Abuse Techniques

Compare and contrast computer attack and abuse tactics.

1) ________ consists of the unauthorized copying of company data.
A) Phishing
B) Masquerading
C) Data leakage
D) Eavesdropping
Answer: C
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic

2) Individuals who use telephone lines to commit fraud and other illegal acts are typically called
A) phreakers.
B) crackers.
C) phishers.
D) hackers.
Answer: A
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic

3) What is a denial of service attack?
A) A denial of service attack occurs when the perpetrator sends hundreds of messages from randomly generated false addresses, overloading an Internet service provider’s e-mail server.
B) A denial of service attack occurs when an e-mail message is sent through a re-mailer, who removes the message headers making the message anonymous, then resends the message to selected addresses.
C) A denial of service attack occurs when a cracker enters a system through an idle modem, captures the PC attached to the modem, and then gains access to the network to which it is connected.
D) A denial of service attack occurs when the perpetrator e-mails the same message to everyone on one or more Usenet newsgroups LISTSERV lists.
Answer: A
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic

4) Gaining control of somebody’s computer without their knowledge and using it to carry out illicit activities is known as
A) hacking.
B) sniffing.
C) phreaking.
D) hijacking.
Answer: D
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic
5) Tapping into a communications line and then entering the system by accompanying a legitimate user without their knowledge is called
A) superzapping.
B) data leakage.
C) hacking.
D) piggybacking.
Answer: D
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic

6) Which of the following is not a method of identity theft?
A) scavenging
B) phishing
C) shoulder surfing
D) phreaking
Answer: D
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic

7) The deceptive method by which a perpetrator gains access to the system by pretending to be an authorized user is called
A) cracking.
B) masquerading.
C) hacking.
D) superzapping.
Answer: B
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic

8) The unauthorized access to, or use of, a computer system is known as
A) hacking.
B) hijacking.
C) phreaking.
D) sniffing.
Answer: A
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic

9) A fraud technique that slices off tiny amounts from many projects is called the ________ technique.
A) Trojan horse
B) round down
C) salami
D) trap door
Answer: C
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic
10) Data diddling is
A) gaining unauthorized access to and use of computer systems, usually by means of a personal computer and a telecommunications network.
B) unauthorized copying of company data such as computer files.
C) unauthorized access to a system by the perpetrator pretending to be an authorized user.
D) changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data.
Answer: D
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic

11) In the 1960s, techniques were developed that allowed individuals to fool the phone system into providing free access to long distance phone calls. The people who use these methods are referred to as
A) phreakers.
B) hackers.
C) hijackers.
D) superzappers.
Answer: A
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic

12) During a routine audit, a review of cash receipts and related accounting entries revealed discrepancies. Upon further analysis, it was found that figures had been entered correctly and then subsequently changed, with the difference diverted to a fictitious customer account. This is an example of
A) kiting.
B) data diddling.
C) data leakage.
D) phreaking.
Answer: B
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic

13) LOLer was chatting online with l33ter. “I can’t believe how lame some people are! 

 I can get into any system by checking out the company website to see how user names are defined and who is on the employee directory. Then, all it takes is brute force to find the ; LOLer is a ________, and the fraud he is describing is ________.
A) hacker; social engineering
B) phreaker; dumpster diving
C) hacker; password cracking
D) phreaker; the salami technique
Answer: C
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic
14) After graduating from college with a communications degree, Rado Ionesco experienced some difficulty in finding full-time employment. He free-lanced during the summer as a writer and then started a blog in the fall. Shortly thereafter he was contacted by SitePromoter Incorporated, who offered to pay him to promote their clients in his blog. He set up several more blogs for this purpose and is now generating a reasonable level of income. He is engaged in
A) splogging.
B) Bluesnarfing.
C) vishing.
D) typosquatting.
Answer: A
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic

15) Computers that are part of a botnet and are controlled by a bot herder are referred to as
A) posers.
B) zombies.
C) botsquats.
D) evil twins.
Answer: B
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic

16) Wassim Masood has been the webmaster for Woori Finance only ten days when Woori’s website was flooded with access attempts. Wassim shut down the site and only opened it to Web addresses which he specifically identified as legitimate. As a result, many of Woori’s customers were unable to obtain loans, causing Woori to lose a significant amount of business. Woori Finance suffered from a
A) denial-of-service attack.
B) zero-day attack.
C) malware attack.
D) cyber-extortion attack.
Answer: A
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic

17) Wassim Masood has been the webmaster for Woori Finance only ten days when he received an e-mail that threatened to shut down Woori’s website unless Wassim wired payment to an account in South America. Wassim was concerned that Woori Finance would suffer huge losses if its website went down, so he wired money to the appropriate account. The author of the e-mail successfully committed
A) a denial-of-service attack.
B) Internet terrorism.
C) hacking.
D) cyber-extortion.
Answer: D
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic
18) Wassim Masood works in the information technology department of TMV. On Monday morning, he arrived at work, scanned his identity card, and entered his code. At that moment, a lady in a delivery uniform came up behind Wassim with a bunch of boxes. Although Wassim held the door for the delivery lade, he later wondered if the delivery lady was engaged in
A) pretexting.
B) piggybacking.
C) posing.
D) spoofing.
Answer: B
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic

19) Describe at least six computer attacks and abuse techniques.
Answer:
Round-down technique — rounded off amounts from calculations and the fraction deposited in perpetrator’s account.
Salami technique — small amounts sliced off and stolen from many projects over a period of time.
Software piracy — unauthorized copying of software, probably the most committed computer crime.
Data diddling — changing data in an unauthorized way.
Data leakage — unauthorized copying of data files.
Piggybacking — latching onto a legitimate user in data communications.
Masquerading or Impersonation — the perpetrator gains access to the system by pretending to be an authorized user.
Hacking — unauthorized access and use of a computer system.
E-mail threats — threatening legal action and asking for money via e-mail.
E-mail forgery — removing message headers, using such anonymous e-mail for criminal activity.
Denial of service attack — sending hundreds of e-mail messages from false addresses until the attacked server shuts down.
Internet terrorism — crackers using the Internet to disrupt electronic commerce and communication lines.
Internet misinformation — using the Internet to spread false or misleading information.
War dialing — searching for an idle modem by dialing thousands of telephones and intruding systems through idle modems.
Spamming — e-mailing the same message to everyone on one or more Usenet groups.
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic

20) Zeus is an example of a
A) virus.
B) worm.
C) Trojan horse.
D) war dialing.
Answer: C
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic
21) Recall that students used Facebook and VKontakte to identify Russian money laundering mules. What fraud case did these students help foil?
A) Zeus
B) Trident Breach
C) Nigerian Banking
D) InfraGard
Answer: B
Objective: Learning Objective 1
Difficulty: Difficult
AACSB: Analytic

22) On the weekends, Thuy Nguyen climbs into her Toyota Camry and drives around the city of Las Vegas looking for unprotected wireless networks to exploit. Thuy is most likely engaging in
A) snarfing.
B) Wi-pilfering.
C) war driving.
D) data slurping.
Answer: C
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic

23) Offering a free website, then charging the phone bills of the individuals who signed up for the free website is known as
A) snarfing.
B) web cramming.
C) podpounding.
D) e-scraping.
Answer: B
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic

Explain how social engineering techniques are used to gain physical or logical access to computer resources.

1) Mircea Vasilescu maintains an online brokerage account. In early March, Mircea received an e-mail from the firm that explained that there had been a computer error and asked Mircea to call a phone number to verify his customer information. When Mircea called the number, a recording asked that he enter the code from the e-mail, his account number, and his social security number. After he did so, he was told that he would be connected with a customer service representative, but the connection was terminated. He contacted the brokerage company and was informed that they had not sent the e-mail. Mircea was a victim of
A) Bluesnarfing.
B) vishing.
C) splogging.
D) typosquatting.
Answer: B
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytic
2) When a computer criminal gains access to a system by searching through discarded records, this is referred to as
A) data diddling.
B) dumpster diving.
C) eavesdropping.
D) data squatting.
Answer: B
Objective: Learning Objective 2
Difficulty: Moderate
AACSB: Analytic

3) Jerry Schneider was able to amass operating manuals and enough technical data to steal $1 million of electronic equipment by
A) scavenging.
B) skimming.
C) Internet auction fraud.
D) cyber extortion.
Answer: A
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytic

4) Illegally obtaining and using confidential information about a person for economic gain is known as
A) eavesdropping.
B) identity theft.
C) packet sniffing.
D) piggybacking.
Answer: B
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytic

5) Which method of fraud is physical in its nature rather than electronic?
A) cracking
B) hacking
C) eavesdropping
D) scavenging
Answer: D
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytic

6) Which of the following is the easiest method for a computer criminal to steal output without ever being on the premises?
A) dumpster diving
B) use of a Trojan horse
C) using a telescope to peer at paper reports
D) electronic eavesdropping on computer monitors
Answer: D
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytic
7) Dimitri Ivanov is an accountant with PwC. The firm has a very strict policy of requiring all users to change their passwords every sixty days. In early March, Dimitri received an e-mail claiming that there had been an error updating his password and that provided a link to a website with instructions for re-updating his password. Something about the e-mail made Dimitri suspicious, so he called PwC’s information technology department and found that the e-mail was fictitious. The e-mail was an example of
A) social engineering.
B) piggybacking.
C) spamming.
D) phishing.
Answer: D
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytic

8) It was late on a Friday afternoon when Makari Polzin got a call at the help desk for Taggart Transcontinental. A man with an edge of panic in his voice was on the phone. “I’m really in a bind and I sure hope that you can help ; He identified himself as John Galt from the Accounting Department. He told Makari that he had to work on a report that was due on Monday morning and that he had forgotten to bring a written copy of his new password home with him. Makari knew that Taggart’s new password policy required that passwords be at least fifteen characters long, must contain letters and numbers, and must be changed every sixty days, had created problems. Consequently, Makari provided the password to John. The caller was not John Galt, and Makari was a victim of
A) phreaking.
B) war dialing.
C) identity theft.
D) social engineering.
Answer: D
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytic

9) Jim Chan decided to Christmas shop online. He linked to , found a perfect gift for his daughter, registered, and placed his order. It was only later that he noticed that the website’s URL was actually Jim was a victim of
A) Bluesnarfing.
B) splogging.
C) vishing.
D) typosquatting.
Answer: D
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytic
10) Mo Chauncey was arrested in Emporia, Kansas, on February 29, 2008, for running an online business that specialized in buying and reselling stolen credit card information. Mo was charged with
A) typosquatting.
B) carding.
C) pharming.
D) phishing.
Answer: B
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytic

11) Which of the following is not an example of social engineering?
A) obtaining and using another person’s Social Security number, credit card, or other confidential information
B) creating phony websites with names and URL addresses very similar to legitimate websites in order to obtain confidential information or to distribute malware or viruses
C) using e-mail to lure victims into revealing passwords or user IDs
D) setting up a computer in a way that allows the user to use a neighbors unsecured wireless network
Answer: D
Objective: Learning Objective 2
Difficulty: Moderate
AACSB: Analytic
12) Describe at least four social engineering techniques.
Answer:
Piggybacking — latching onto a legitimate user in data communications.
Masquerading or Impersonation — the perpetrator gains access to the system by pretending to be an authorized user.
Social engineering — a perpetrator tricks an employee into giving him the information he needs to get into the system.
Identity theft — illegally assuming someone else’s identity, usually with the social security number.
Pretexting — using an invented scenario to increase the likelihood the victim will give away information.
Posing — fraudsters try to collect personal information by pretending to be legitimate business colleagues.
Phishing — sending e-mail, pretending to be a legitimate business colleague, requesting user ID or password or other confidential data.
Vishing — pretending to be a legitimate business colleague and attempting to get a victim to provide confidential information over the phone.
Carding — using stolen credit card information.
Pharming — redirecting website traffic to a spoofed website.
Typosquatting — setting up websites with names similar to real websites.
Scavenging — gaining access to confidential data by searching corporate records in dumpsters or computer storage.
Shoulder surfing — looking over a person’s shoulder in a public place to see PIN or passwords.
Skimming — manually swiping a credit card through a handheld card reader and storing the data for future use.
Eavesdropping — observation of private communications by wiretapping or other surveillance techniques.
E-mail forgery — removing message headers, using such anonymous e-mail for criminal activity.
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytic

13) What is social engineering?
Answer: Social engineering refers to techniques or psychological tricks used to get people to comply with the perpetrator’s wishes in order to gain physical or logical access to a building, computer, server, or network. Generally, social engineering is used in computer abuse to access a system to obtain confidential data.
Objective: Learning Objective 2
Difficulty: Moderate
AACSB: Reflective Thinking

14) Which of the following is not a human trait social engineers take advantage of to entice people to reveal information they should keep confidential?
A) compassion
B) sloth
C) sex Appeal
D) authority
Answer: D
Objective: Learning Objective 2
Difficulty: Moderate
AACSB: Analytic
15) Which of the following websites likely poses the most fraud and security risk?
A) your school’s website
B) a file sharing website
C) a social media website
D) your personal website
Answer: B
Objective: Learning Objective 2
Difficulty: Moderate
AACSB: Analytic

16) True or False: Identify theft has always been a federal crime.
Answer: FALSE
Objective: Learning Objective 2
Difficulty: Moderate
AACSB: Analytic

17) Pretexting is best described as a social engineering technique that uses
A) text messages to gain sensitive information.
B) an invented scenario to gain sensitive information.
C) threat of physical force to gain sensitive information.
D) impersonation of somebody you know to gain sensitive information.
Answer: B
Objective: Learning Objective 2
Difficulty: Moderate
AACSB: Analytic

18) On a Friday evening you use a bar’s ATM to withdraw $50 from your bank account. However, as you complete your withdrawal, your card gets jammed in the ATM machine. The individual waiting in line behind you approaches you and suggests re-entering your PIN number. You do. However, your card remains jammed. You leave the bar to call your bank to report the incident. However, after you left the individual who offered to help you removed a sleeve he inserted in the ATM to jam your card. He now has your ATM card and PIN number. You just fell victim to a ________ fraud.
A) tabnapping
B) Lebanese looping
C) phishing
D) pharming
Answer: B
Objective: Learning Objective 2
Difficulty: Moderate
AACSB: Analytic
Describe the different types of malware used to harm computers.

1) A part of a program that remains idle until a specified date or event activates it to cause havoc is called a
A) virus.
B) logic bomb.
C) trap door.
D) data diddle.
Answer: B
Objective: Learning Objective 3
Difficulty: Easy
AACSB: Analytic

2) Spyware is
A) software that tells the user if anyone is spying on his computer.
B) software that monitors whether spies are looking at the computer.
C) software that monitors computing habits and sends the data it gathers to someone else.
D) none of the above
Answer: C
Objective: Learning Objective 3
Difficulty: Easy
AACSB: Analytic

3) The unauthorized use of special program that bypass regular system controls to perform illegal acts is called
A) a Trojan horse.
B) a trap door.
C) the salami technique.
D) superzapping.
Answer: D
Objective: Learning Objective 3
Difficulty: Easy
AACSB: Analytic

4) Computer fraud perpetrators that modify programs during systems development, allowing access into the system that bypasses normal system controls are using
A) a Trojan horse.
B) a trap door.
C) the salami technique.
D) superzapping.
Answer: B
Objective: Learning Objective 3
Difficulty: Easy
AACSB: Analytic
5) A fraud technique that allows a perpetrator to bypass normal system controls and enter a secured system is called
A) superzapping.
B) data diddling.
C) using a trap door.
D) piggybacking.
Answer: C
Objective: Learning Objective 3
Difficulty: Easy
AACSB: Analytic

6) A set of unauthorized computer instructions in an otherwise properly functioning program is known as a
A) logic bomb.
B) spyware.
C) trap door.
D) Trojan horse.
Answer: D
Objective: Learning Objective 3
Difficulty: Easy
AACSB: Analytic

7) A ________ is similar to a ________, except that it is a program rather than a code segment hidden in a host program.
A) worm; virus
B) Trojan horse; worm
C) worm; Trojan horse
D) virus; worm
Answer: A
Objective: Learning Objective 3
Difficulty: Easy
AACSB: Analytic

8) Developers of computer systems often include a user name and password that is hidden in the system, just in case they need to get into the system and correct problems in the future. This is referred to as a
A) Trojan horse.
B) key logger.
C) spoof.
D) back door.
Answer: D
Objective: Learning Objective 3
Difficulty: Easy
AACSB: Analytic
9) Narang Direct Sales is a telemarketing firm that operates out of India. The turnover rate among employees is quite high. Recently, the information technology manager discovered that an unknown employee had used a Bluetooth-enabled mobile phone to access the firm’s database and copied a list of customers from the past three years and their credit card information. Narang Direct Sales was a victim of
A) Bluesnarfing.
B) splogging.
C) vishing.
D) typosquatting.
Answer: A
Objective: Learning Objective 3
Difficulty: Easy
AACSB: Analytic

10) Rina Misra, a first-time computer user, purchased a brand new PC two months ago and it was now operating much more slowly and sluggishly. Since purchasing the computer, she had been accessing the Internet and had installed a variety of free software. The problem is mostly likely to be
A) a zero-day attack.
B) a virus.
C) a spoof.
D) Bluesnarfing.
Answer: B
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytic

11) In November of 2005 it was discovered that many of the new CDs distributed by Sony BMG installed software when they were played on a computer. The software was intended to protect the CDs from copying. Unfortunately, it also made the computer vulnerable to attack by malware run over the Internet. The scandal and resulting backlash was very costly. The software installed by the CDs is a
A) virus.
B) worm.
C) rootkit.
D) squirrel.
Answer: C
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytic

12) Which of the following would be least effective to reduce exposure to a computer virus?
A) Only transfer files between employees with USB flash drives.
B) Install and frequently update antivirus software.
C) Install all new software on a stand-alone computer for until it is tested.
D) Do not open e-mail attachments from unknown senders.
Answer: A
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytic
13) How can a system be protected from viruses?
Answer: Install reliable antivirus software that scans for, identifies, and isolates or destroys viruses. Use caution when copying files on to your diskettes from unknown machines. Ensure the latest version of the antivirus program available is used. Scan all incoming e-mails for viruses at the server level. All software should be certified as virus-free before loading it into the system. If you use jump drives, diskettes, or CDs, do not put them in unfamiliar machines as they may become infected. Obtain software and diskettes only from known and trusted sources. Use caution when using or purchasing software or diskettes from unknown sources. Deal with trusted software retailers. Ask whether the software you are purchasing comes with electronic techniques that makes tampering evident. Check new software on an isolated machine with virus detection software before installing on the system. Cold boot to clear and reset the system. When necessary, “cold boot” the machine from a write-protected diskette. Have two backups of all files. Restrict the use of public bulletin boards.
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytic

14) Describe the differences between a worm and a virus?
Answer: A computer virus is a segment of executable code that attaches itself to computer software. A virus has two phases: it replicates itself and spreads to other systems or files, and in the attack phase, the virus carries out its mission to destroy files or the system itself. A worm is similar to a virus, except that it is a program rather than a code segment hidden in a host program. A worm can reside in e-mail attachments, which when opened or activated can damage a user’s system. Worms can also reproduce themselves by mailing themselves to the addresses found in the recipient’s mailing list. Worms do not have long lives, but their lives can be very destructive nonetheless.
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytic

15) Spyware that pops banner ads on a monitor, then collects information about the users web-surfing and spending habits is an example of
A) a Trojan horse
B) scareware
C) adware
D) a keylogger
Answer: C
Objective: Learning Objective 3
Difficulty: Easy
AACSB: Analytic

16) Ransomware often comes in the form of
A) fake antivirus software.
B) an e-mail that threatens to kidnap the reader unless a ransom is paid.
C) free performance-maximizing software.
D) free apps.
Answer: A
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytic
17) True or False: Law enforcement uses key logging software, a form of malware, to detect crime.
Answer: TRUE
Objective: Learning Objective 3
Difficulty: Easy
AACSB: Analytic

18) Terrorists often use ________ because it is an effective way to transmit information and receive orders.
A) steganography
B) packet sniffers
C) trap doors
D) time bombs
Answer: A
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytic

19) True or False: Steganography malware uses encryption to increase its effectiveness.
Answer: FALSE
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytic