COMMITTEE ON INFORMATION TECHNOLOGY

INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA

Certificate Course on Forensic Accounting & Fraud Detection

MODEL TEST PAPER -2

Total No. of Questions: 100

Total Marks: 100 Time Allowed: 1 Hour 40 Mins (i.e. 100 mins)

GENERAL INSTRUCTIONS

There is no negative marking

Answer all the 100 questions. All Questions carry equal marks and are compulsory.
Each question has four multiple choices for the answer. You are required to choose
only one Answer which according to you is most appropriate and/or correct.
Please do not write or mark on this question booklet.
The candidate should not turn or look at any other page, except this instruction page,
till the chief superintendent / invigilator announces to start.

OBJECTIVE TYPE QUESTIONS

(1×100)

1 A red flag indicates that the alert is.........

A. Old
B. Follow up
C. Urgent
D. New
 2 A fraud which is perpetrated by scrambling a company's files is a:
A. data fraud
B. output fraud
C. computer instructions fraud
D. Input fraud.

3 E-commerce is the commercial transaction of services in a/an ______________

A. mechanical format.
B. electronic format
C. Paper
D. Stone

4 Which of the following refers to a business platform, involving a business entity and
consumers?
A. Business-to-consumer (B2C)
B. Business-to-business (B2B)
C. Consumer-to-business (C2B)
D. Consumer-to-consumer (C2C)

5 ____________________ is a generic term which refers to all the legal and regulator aspects of
Internet and the World Wide Web
A. Cyber Law
B. Cyber Dyne
C. Cyber Café
D. Electronic Law

6 . The physical Cheque tempering prevention method in which extremely small

printing, too small to be read with naked eye becomes distorted when photocopied
is called _______.
A. High resolution microprinting
B. Microline printing
C. Watermark backers
D. None of above

7 Which among the following are the three payroll fraud schemes
i) Ghost employees ii) Temporary employees
iii) Falsified overtime iv) Commission

A. i , ii & iii
B. i , iii & iv
C. ii , iii & iv
D. i , ii & iv

8 In which of the following is the computer incidental to the crime?

A. Computer manipulation
B. Money laundering
C. Data alteration
D. Theft of services

9 In which of the following is a computer not incidental to the crime?

A. Computer manipulation
B. Money laundering
C. Criminal enterprises
D. Sex crimes

10 Which Standard on Auditing among the following describes the importance of red
flags:
A. SA 240
B. SA 210
C. SA 250
D. SA 260

11 Weak internal controls in an organization will affect which of the following elements
of fraud?
A. Motive
B. Opportunity
C. Rationalization
D. None of the above

12 The most popular software forensic tools include all of the following except:
A. Forensics Autopsy
B. QUICKEN
C. Forensics Toolkit
 D. SMART

13 Hash values are used for which of the following purposes?

A. Determining file sizes
B. Filtering known good files from potentially suspicious data
C. Reconstruction file fragments
D. Validating that the original data hasn’t changed.

14 The verification function does the following?

A. Proves that a tool performs as intended
B. Creates segmented files.
C. Proves that two sets of data are identical via hash values
D. Verifies hex editors.

15 What are the Characteristics of an Interview

I. Establishing Rapport
II. Careful listening
III. Accusatory
IV. Dominate the Conversation

A. All (I), (II), (III) & (IV) above

B. Both (I) and (II) above
C. Both (III) and (IV) above
D. None

16 Which of the following questions are interview based questions

I. "Did you plan this fraud out for months and months in advance or did it pretty
much happen on the spur of the moment?"
II. “Were there any sales after office hours, before office hours?”
III. “how are these cash memos generated?”
IV. "What are your duties and responsibilities?“
A. All (I), (II), (III) & (IV) above B. Both (II) and (III) above
C.(II) (III) and (IV)aboveD. None

17 The style of interviewer while handling fraud cases should be

 I. He should be friendly and easy-going like cracking jokes and asking about
hobbies and favorite things because the information is easily extracted from
the anyone whom he gets friendly to
II. He should be strict, authoritative and accusatory because otherwise the
suspect can take the investigator for granted and tell lies or not answer to
what is being asked
III. He should be the one who does most of the talking and asking questions to
which the suspect answers in Yes or No
IV. He should maintain a non-accusatory tone and firm demeanor during an
interview. he should keep his questions brief and, whenever possible, elicit a
narrative response from the subject
A. Both (I) and (III) above B Only (IV) above
C Only (II) above D None

18 Most frauds involve three steps. These steps are:

A. access, opportunity, need
B. decrease assets, increase expenses, misappropriation
C. theft, conversion, concealment
D. input, processing, output

19 Three conditions are necessary for a fraud to occur. These three conditions are:
A. need, dissatisfaction, and challenge
B. pressure, opportunity, and rationalization
C. no separation of duties, need, and no independent performance checks
D. challenge, motivation, and failure to enforce internal controls

20 Which section of IT Act covers most of the common crimes arising out of “Unauthorised
Access”
A. Section 66
B. Section 67
C. Section 73
D. Section 74

21 The imaginary location where the word of the parties meets in conversation is referred
to as ________________.
A. Cyberspace
B. Space
C. Cyberdyne
D. Cybernet
22 Which of the following is not a method for stealing sales and receivables but a way of
using skimmed money
A. lon term skimming
B. short term skimming
C. Understated sales
D. Unrecorded sales

23 Which of the following sentence is true?

A. Lapping is the debiting one account and crediting of another account.
B. The legal definition of forgery includes only the signing of another person’s
name to a document with fraudulent intent.
C. Lapping is the crediting of one account through abstraction of money from
another account.
D. None of the Above

24 __________ are those cheque tempering schemes in which an employee intercepts a

company cheque intended for a third party and converts the cheque by signing the third
party’s name on the endorsement line of cheque.
A. Intercepted cheques
B. Altered payee schemes
C. Authorized maker scheme.
D. Forged endorsement scheme.

25 . In the context of forensics, data is most analogous to ________.

A. files and folders
B. information
C. digital evidence
D. bits

26 Most frauds involve three steps. These steps are?

A. access, opportunity, need
B. decrease assets, increase expenses, misappropriation
C. theft, conversion, concealment
D. input, processing, output
27 Three conditions are necessary for a fraud to occur. These three conditions are
A. need, dissatisfaction, and challenge
B. pressure, opportunity, and rationalization
C. no separation of duties, need, and no independent performance checks
D. challenge, motivation, and failure to enforce internal controls

28 . Which of the following is an example of a crime associated with the prevalence of

computers?
A. Computer manipulation
B. Money laundering
C. Theft of services
D. Intellectual property violations

29 Which of the following crimes targets a computer?

A. Denial of service
B. Money laundering
C. Theft of services
D. Intellectual property violations

30 Which of the following best defines computer abuse?

A. Denial of service
B. Money laundering
C. An illegal act in which knowledge of computer technology is used to
commit the act
D. An intentional act involving a computer in which the perpetrator may
have gained at the victim’s expense

31 A red flag is.........

A. Indicator of fraud
B. Indicator of situation of fraud
C. A or B Both
D. Neither A nor B

32 Direct Observation is to determine.........

A. effect of red flag on organisation
B. Cost of identified loss
C. Potential loss
 D. Historical Loss

33 Costly types of fraud include

A. Financial Statement Fraud
B. Check Forgery
C. Credit Card Fraud
D. All of the above

34 Hashing, filtering and file header analysis make up which function of digital forensics
tools?
A. Validation and Verification
B. Acquisition
C. Extraction
D. Reconstruction

35 What are the function of Extraction:

A. GUI Acquisition
B. Command line acquisition
C. Carving
D. Hashing

36 Disc imaging is used to:

A. bit stream duplicate
B. no alterations to original media
C. verify integrity
D. All of above

37 While interviewing/interrogating a suspect, an investigator should do the

following:
I. Listen only to what the suspect says and ignoring his behavioral attributes
II. Don’t believe at all to what he says and concentrate only to his behavioral
attributes
 III. Rely on the opinion of what others are talking about him (his supervisor, his
colleagues and his juniors) and on his past history of manipulation.
IV. Collect Documentary Evidence and corroborate it with explanation obtained
while interviewing/interrogating considering their behavior attributes on
non-judgmental basis
A. Both (I) and (III) above B. Only (I) above
C. Both (II) and (III) above D. Only (IV) above

38 While interviewing/interrogating an investigator should look for following outer

personality/attributes in a person to conclude him as a suspect or a non-suspect
I. Person’s dressing sense: the chances of the one being a suspect is more who
dresses shabbily than the one who dresses immaculately
II. Person’s Gender : the chances of the one being a suspect is more if he is a Male
than the one who is a Female
III. Other Characteristics like Race, Religion, Community, Color, Hierarchy, Age,
Height Weight, no of years of service etc
A. All (I), (II) and (III) above B. Only (III) above
C. Both (I) and (II) above D. None

39 Which of the following is the indicator of deception while conducting Forensic

Interview
A. Quick, spontaneous answers
B. Consistent strong denial
C. Direct, brief answers
D. Hesitant

40 If a company wishes to improve detection methods, they should do all of the following
except:
A. use forensic accountants
B. conduct frequent audits
C. encrypt data
D. all of the above improve detection of fraud

41 In order for an act to be legally considered fraud it must be all of the following except:
A. A material fact
B. An injury or loss suffered by the victim
C. A false statement
D. No intend to deceive
42 According to the opportunity part of the fraud triangle, a person may do all of the
following acts except:
A. Convert the theft or misrepresentation for personal gain
B. Control the fraud
C. Commit the fraud
D. Conceal the fraud

43 The World‟s first computer-specific statute was enacted in 1970, by the German state,
in the form of a ___________________ .
A. Data Protection Act.
B. Cyber Law
C. Copy right
D. Patent right.

44 E-commerce is the commercial transaction of services in a/an ______________

A. Mechanical Format.
B. Electronic Format
C. Paper
D. Stone

45 Which of the following should be covered in employee anti-fraud training?

A. The exact procedures management uses to detect fraud
B. A detailed explanation of the company’s anti-fraud control
C. Examples of past transgressions and how they are handled
D. All of the above

46 Jackson is a receiving clerk at a warehouse. His job is to count the number of units in
incoming shipments, record the figures in receiving reports, and forward copies of the
reports to the accounts payable department. One day, Jackson received a box of 20
laptop computers at the warehouse. His wife's computer just broke, so he stole one of
the computers from the box. To conceal his scheme, Jackson sent a receiving report to
accounts payable that 20 computers arrived, but he only recorded 19 on the copy of the
receiving report used for the inventory records. What type of scheme did Jackson
commit?
 A. An asset transfer scheme
B. A purchasing and receiving scheme
C. A non-cash larceny scheme
D. None of the above

47 Which of the following schemes refers to the falsification of personnel or payroll

records, causing paychecks to be generated to someone who does not actually work for
the victim company?

A. Falsified salary scheme

B. Record alteration scheme
C. Ghost employee scheme
D. Inflated commission scheme

48 . On recent Windows installations, the standard location for storing critical system files
is ________.
A. C:/Program Files/
B. C:/System/
C. C:/Important/
D. C:/Windows/

49 8. The intersection of a hard disk's sector and track is called a ________.

A. block
B. cluster
C. byte
D. bit

50 9. File system drivers impose limitations and boundaries, such as ________.

A. file usage
B. minimum file size
C. file name length
D. swap usability

51 . What is a “Hacktivist”?
A) Politically motivated hacker
B) Denial of service attacker
C) A proponent of Napster
 D) A person engaging in an intentional act involving a computer in which
the person may have gained at the victim’s expense

52 . Which of the following individuals developed one of the first systems to define
computer crimes in 1976?
A) David Carter
B) Donn Parker
C) Jay Nelson
D) Robert Taylor

53 Which of the following is an example of a computer manipulation crime?

A) An intruder removes valuable information from a computer system.
B) Hacking
C) A person alters payroll records to attain a higher rate of pay.
D) Medical records are altered.

54 Employee life style changes (expensive car, jewelry) will come under which component
of Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say

55 Employee’s significant personal debt & credit problems will come under which
component of Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say

56 Employee’s behavioral changes (alcohol, gambling) will come under which component
of Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say
57 Acquisition to ISO standard 27037, which of the following is an important factor in data
acquisition?
A. The DEFR’s Competency
B. The DEFR’s skills in using the command lines
C. Use of validated tools
D. Condition at the acquisition setting

58 The reconstruction function is needed for which of the following purposes?

A. Re create a suspect drive to show what happened
B. Create a copy of a drive for other investigators
C. Recover file headers
D. Re create a drive compromised by malware

59 ___ is the set of instructions compiled into a program that performs a particular task.
A. Software
B. Hardware
C. OS
D. None of the above

60 Which of the following is Indicator of truth while conducting a forensic Interview

A. Week Denials
B. Direct Brief Answers
C. Verbal attacks directed at Interviewer
D. Answering with a different question

61 Lie detector test does not include

A. Polygraph Test
B. Blood Group
C. Blood Pressure
D. Computer Analysis
62 What is Voice Biometric
 A. Technology for Voice recognition while Conducting interviews
telephonically
B. Voice Recognition for Service Access
C. Technology to authenticate a person’s voice
D. All of the Above

63 Which of the following pressures are classified as Management Characteristics that can
lead to financial statement fraud?
A. High management and/or employee turnover
B. Declining industry
C. New regulatory requirements that impair financial stability or
profitability
D. Intense pressure to meet or exceed earnings expectations

64 The following firm is not involved in accounting scandals:

A. Enron
B. Larson andToubro
C. Worldcom
D. Satyam

65 Overstating revenues and understating liabilities and expenses typifies which of the
following fraud schemes?
A. Unconcealed larceny
B. Purchase and sales Skimming
C. Fraudulent statements
D. Schemes

66 Which of the following is issued online for use over the Internet and is stored in an
electronic device such as a chip card or computer memory?
A. Hard Cash
B. Business Card
C. E-Cash
D. E- Card

67 With a view to facilitate ___________________, it is proposed to provide for the use and
acceptance of electronic records and digital signatures in the Govt. Offices and its
agencies.
 A. Electronic Governance
B. Paper Governance.
C. Oral Testimony.
D. Mechanical Governance.

68 Data, record or data generated image or sound stored, received or sent in an electronic
form or micro film or computer generated micro fiche as per the [Sec., 2(t) of I.T. Act,
2000] means ______________________
A. Electronic Document.
B. Electronic Record
C. Hard Record
D. Hard Document.

69 Of the following, who should conduct physical observations of a company's inventory in

order to most effectively prevent inventory theft?

A. Warehouse personal
B. Purchasing agents
C. Purchasing supervisor
D. A sales representative

70 Which of the following fraudulent entries is most likely to be made to conceal the theft
of an asset?

A. debit expenses and credit the asset

B. debit the asset, credit another asset account
C. debit revenue , credit the asset
D. debit another asset account and credit the asset

71 Corporate officers who knowingly violate certification requirements under criminal

certifications (section 906) are subject to –

A. fine of up to $1 million or up to 10 years imprisonment

B. fine of up to $ 1 million and up to 10 years imprisonment, or both
C. fine of up to $ 5 million or up to 20 years of imprisonment
D. fine of up to $ 5 million and up to 20 years of imprisonment, or both.

72 Using metadata, forensics investigators can ________. (Select the three that apply)
 A. search for files that were created at a specific time
B. filter files that do not contain evidence
C. filter files by size
D. search for file names that match patterns

73 On Linux and UNIX, the /home directory structure is the standard location for storing
________.
A. user installed applications
B. data specific to users
C. critical system files
D. temporarily deleted data

74 Which one of the following is a benefit of a RAID configuration of disks?

A. Capacity
B. Performance
C. Redundancy
D. All of the above
75 . An intruder removes valuable information from a computer system. What term
describes this crime?
A. Computer vandalism
B. Hacking
C. A person alters payroll records to attain a higher rate of pay.
D. Data alteration

76 11. Which of the following is a computer crime that deprives the legitimate owner of a
tangible asset?
A. Hacking
B. Money laundering
C. Manipulating the price of a stock
D. Salami slice

77 12. Which of the following is not a similarity between real-world stalking and cyber
stalking?
A) Most victims are women.
 B) Most stalkers are men.
C) The stalker and victim are near to each other.
D) Stalkers are generally motivated by the desire to control the victim.

78 High Employee turnover especially in areas vulnerable to fraud will come under which
component of Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say

79 Refusal to take sick leave by employees will come under which component of Fraud
Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say

80 Lack of segregation of duties in vulnerable area will come under which component of
Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say
81 The type of forensics that involves examining malicious software
a) Software forensics
b) Hardware forensics
c) Network forensics
d) Digital forensics

82 FTK's Known File Filter (KFF) can be used for which of the following purposes?
I. Filter known program files from view
II. Calculate hash values of known files to evidence files.
III. Filter out evidence that doesn't relate to your investigation.
Options :
 A. I and ii
B. Ii and iii
C. I and iii
D. All of above
83 Many password recovery tools have a feature for generating potential password lists
for a(n) ____ attack.
A. Password Dictionary
B. Brute Force Attack
C. Key Logger Attack

84 Voice Analysis can detect?

A. Temperament of a person during the interview
B. Whether person is lying
C. Whether he is telling the facts
D. All of the above

85 Forensic Interviewing Techniques does not include

A. Investigation
B. Polygraph test
C. Physical Behaviour Analysis
D. Disk Imaging

86 During the interview, what should be safety concerns must include

A. Awareness
B. Interview Location
C. Physical Red Flags
D. All of the above

87 The Sarbanes-Oxley Act is also called what?

A. Corporate Fraud Protection Act of 2002
B. Public Corporation Accounting Oversight Act
C. Public Company Accounting Reform and Investor Protection Act of 2002
D. Principles of Federal Prosecution of Business Organizations
88 The requirement to reimburse a company for any bonuses or other compensation
received during the 12-month period following the restatement of financials as a result
of misconduct is called:
A. Disgorgement
B. Executive penalty
C. Insider trading
D. Corporate accountability

89 A system of checks and balances between management and all other interested parties
with the aim of producing an effective, efficient, and law-abiding corporation is known
as:
A. Corporate governance
B. Code of conduct
C. Transparency
D. Culture of compliance
90 The _________________ provides for authentication of a document by means of digital
signatures under Article 7.
A. E-Commerce
B. Model Law
C. E-Law
D. Dynamic Law.
91 According the IT act 2000, _______________ means a person who is intended by the
originator to receive the electronic record but does not include any intermediary.
A. “Address”
B. “Affixing Digital Signature”
C. “Computer Resource”
D. "Data"
92 Section 301 of the SOX requires that the auditor should report directly to ______.

A. Management
B. Government
C. Audit committee
D. Stakeholders/ Owners/Investors
93 Data is organized as files mostly because ________. (Choose the best answer)
A. computers cannot store very large files
B. it is easier for the computer to store many smaller chunks of data than it is to
store one large chunk of data
 C. it is easier for people to store many smaller chunks of data than it is to store
one large chunk of data
D. people need to store their data with labels to make retrieval easier

94 13. Which of the following crimes may be facilitated by the use of a computer?
A. Loan-sharking
B. Drug rings
C. Prostitution rings
D. All of the above
95 Weakness in internal control environment will lead which kind of fraud-
A. Employee Red Flag
B. Management Red Flag
C. General Red Flag
D. None of above

96 Which of the following is the Security feature provided by bank to its

accountholders so that only authorized electronic transaction are allowed.
A. ACH
B. AHC
C. CAH
D. CHA

97 new process is always "called" or "created" as a result of ________.

A. the process manager reading programs from disk media

B. one process requesting a program to be loaded and executed
C. system processes starting new services
D. the memory manager reading the program file to start execution

98 Which two of the following answers do NOT describe the responsibility of the
memory manager?
A. Selecting which process to run
B. Allocating memory to processes
C. Swapping memory from RAM to Disk
D. Formatting newly allocated memory

99 A computer's boot process begins when what event occurs?

A. The computer BIOS turns on the processor.
 B. The operating system loads.
C. The Master Boot Record is read.
D. The computer is powered on.

100 Which of the following crimes is done using a computer as the instrument?

A) Computer manipulation
B) Money laundering
C) Data alteration
D) Theft of services