Professional Documents
Culture Documents
Sample Paper Fafd
Sample Paper Fafd
Sample Paper Fafd
1. Employee’s behavioral changes (alcohol, gambling) will come under which component
of Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say
2. The purpose of the Red Flags Rule is:
A. To detect the warning signs – or “red flags” – of identity theft in day-to-day
operations
B. take steps to prevent the crime
C. Mitigate the damage it inflicts.
D. All of the above
3. The interrelationship among auditing, fraud examination, and financial forensics is:
A. Established and maintained by legal structures and justice processes
B. Constant even while social and cultural pressures are exerted on it
C. Cased on the SOX Act and SAS 99
E. Dynamic and changes over time
4. What is one of the primary differences between a Financial Statement auditor and a
Forensic Accountant?
A. Financial statement auditors are likely to follow leads suggested by
immaterial items whereas Forensic Accountants often must restrict their
efforts to searching for material misstatements.
B. Forensic Accountants are likely to follow leads suggested by immaterial
items whereas .financial statement auditors often must restrict their efforts
to searching for material misstatements
C. .Forensic Accountants must focus on specific legal areas that produce fraud
charges under the courts of law whereas financial statement auditors focus
their attention on the Generally Accepted Accounting Principles.
D. Forensic Accountants are likely to ask individuals to fix discrepancies found
in financial statements whereas financial statement auditors will fail a
corporations financial statement certification, therefore having
repercussions with the SEC.
5. Among the following which would be the red flags for payroll –
A. Overtime time charged during a slack period
B. Excessive or unjustified transactions
C. Large no. of Write- off of accounts
D. All of the above
6. If pressures and opportunities are high and personal integrity is low, the chance of
fraud is:
A. High
B. Medium
C. Very Low
D. Low
10. Which of the following types of organizations typically use Forensic Accountants?
A. Publicly held corporations.
B. Private/non-profit corporations.
C. Federal/State Agencies.
D. All of the above.
12. In comparing management fraud with employee fraud, the auditor’s risk of failing to
discover the fraud is:
A. greater for management fraud because managers are inherently more
deceptive than employees
B. greater for management fraud because of management’s ability to override
existing internal controls
C. greater for employee fraud because of the higher crime rate among blue
collar workers
D. greater for employee fraud because of the larger number of employees in
the organization
13. ____ is the science of writing hidden messages I such a way that no one apart from th
sender and intended recipient even realizes there is a hidden message.
A. decryption
B. obfuscation
C. stenography
D. encryption
15. All of the following are methods that organization can adopt to proactively
eliminate fraud opportunities EXCEPT:
A. Accurately identifying sources and measuring risks
B. Implementing appropriate preventative and detective controls
C. Creating widespread monitoring by employees
D. Eliminating protections for whistle blowers
16. Overstating revenues and understating liabilities and expenses typifies which of the
following fraud schemes?
A. Unconcealed larceny
B. Purchase and sales Skimming
C. Fraudulent statements
D. Schemes
18. when working on computer forensics always work from of the evidence and never
from the original to prevent damage to the evidence.
A. Original hard drive
B. Live computer
C. Remote desktop
D. An image
21. What is the most cost-effective way to minimize the cost of fraud?
A. Prevention
B. Detection
C. Investigation
D. Prosecution
23. Which of the following statements is most correct regarding errors and fraud?
A. An error is unintentional, whereas fraud is intentional.
B. Frauds occur more often than errors in financial statements.
C. Errors are always fraud and frauds are always errors.
D. Auditors have more responsibility for finding fraud than errors.
24. You are suppose to maintain three types of records. Which answer is not a record?
A. Chain of custody
B. Documentation of the crime scene
C. Searching the crime scene
D. Document your actions
26. When performing forensics work, which of the guidelines below should be followed?
i. You should make a copy of a suspect's drive and interact with the copy
instead of the original
ii. If you take the evidence home with you, carry it in a locked briefcase.
iii. You should only document those tests that provide information that can be
used in court.
iv. The location and use of the evidence from the point it was seized until the
moment it is shown in court must be known.
A. i and ii
B. i and iii
C. i and ii
D. All of above
30. Steganography is
A. graph of sales to technological spending
B. the science of hiding information
C. graph of mails sent to mails received
D. the science of generating random passwords
31. Tools for imaging:
(a) Dossier
(b) Tableau
(c) Encase & FTK
(d) ACL
32. most popular software forensic tools include all of the following except:
A. Forensics Autopsy
B. QUICKEN
C. Forensics Toolkit
D. SMART
34. Three conditions are necessary for a fraud to occur. These three conditions are:
A. need, dissatisfaction, and challenge
B. pressure, opportunity, and rationalization
C. no separation of duties, need, and no independent performance checks
D. challenge, motivation, and failure to enforce internal controls
35. If a company wishes to improve detection methods, they should do all of the following
except:
A. use forensic accountants
B. conduct frequent audits
C. encrypt data
D. all of the above improve detection of fraud
36. Refusal to take sick leave by employees will come under which component of Fraud
Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say
38. A Forensic Auditor is not given any specific written mandate but a general consent to
investigate into a fraud for accounting manipulation in Customer accounts. After
completion of work, a note on which of the following aspect should NOT be included in
a Forensic Audit Report
A. Objectives that the Forensic Auditor has perceived and pursued during the
course of the investigation.
B. Severe deficiencies in the internal control mechanism observed by him with
regard to Vendor accounts which has immaterial relevance to the subject
fraud
C. A recommendation for volume/ quantum of punishment to be reprimanded
to the erring accountant against whom the Forensic Auditor has an explicit
evidence.
D. A limiting condition where certain file of important document for a specific
period that was not made available to the Forensic Auditor despite several
requests.
39. Which of the following is not a required part of an Identity Theft Prevention Program?
A. Reasonable policies and procedures to identify potential “red flags”
B. A dedicated phone line for customers to call in identity theft reports.
C. Specific procedures to detect the “red flags” identified as potential threats.
D. A plan for regularly re-evaluating the program.
40. A forensics lab will have dedicated areas for each of the following functions EXCEPT
_________.
A. forensics examination workspace
B. a secured locker area
C. a continuing education training centre
D. well-stocked inventory
41. The journal of a forensics specialist or expert will contain entries that provide the
following functions EXCEPT _______.
A. the description of WHO did WHAT and WHEN
B. the results of the examination
C. any actions taken to examine the evidence
D. any theories that result from the examination
42. Weakness in internal control environment will lead which kind of fraud-
A. Employee Red Flag
B. Management Red Flag
C. General Red Flag
D. None of above
44. Lack of segregation of duties in vulnerable area will come under which component of
Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say
46. Acquisition to ISO standard 27037, which of the following is an important factor in data
acquisition?
A. The DEFR’s Competency
B. The DEFR’s skills in using the command lines
C. Use of validated tools
D. Condition at the acquisition setting
47. Computer forensics does not involves ….
A. Interpretation,
B. Preservation,
C. Delimitation
D. Documentation
50. The use of _____________________ may be particularly valuable in cases of white- collar
crime.
A. Fingerprint examiners
B. Forensic photography
C. Forensic accountants
D. None of the above
I. Person’s dressing sense: the chances of the one being a suspect is more who
dresses shabbily than the one who dresses immaculately
II. Person’s Gender : the chances of the one being a suspect is more if he is a Male
than the one who is a Female
III. Other Characteristics like Race, Religion, Community, Color, Hierarchy, Age,
Height Weight, no of years of service etc
A. All (I), (II) and (III) above
B. Only (III) above
C. Both (I) and (II) above
D. None
57. Financial statement auditors, under SAS 99, are required to make inquires about
possible fraudulent activity of all of the following parties except:
A.bond holders.
B.audit committee members.
C.management.
D.internal auditors.
58. Accounts that can be manipulated in revenue fraud include all of the following except:
A. Accounts Receivable.
B. Inventory.
C. Sales Discounts.
D. Bad Debt Expense
59. Which of the following statement related to Fraud Risk Assessment (FRA) is
INCORRECT:
A. Evaluate whether identified fraud risk controls are operating effectively.
B. It is a one-time activity, not required to be performed on periodic basis.
C. Identify and map existing preventive and detective controls to the
relevant fraud risk.
D. Identify and evaluate residual fraud risk resulting from ineffective or non-
existent controls.
60. After you have identified the red flags of ID Theft that you’re likely to come across in
your business, what do you do next?
A. Set up procedures to detect those red flags in your day-to-day operations.
B. Train all employees who will use the procedures.
C. Decide what actions to take when a red flag is detected.
D. All of the above
61. One of the key success driver of Data Analysis is the ability to keep shuffling between
the bird’s eye view (i.e macro overview) vis-à-vis the ant’s view (i.e micro view) of the
data. In that context, which of the following techniques are useful for Forensic Auditor
to get Bird’s Eyeview Or Macro overview of the Data
62. ____________________ is a generic term which refers to all the legal and regulator aspects of
Internet and the World Wide Web
A. Cyber Law
B. Cyber Dyne
C. Cyber Café
D. Electronic Law
64. A system of checks and balances between management and all other interested parties
with the aim of producing an effective, efficient, and law-abiding corporation is known
as:
A. Corporate governance
B. Code of conduct
C. Transparency
D. Culture of compliance
65. Many indicators of fraud are circumstantial; that is, they can be caused by nonfraud
factors. This fact can make convicting someone of fraud difficult. Which of the following
types of evidence would be most helpful in proving that someone committed fraud?
A. Missing documentation.
B. Analytical relationships that don’t make sense.
C. A repeated pattern of similar fraudulent acts.
D. A general ledger that is out of balance.
66. All of the following are indicators of financial statement fraud except:
E. Unusually rapid growth of profitability.
F. Dependence on one or two products.
G. Large amounts of available cash.
H. Threat of a hostile takeover.
69. A ____ function is any well defined procedure or mathematical function for turning some
kind of data into a relatively small integer.
A. hash
B. metadata
C. encryption
D. decryption
70. Which of the following are strategies used to attempt to minimize piracy of software or
other intellectual property?
A. Encryption
B. Intellectual property laws
C. Legal copyrighting
D. All of the above
72. A fraud perpetrated by tricking a person into disclosing confidential information, such
as a password, is called
A. a Trojan horse
B. hacking
C. social engineering
D. scavenging
73. Which of the following is a method used to embezzle money a smallamount at a time
from many different accounts?
A. Data diddling
B. Pretexting
C. Spoofing
D. Salami technique
76. the chronological documentation showing the seizure, custody, control, transfer,
analysis, and disposition of physical or electronic evidence
A. chain of custody
B. Documentary Evidence
C. Demonstrative evidence
D. None of these
77. What is the best response of a forensic professional to an attorney who asks a
hypothetical question?
A. Provide the best answer possible given the evidence and appropriately
emphasis the hypothetical nature of the question.
B. Demonstrate anger and register a protest.
C. Refuse to answer the question.
78. Which of the following is least likely to be considered a financial reporting fraud
symptom, or red flag?
A. Grey directors.
B. Family relationships between directors or officers.
C. Large increases in accounts receivable with no increase in sales.
D. Size of the firm.
79. Which of the following is the indicator of deception while conducting Forensic
Interview
A. Quick, spontaneous answers
B. Consistent strong denial
C. Direct, brief answers
D. Hesitant
80. Which of the following is NOT one of the major types of fraud classification schemes?
A. Employee embezzlement
B. Government fraud
C. Investment scams
D. Customer fraud
81. The Auditor’s Responsibilities Relating to fraud in an audit of Financial Statements are
specified in :
A. SA 240
B. SA 250
C. SA 300
D. SA 450
82. Which of the following is not a characteristic of computer viruses?
A. They can lie dormant for a time without doing damage
B. They can mutate which increases their ability to do damage
C. They can hinder system performance
D. They are easy to detect and destroy
84. All of the following ratios are useful in detecting large revenue frauds except:
A. Gross profit margin.
B. Working capital turnover.
C. Accounts receivable turnover.
D. Current ratio.
85. The ratio that is computed by dividing the number of days in a period by the inventory
turnover ratio is:
86. According to the opportunity part of the fraud triangle, a person may do all of the
following acts except
87. The most common account(s) manipulated when perpetrating financial statement fraud
are:
A. Inventory
B. Expenses
C. Revenues
D. Accounts Payable
88. Which of the following is NOT a method that is used for identity theft?
A. Dumpster diving
B. Phishing
C. Shoulder surfing
D. Spamming
89. General financial statement fraud can be detected through
A. audit
B. Surprise audits /cash counts.
C. Data mining
D. All of the above
A. Auditing Skills.
B. Criminology.
C. Sociology
D. Information Technology
6 Which among the following are the three payroll fraud schemes
i) Ghost employees ii) Temporary employees
iii) Falsified overtime iv) Commission
A. i , ii & iii
B. i , iii & iv
C. ii , iii & iv
D. i , ii & iv
9 Which Standard on Auditing among the following describes the importance of red
flags:
A. SA 240
B. SA 210
C. SA 250
D. SA 260
10 The most popular software forensic tools include all of the following except:
A. Forensics Autopsy
B. QUICKEN
C. Forensics Toolkit
D. SMART
11 Hash values are used for which of the following purposes?
A. Determining file sizes
B. Filtering known good files from potentially suspicious data
C. Reconstruction file fragments
D. Validating that the original data hasn’t changed.
17 Which section of IT Act covers most of the common crimes arising out of “Unauthorised
Access”
A. Section 66
B. Section 67
C. Section 73
D. Section 74
18 The imaginary location where the word of the parties meets in conversation is referred
to as ________________.
A. Cyberspace
B. Space
C. Cyberdyne
D. Cybernet
19 Which of the following is not a method for stealing sales and receivables but a way of
using skimmed money
A. lon term skimming
B. short term skimming
C. Understated sales
D. Unrecorded sales
20 Which of the following sentence is true?
A. Lapping is the debiting one account and crediting of another account.
B. The legal definition of forgery includes only the signing of another person’s
name to a document with fraudulent intent.
C. Lapping is the crediting of one account through abstraction of money from
another account.
D. None of the Above
28 Hashing, filtering and file header analysis make up which function of digital forensics
tools?
A. Validation and Verification
B. Acquisition
C. Extraction
D. Reconstruction
32 In order for an act to be legally considered fraud it must be all of the following except:
A. A material fact
B. An injury or loss suffered by the victim
C. A false statement
D. No intend to deceive
33 The World‟s first computer-specific statute was enacted in 1970, by the German state,
in the form of a ___________________ .
A. Data Protection Act.
B. Cyber Law
C. Copy right
D. Patent right.
34 Which of the following should be covered in employee anti-fraud training?
A. The exact procedures management uses to detect fraud
B. A detailed explanation of the company’s anti-fraud control
C. Examples of past transgressions and how they are handled
D. All of the above
35 Jackson is a receiving clerk at a warehouse. His job is to count the number of units in
incoming shipments, record the figures in receiving reports, and forward copies of the
reports to the accounts payable department. One day, Jackson received a box of 20
laptop computers at the warehouse. His wife's computer just broke, so he stole one of
the computers from the box. To conceal his scheme, Jackson sent a receiving report to
accounts payable that 20 computers arrived, but he only recorded 19 on the copy of the
receiving report used for the inventory records. What type of scheme did Jackson
commit?
37 . On recent Windows installations, the standard location for storing critical system files
is ________.
A. C:/Program Files/
B. C:/System/
C. C:/Important/
D. C:/Windows/
40 . What is a “Hacktivist”?
A) Politically motivated hacker
B) Denial of service attacker
C) A proponent of Napster
D) A person engaging in an intentional act involving a computer in which
the person may have gained at the victim’s expense
41 . Which of the following individuals developed one of the first systems to define
computer crimes in 1976?
A) David Carter
B) Donn Parker
C) Jay Nelson
D) Robert Taylor
42 Which of the following is an example of a computer manipulation crime?
A) An intruder removes valuable information from a computer system.
B) Hacking
C) A person alters payroll records to attain a higher rate of pay.
D) Medical records are altered.
43 Employee life style changes (expensive car, jewelry) will come under which component
of Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say
44 Employee’s significant personal debt & credit problems will come under which
component of Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say
50 Which of the following is issued online for use over the Internet and is stored in an
electronic device such as a chip card or computer memory?
A. Hard Cash
B. Business Card
C. E-Cash
D. E- Card
51 With a view to facilitate ___________________, it is proposed to provide for the use and
acceptance of electronic records and digital signatures in the Govt. Offices and its
agencies.
A. Electronic Governance
B. Paper Governance.
C. Oral Testimony.
D. Mechanical Governance.
52 Data, record or data generated image or sound stored, received or sent in an electronic
form or micro film or computer generated micro fiche as per the [Sec., 2(t) of I.T. Act,
2000] means ______________________
A. Electronic Document.
B. Electronic Record
C. Hard Record
D. Hard Document.
53 Of the following, who should conduct physical observations of a company's inventory in
order to most effectively prevent inventory theft?
A. Warehouse personal
B. Purchasing agents
C. Purchasing supervisor
D. A sales representative
54 Which of the following fraudulent entries is most likely to be made to conceal the theft
of an asset?
57 On Linux and UNIX, the /home directory structure is the standard location for storing
________.
A. user installed applications
B. data specific to users
C. critical system files
D. temporarily deleted data
60 11. Which of the following is a computer crime that deprives the legitimate owner of a
tangible asset?
A. Hacking
B. Money laundering
C. Manipulating the price of a stock
D. Salami slice
61 12. Which of the following is not a similarity between real-world stalking and cyber
stalking?
A) Most victims are women.
B) Most stalkers are men.
C) The stalker and victim are near to each other.
D) Stalkers are generally motivated by the desire to control the victim.
62 High Employee turnover especially in areas vulnerable to fraud will come under which
component of Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say
A. Management
B. Government
C. Audit committee
D. Stakeholders/ Owners/Investors
72 Data is organized as files mostly because ________. (Choose the best answer)
A. computers cannot store very large files
B. it is easier for the computer to store many smaller chunks of data than it is to
store one large chunk of data
C. it is easier for people to store many smaller chunks of data than it is to store
one large chunk of data
D. people need to store their data with labels to make retrieval easier
73 13. Which of the following crimes may be facilitated by the use of a computer?
A. Loan-sharking
B. Drug rings
C. Prostitution rings
D. All of the above
76 Which two of the following answers do NOT describe the responsibility of the
memory manager?
A. Selecting which process to run
B. Allocating memory to processes
C. Swapping memory from RAM to Disk
D. Formatting newly allocated memory
III. Red Flag procedures must be implemented by individual departments. That means:
A. The procedures just have to be written and accessible to everyone.
B. The procedures have to be written and everyone needs to be trained to use
them.
C. The procedure & policy will be drafted
D. A & B Both
IV. Financial statement fraud is often attributed to pressures, such as all of the following
except:
A. Investment losses
B. Meeting analysts’ expectations
C. Deadlines, and cutoffs
D. Qualifying for bonuses
VI. Which of the following is not a required part of an Identity Theft Prevention Program?
A. Reasonable policies and procedures to identify potential “red flags”
B. A dedicated phone line for customers to call in identity theft reports.
C. Specific procedures to detect the “red flags” identified as potential threats.
D. A plan for regularly re-evaluating the program.
VII. The Red Flag Rules apply to anyone who deals with-
A. Financing and credit
B. Retail merchants
C. University healthcare practices
D. All of above
VIII. Under the Red Flag Rules, all “covered accounts” must be marked
A. Small red flag symbol
B. Riskier red flag symbol
C. Red flags indicating high impact on financial statement
D. None of the above
XIII. In the United States, approximately what percentage of software in use is pirated?
A. 90%
B. 75%
C. 26%
D. 10%
XIV. Is the science of ________________ is the science of acquiring, preserving, retrieving, and
presenting data that has been processed electronically and stored on computer media.
A. Anonymous remailing
B. Digital forensic analysis
C. Using a firewall
D. None of the above
XVI. Which of the following techniques do not help prevent computer crime?
A. Backups
B. Digital forensic analysis
C. Firewalls
D. Encryption
XVII. The type of forensics that involves analyzing information stored in a storage media such
as a hard drive
A. Disc Forensics
B. Network Forensics
C. Live forensics
D. Internet forensics
XVIII. There are three c's in computer forensics. Which is one of the three?
A. Control
B. Chance
C. Chains
D. Core
XXI. Of the following, who should conduct physical observations of a company's inventory in
order to most effectively prevent inventory theft?
A. Warehouse personal
B. Purchasing agents
C. Purchasing supervisor
D. A sales representative
XXII. The process by which several bidders conspire to split contracts up and ensure each gets
a certain amount of work is called
A. Bid pooling
B. Fictitious suppliers
C. Kickback payments
D. Bidding agreements
XXIII. Bribery schemes generally fall into two broad categories which are-
I. Kickbacks
II. Overbilling schemes
III. Bid rigging schemes
IV. Extortions
A. I and II
B. I and III
C. II and IV
D. II and III
XXIV. Which of the following is Indicator of truth while conducting a forensic Interview
A. Week Denials
B. Direct Brief Answers
C. Verbal attacks directed at Interviewer
D. Answering with a different question
XXVII. Which one of the following would be considered an informal written communication?
A. An electronic document such as a spreadsheet that is attached to an email update to
an attorney
B. An email that updates a peer investigator on the status of a particular case
C. A disk image that is sent to a peer investigator for review
D. An email that notifies an attorney that all evidence has been reviewed and analysed
XXVIII. Forensic reports are written to answer questions about which one of the following
topics? (Select the BEST answer)
A. Forensic investigations involving computer crime
B. All forensic investigations
C. Intrusion/Incident response and vulnerability assessment
D. All incidents involving investigations, vulnerability assessment, and intrusion
response
XXIX. What is the basic purpose of any digital forensic report? (Select the BEST response)
A. Report who did what and when.
B. Report the conclusion of the investigation.
C. Report what was done and what was found.
D. List or itemize the evidence.
XXX. The process of providing answers to the legal system is called ________.
A. Investigation
B. Evidence reporting
C. Question answering
D. Deposition
XXXI. Which one of the following question answers would NOT be found in the executive
summary portion of the forensic report?
A. Why the investigation was initiated
B. What forensic challenges were faced and overcome in the investigation
C. Who authorized the investigation
D. What significant results were found
XXXII. Which one of the following would NOT be included in the "full documentation" of
evidence collected?
A. Who collected the evidence
B. What evidence was collected
C. The version of software that produced the evidence
D. The procedure followed to collect the evidence
XXXIII. Which one of the following definitions best describes informal reports for digital
forensic investigations?
A. All written or electronic reports that document results from a digital forensic
investigation
B. Reports on investigations that are not made directly to a judge or jury
C. All oral reports that are presented to court in addition to all written or electronic
documents resulting from an investigation.
D. Reports on digital investigations made in casual attire to a board of directors or
one's employers
XXXIV. Why would a digital forensic expert be expected to write "absolutely nothing unless it is
a fact supported by evidence"?
A. It may confuse the forensic reporter who produces the final written report years
after the investigation concludes.
B. It is a principle of computer forensics to think through all statements before
committing them to paper or electronic document.
C. The evidence may later be excluded from the investigation.
D. It may be disclosed in discovery and inadvertently cast a shadow of doubt on
the case.
XXXV. Which one of the following is an example of formal oral reporting for a crime involving
digital computers?
A. Swearing-In
B. Record
C. Deposition
D. Testimony
XXXVI. Which officer in a company is most likely to be the perpetrator of financial statement
fraud?
A. Chief financial officer (CFO).
B. Chief operating officer (COO).
C. Chief executive officer (CEO).
D. Controller.
XXXVII. When looking for financial statement fraud, auditors should look for indicators of fraud
by:
A. Evaluating changes in financial statements.
B. Examining relationships the company has with other parties.
C. Examining operating characteristics of the company.
D. All of the above.
XXXVIII. The three aspects of management that a fraud examiner needs to be aware of include all
of the following except:
A. Their backgrounds.
B. Their religious convictions.
C. Their influence in making decisions for the organization.
D. Their motivations.
XXXIX. In the Phar-Mor fraud case, several different methods were used for manipulating the
financial statements. These included all of the following except:
A. Funneling losses into unaudited subsidiaries.
B. Recognizing revenue that should have been deferred.
C. Overstating inventory.
D. Manipulating accounts.
XL. Most financial statement frauds occur in smaller organizations with simple
management structures, rather than in large, historically profitable organizations.
This is because:
A. It is easier to implement good internal controls in a small organization.
B. Management fraud is more difficult to commit when there is a more formal
organizational structure of management.
C. People in large organizations are more honest.
D. Smaller organizations do not have investors.
XLI. Management fraud is usually committed on behalf of the organization rather than
against it. Which of the following would not be a motivation of fraud on behalf of an
organization?
A. CEO needs a new car.
B. Pressure to meet expected earnings.
C. Restructure debt covenants that can’t be met.
D. A highly competitive industry.
XLII. During an audit, an auditor considers the conditions of the auditee and plans the audit
accordingly. This is an example of which of the following?
A. Zero-order reasoning.
B. First-order reasoning.
C. Fraudulent reasoning.
D. High-order reasoning.
XLIII. In the context of strategic reasoning, if an auditor only follows the established audit
plan and does not consider other factors relating to the auditee, then this is an example
of which of the following?
A. Zero-order reasoning.
B. First-order reasoning.
C. Fraudulent reasoning.
D. Higher-order reasoning.
XLIV. In recent years, many SEC investigations have taken place on the improper issuance of
stock options to corporate executives. These practices increase executive compensation
at the expense of shareholders. This practice is known as:
A. Backdrafting stock options.
B. Stock option reversals.
C. Stock option extensions.
D. Backdating stock options.
9. Maximum Imprisonment Punishment for fraud for criminal liability as per Section 447
of Companies Act, 2013.
A. 3 Years
B. 5 Year
C. 7 Year
D. 10 Year
13. When conducting _________ analysis, the first step is to recover undeleted files.
A. Research
B. Forensic
C. Process
D. Security
14. Because the federal Red Flag Rules are so comprehensive, Minnesota’s state laws
concerning identity theft prevention no longer apply.
A. True
B. False
C. Depends on situation of identity theft
D. Can’t say
15. Theft of an employer’s property which was not entrusted to employee will be defined
as-
A. Lapping
B. Larceny
C. Check kitting
D. None of the above
16. A “habitual criminal” who steals for the sake of stealing is known as-
A. Psychotic
B. Egocentric
C. Ideological
D. Economic
17. A Personal prestige, goal achievement is termed as
A. Psychotic
B. Egocentric
C. Ideological
D. Economic
18. Which of the following statements is CORRECT: As per Beneish Model:
A. A score less than -2.22 indicates a strong likelihood of a firm being a
manipulator.
B. A score greater than -2.22 indicates a strong likelihood of a firm being a
manipulator.
C. A score between -2.22 and +2.22 indicates a strong likelihood of a firm being
a manipulator.
D. A score between -2.22 and +7.88 indicates a strong likelihood of a firm being
a manipulator.
27. ________________ is the science of acquiring, preserving, retrieving, and presenting data
that has been processed electronically and stored on computer media.
A. Anonymous remailing
B. Digital forensic analysis
C. Using a firewall
D. None of the above
31. Which of the following statements is true about a computer's boot process?
A. The boot process begins when the Central Processing Unit is initialized.
B. The user can accelerate the boot process by pressing "Windows" key (also
known as the turbo button).
C. The first process in Linux is called 'kernel'.
D. A Power-On Self-Test is performed once firmware is loaded
32. Which one of the following questions is NOT one to be answered by the investigation
plan?
A. Where is the evidence likely to be located?
B. What age is the suspect?
C. What local laws and court processes will affect this investigation?
D. What skills are needed to extract the evidence?
33. Vulnerability assessment experts will perform the task of ________. (Select the three that
apply)
A. assessing the prevalence of a known weakness by scanning entire networks
B. assessing the damage and impact of an exploited vulnerability
C. scanning hosts for known weaknesses and vulnerabilities
D. validating the integrity of the host or network equipment
34. Which three of the following would help investigators set the scope for strategies to
extract evidence from acquired images?
A. The password of the suspect
B. The type of files that are not sought by a warrant
C. The question or questions to be answered by the evidence
D. Items found in pockets of clothing owned by the suspect
36. Separation of duties within an investigation describes how _______ and _______ should be
accomplished by different staff.
A. collection of physical evidence / collection of digital evidence
B. extraction / acquisition
C. acquisition / validation
D. All of the above
37. In order to maintain the _________, both a single-evidence form and a multi-evidence
form are used to document and catalog evidence.
A. proper signatures
B. evidence validation
C. image reconstruction
D. chain of custody
38. According to the Federal Rules for Evidence (FRE) section 702, the opinion of an expert
witness can be based on all of the following EXCEPT ________.
A. the product of consultations from peers with other expertise
B. sufficient facts or data
C. the product of accepted and reliable principles or methods
D. application of accepted and reliable principles or methods
39. Which one of the following factors can sabotage the quality of digital evidence reports
between the investigation and the presentation of the evidence to a court?
A. A forensic professional reporting the work of a retired forensic investigator.
B. The promotion of the detective who had been leading a criminal investigation.
C. The procedures used to analyze the data may have been invalidated by court.
D. All of the above
40. The best evidence rule of a case is the expectation that the evidence of a case ________.
A. is the prime evidence that prove the theory of an attorney
B. has been collected with the best and most current software tools available
C. is the best and most scientific evidence collection procedures for that case
D. is the best available evidence given the nature of the case
41. Which three "off-the-job" characteristics below are used to determine the "quality" of
an expert witness?
A. Income level of the expert
B. The nature of the expert's morals
C. Compliance with laws expected of average citizens
D. Compliance with ethic standards for average citizens
44. Which of the following is NOT a way in which fraud can be committed?
A. By false representation
B. By failing to disclose information
C. By abuse of position
D. By obtaining property by deception
45. Audits, public record searches, and net worth calculations are used to gather what type
of evidence in fraud investigation?
A. Testimonial
B. Forensic
C. Documentary
D. Observation
47. Section 447 of the Companies Act, 2013 defines fraud - Any act/ omission/
concealment of any fact committed by any person or other person (third party) with
connivance in any manner with intent to deceive/ gain undue advantage or to injure
interest of:
A. Company
B. Shareholders
C. Creditors
D. All the Above.
48. Fine/Penalty Punishment for fraud for civil liability as per Section 447 of Companies
Act, 2013
A. Equal to the amount of fraud
B. 2 times of amount of fraud
C. 3 times of amount of fraud
D. 4 times of amount of fraud
49. Which of the following is an example of the crime of counterfeit credit card fraud?
A. An illegally obtained credit card is used to pay for a purchase
B. An illegally created credit card is used to pay for a purchase
C. An illegally altered credit card is used to pay for a purchase
D. A credit card is obtained and used based on false application information
57. A computer fraud and abuse technique that steals information, tradesecrets, and
intellectual property.
A. Cyber-extortion
B. Data diddling
C. Economic espionage
D. Skimming
58. Which of the following is a threat that organizations need to take account of in
cyberspace?
A. Password
B. Objectionable content filter
C. Denial of service attack
D. Firewall
59. Desperate need for money, greed, economic achievement termed as-
A. Psychotic
B. Egocentric
C. Ideological
D. Economic
60. Stealing money from one customer account & crediting into another customer account
is known as-
A. Lapping
B. Larceny
C. Check kitting
D. None of the above
61. Which among the following will not be an example of Green flag-
A. Auditee nice behavior with auditor during audit (eg. Offering drinks during
lunch)
B. Auditee is too much friendly with staff and vendors
C. Regular receipt of material of same qty
D. Employee with few or no payroll deductions
65. Employees with duplicate social security numbers, names and addresses, a-
A. Management Red flag
B. Red flag in purchasing
C. Red flag in payroll
D. Red flag in cash/ account receivable
A. Encryption
B. Sampling
C. Stratification
D. Steganography
A. Data classification
B. Data cleansing
C. Data Stratification
D. Data Analysis
3. The function (in Excel) which is useful in fetching value from another database; and
also useful for linking two databases is:
A. Sum if
B. V Lookup
C. H Lookup
D. Transpose
4. Which of the following is (are) success factor(s) in auditing huge voluminous data in
electronic form?
7. Flaws in data provided for audit can be detected through which of the following?
A. Detecting Missing/Gaps
B. Finding Duplicates
C. Both of the above
D. None of the above
8. The process of arranging data into homogenous group or classes according to some
common characteristics present in the data is called__________
A. Classification
B. Steganography
C. Encryption
D. Data recovery
A. Green flag
B. Red flags
C. All of the above
D. None of the above
12. Which of the following is NOT correct with regard to Benford’s law?
15. Which of the following is/are NOT a useful technique(s) in fraud detection?
16. To be successful, the Forensic team as a whole should have knowledge of which of the
following domains?
A. Law
B. Criminology
C. Accounting and investigative auditing
D. All of the above
17. Which of the following is Not a good quality of an effective forensic auditor?
A. Having specialized knowledge in accounting, audit, law and criminology domains
B. Possessing Communicative skills, Absolute clear thinking and Open mindedness
C. Deceit and distrust
D. Demonstrating tactic and investigative skills
18. Which of the following methods are employed to solicit information about a person’s
honesty?
A. Interview
B. Graphology
C. Voice Stress Test & Polygraphs
D. All of the above
A. Kinesics
B. Cognitive
C. Both
D. None
A. Objective in scope
B. Aimed at gathering information in fair and impartial manner
C. Being of sufficient ‘length and depth’
D. Ending on a negative note
22. People in crises demonstrate the following sequence of reactions?
A. Denial
B. Rationalisation
C. Acceptance
D. All of the above
23. Depending on the type of interviewees, they should be dealt with differently. Which
of the following describes the type(s) of interviewees?
A. Friendly
B. Neutral
C. Hostile
D. All of the above
24. The forensic audit team should include all the below mentioned EXCEPT-
A. Legal expert
B. Data Analyst
C. Accountant
D. Fraudster
25. Which of the below mentioned elements of conversation does NOT inhibit and
facilitate effective communication?
26. Which of the following is NOT an effective Mechanism while for a successful
interview?
A. Taking notes
B. Maintaining eye contact
C. Maintaining Privacy
D. Making overall opinions or impressions of a witness
27. Which of the following is (are) types of questions that can be used in an interview?
A. Informational
B. Assessment
C. Admission seeking
D. All of the above
29. The most cost-effective way to minimize the total cost of fraud is
A. Investigation
B. Detection
C. Prevention
D. Prosecution
31. Which of the following statements is most correct regarding errors and fraud?
37. Which of the following categories of entities are obliged to comply with the requirements
under the Prevention of Anti Money Laundering Act (PMLA)?
A. Banking Companies
B. Financial Institutions
C. Intermediaries
D. All of the above
38. Which of the following \obligations are covered under the Prevention of Anti Money
Laundering Act (PMLA)?
A. Maintenance of Records
B. Furnishing of information
C. Verification of identity of the clients.
D. All of the above
E. A score between -2.22 and +7.88 indicates a strong likelihood of a firm being a
manipulator.
F. A score greater than -2.22 indicates a strong likelihood of a firm being a
manipulator.
G. A score between -2.22 and +2.22 indicates a strong likelihood of a firm being a
manipulator.
H. A score less than -2.22 indicates a strong likelihood of a firm being a
manipulator.
44. Which of the following statements is true about a computer's boot process?
A. The boot process begins when the Central Processing Unit is initialized.
B. The user can accelerate the boot process by pressing "Windows" key (also known
as the turbo button).
C. The first process in Linux is called 'kernel'.
D. A Power-On Self-Test is performed once firmware is loaded
45. Assessing the damage and impact of an exploited vulnerability is the task performed
by:
A. Vulnerability assessment experts
B. System architects
C. Computer operators
D. Application development programmers
46. In order to maintain the _________, both a single-evidence form and a multi-evidence
form are used to document and catalog evidence.
A. Proper signatures
B. Evidence validation
C. Image reconstruction
D. Chain of custody
47. As per the Report to the Nations 2014, issued by the ACFE, impact of the Fraud
(Globally) is estimated as:
A. 0.5%
B. 2.5%
C. 5%
D. None of the above
48. Audits, public record searches, and net worth calculations are used to gather what
type of evidence in fraud investigation?
A. Testimonial
B. Forensic
C. Documentary
D. Observation
A. Management evidence
B. Documentary evidence
C. Testimonial evidence
D. Physical evidence
50. Section 447 of the Companies Act, 2013 defines fraud - Any act/ omission/
concealment of any fact committed by any person or other person (third party) with
connivance in any manner with intent to deceive/ gain undue advantage or to injure
interest of:
A. Company
B. Shareholders
C. Creditors
D. All of the Above.
51. Which of the following is an example of the crime of counterfeit credit card fraud?
A. An illegally obtained credit card is used to pay for a purchase
B. An illegally created credit card is used to pay for a purchase
C. An illegally altered credit card is used to pay for a purchase
D. A credit card is obtained and used based on false application information
A. Data Mining
B. Phreaking
C. Data Didling
D. Spamming
A. war dialing
B. war driving
C. war chalking
D. war walking
A. Piggy backing
B. Identity theft
C. Spoofing
D. Shoulder surfing
55. The computer crime of piggybacking
A. Worm
B. Botnet
C. Key logger
D. Virus
57. Which of the following is a method used to embezzle money a small amount at a time
from many different accounts?
A. Data diddling
B. Pretexting
C. Spoofing
D. Salami technique
58. Which of the following is NOT a method that is used for identity theft?
A. Dumpster diving
B. Phishing
C. Shoulder surfing
D. Spamming
59. Stealing money from one customer account & crediting into another customer
account is known as-
A. Skimming
B. Lapping
C. Larceny
D. None of the above
A. Hash totals
B. Sub-totals
C. Batch totals
D. Encrypted values
A. Rationalisation
B. Pressure
C. Opportunity
D. All of the above
63. Section 301 of the SOX requires that the auditor should report directly to ______.
A. Management
B. Government
C. Audit committee
D. Regulatory inspectors
64. According to the opportunity part of the fraud triangle, a person may do all of the
following acts except:
65. A system of checks and balances between management and all other interested parties
with the aim of producing an effective, efficient, and law-abiding corporation is
known as:
A. Process efficiency
B. Performance improvement
C. Code of conduct
D. Corporate governance
66. The Sarbanes-Oxley Act is also known as?
68. Employee’s behavioral changes (alcohol, gambling) will come under which
component of Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. None of the above
70. Which of the following need(s) to be performed after the red flags of ID theft is
identified?
A. Mechanical format.
B. Electronic format
C. Paper
D. None of the above
72. The World‟s first computer-specific statute was enacted in 1970, by the German
state, in the form of a ___________________ .
73. ____________________ is a generic term which refers to all the legal and regulator
aspects of Internet and the World Wide Web
A. Merchant Law
B. Cyber Café
C. Cyber Law
D. Electronic Law
74. A virus can infect a system by:
75. Which of the following are relevant/related to the area of fraud and forensics?
76. For a thing to be termed as ‘counterfeit’, there should be some sort of resemblance sufficient
to cause deception. Which of the following are the main ingredients of the term ‘counterfeit’
as laid down under Section 28 of IPC
A. Causing one thing to resemble another thing.
B. Intending by means of such resemblance to practice deception.
C. Knowing it to be likely that deception will thereby be practiced
D. All of the above
77. A case of mischief under Section 425 is essentially governed with a criminal intent to cause
wrongful loss or damage to a person, or a criminal intent to commit any offence to intimidate
any person in possession of a property. Which of the following are the essential ingredients
of the term?
A. Intention or knowledge of the likelihood to cause wrongful loss or damage to the
public or to any person.
B. Causing the destruction of some property or any change in it or in its situation
C. Such destruction or change must destroy or diminish its value
D. All of the above
78. Which of the following construed(s) reason(s) for suspicion for a bank under the Prevention
of Anti Money Laundering Act (PMLA)?
A. Value just under the reporting threshold amount in an apparent attempt to avoid reporting
B. Frequent purchases of drafts or other negotiable instruments with cash
C. Both A & B
D. Neither A nor B
80. The Foreign Corrupt Practices ACT (FCPA) of the USA permits small facilitation payments
to secure performance of non-discretionary foreign government services vide its 1988
amendments. These payments are called__________
A. Watergate payments
B. Handshake payments
C. Grease payments
D. Corrupt payments
A. Logic bombs
B. Trojan horse
C. Money mules
D. Denial of Service
A. Risk mitigation
B. Risk avoidance
C. Risk acceptance
D. All of the above
83. Which of the following is (are) generally used for designing and implementing control
framework in an organisation?
A. COSO
B. COBIT
C. Both COSO and COBIT
D. None of the above
84. COSO Integrated Framework of Internal Controls has _____ number of components
A. 5
B. 4
C. 8
D. 6
A. Supply side
B. Demand side
C. Both A & B
D. Neither A nor B
86. Which of the following is Not a term that represents phases in the Money laundering?
A. Integration
B. Demonitisation
C. Layering
D. Placement
A. A Trojan horse
B. Hacking
C. Social engineering
D. Scavenging
88. The type of forensics that involves analyzing information stored in a storage media such as a
hard drive
A. Disc Forensics
B. Network Forensics
C. Live forensics
D. Internet forensics
89. Which of the following schemes refers to the falsification of personnel or payroll records,
causing paychecks to be generated to someone who does not actually work for the victim
company?
A. Falsified salary scheme
B. Record alteration scheme
C. Ghost employee scheme
D. Inflated commission scheme
90. Which of the following is the indicator of deception while conducting Forensic
Interview
A. Quick, spontaneous answers
B. Consistent strong denial
C. Direct, brief answers
D. Hesitant
91. Forensic Interviewing Techniques does not include which of the following?
A. Investigation
B. Polygraph test
C. Physical Behaviour Analysis
D. Disk Imaging
92. Which of the following are performed by auditors When looking for financial
statement fraud?
93. Which of the following is (are) forensic audit test(s) that help (s) detecting fraud?
A. Luhn’s Algorithm
B. Benford’s Law
C. RSF
D. All of the above.
94. The term used to describe the legal issues related to use of communication technology,
particularly the Internet is called ________.
A. Cyberspace
B. Cyberlaw
C. Cyberwar
D. Cyberattack
95. FATF’s Recommendations are recognized as the global anti-money laundering (AML) and
counter-terrorist financing (CFT) standard. These recommendations are ________ in total
number.
A. 29
B. 49
C. 59
D. 39
A. International court
B. Regulatory body governing its international stock exchange members
C. Policy-making body
D. A wing of Interpol issuing red alerts across the globe
97. Which of the following is NOT true as per the Indian Evidence Act?
A. The law of evidence is the same in civil and criminal proceedings
B. Evidence must be confined to the matter in issue;
C. Hearsay evidence must be admitted
D. Best evidence must be given in all cases.
98. Forensic accounting is BROADER than Fraud Examination in the sense it covers variety of
Other services such as:
a) Transaction tracing
b) Data Analysis
c) Damage analysis
d) Business valuation
99. Section 415 of the IPC defines Cheating. Which of the following form(s) part of the definition
of Cheating?