QUESTIONS & ANSWER KEYS

(STATEMENT IN BOLD, UNDERLINED & RED MARKED ARE ANSWER KEYS)

DAY 7

1. Entries in the books of accounts are-

A. Sufficient Evidence to charge any person with liability.
B. Relevant Evidence even if the books of accounts are not regularly kept in
business.
C. Neither relevant nor sufficient evidence.
D. Relevant Evidence if the books of accounts are regularly kept in business.

2. XYZ Company Private Limited has overstated the amount of Sales and Debtors in the
financial statements for the year 2015-16 so as to avail the enhancement in the cash
credit limit from a bank has committed crime under Indian Penal Code of-
A. Criminal Breach of Trust.
B. Impersonation.
C. Theft.
D. Falsification of Accounts.

3. Mr. L.K. Zori a non-chartered accountant signed the audit report of a company in the
name of S M T & COMPANY Chartered Accountant pretending to be a Partner of it, he
has committed Crime under Indian Penal Code of-
A. Impersonation.
B. Misappropriation.
C. Criminal Breach of Trust.
D. Falsification of Accounts.

4. The confession of an accused person against co-accused could be-

A. Weak evidence.
B. Strong evidence.
C. No evidence.
 D. Sufficient evidence.

5. Mr. Anuj has created fake email account in the name of ISB Bank and send emails to
customers of bank asking for account related information. Mr. Anuj committed a
crime under Information Technology Act of-
A. Cheating by personation.
B. Identity Theft.
C. Data Theft.
D. Receiving stolen computer resource.

6. Evidence may be submitted for-

A. Any Fact.
B. Facts in Issue and Relevant Fact.
C. Only Relevant Fact.
D. Only for Facts in Issue.

7. As per section 65B (2) of Indian Evidence Act which of the following is not a legal
condition for producing an electronic record as an Evidence-
A. The computer output containing the information was produced by the
computer during the period over which the computer was used regularly to
store or process information for the purposes of any activities regularly carried
on over that period by the person having lawful control over the use of the
computer
B. During the said period, information of the kind contained in the electronic
record or of the kind from which the information so contained is derived was
regularly fed into the computer in the ordinary course of the said activities
C. Throughout the materiel part of the said period, the computer was operating
properly or, if not, then in respect of any period in which it was not operating
properly or was out of operation during that part of the period, was not such
as to affect the electronic record or the accuracy of its contents.
 D. In any proceedings where it is desired to give a statement in evidence by
virtue of this section, a certificate identifying the electronic record containing
the statement and describing the manner in which it was produced.

8. Cyber Forensic Investigation Process consists of-

A. Imaging- Copy-Analysis-Communication.
B. Identification- Preservation- Collection-Analysis-Communication.
C. Imaging- Cloning- Documenting- Communication.
D. Searching- Extracting- Imaging- Cloning- Analysis.

9. Which of the following is not the cybercrime as per Information Technology Act 2008-
A. Fraudulently or dishonestly using pen drive (containing virus) to a computer
and spreading virus which will alter, destroy the stored data.
B. Fraudulently or dishonestly sending the mail attachment containing virus.
C. Stealing of Source Code in the software Development Company.
D. Fraudulently or dishonestly making a false document.

10. Volatile Data Means-

A. Data that would be lost if the computer is turned on.
B. Data that would lose integrity if the computer is turned on.
C. Data that would be lost if the computer is turned off.
D. Data that would remain intact if the computer is turned off.

11. As per the Information Technology Act (Amended) 2008, a body corporate shall be
liable to pay compensation for failure to protect data to person so affected-
A. Not exceeding seven crore rupees.
B. Not exceeding two crore rupees.
C. Not exceeding five crore rupees.
D. Not exceeding one crore rupees.
12. A software maintenance engineer appointed in a bank internationally altered source
code of the CBS application so as to deposit daily Rs. 5000/- into his saving account
from banks suspense account-
A. Is a crime under section 43 (b) for data theft under Information Technology Act
2008.
B. Is a crime under section 65 Tampering with Computer Source under
Information Technology Act 2008.
C. Is a crime under section 66 (c) for identity theft under Information Technology
Act 2008.
D. Is a crime under section 66 (d) for cheating by personation under Information
Technology Act 2008.

13. Which of the following agency is set up under Information Technology Act in India-
A. Financial Intelligence Unit of India
B. Unique Identification Authority of India
C. Indian Computer Emergency Response Team
D. National Intelligence Grid.

14. Whoever, being in any manner entrusted with property, or with any dominion over
property, dishonestly converts to his own use that property is a following type of crime
under Indian Penal Code-
A. Impersonation
B. Theft
C. Criminal Breach of Trust
D. Forgery
 15. Which of the Following statement is True-
A. Wrongful Loss means the loss by lawful means of property to which the
person losing it is legally entitled.
B. Wrongful Loss means the loss by unlawful means of property to which the
person losing it is legally entitled.
C. Wrongful Loss means the loss by unlawful means of property to which the
person losing it is not legally entitled.
D. Wrongful Loss means the lawful gain of property to which the person gaining
it is legally entitled.

Day 6

1. Which of the algorithms can be used for Hashing ?

1. MD5
2. SHA
3. RSA
4. Both 1 and 2

2. SSD is a type of:

1. RAM
2. Hard Disk
3. Motherboard
4. Processor

3. Chain of Custody form contains which of the following:

1. Evidence Details
2. Hash Values
3. IP Address
4. RAM Contents

4. What is the most significant legal issue in computer forensics?

A. Preserving Evidence
B. Seizing Evidence.
C. Admissibility of Evidence.
D. Discovery of Evidence.

5. Which of the following is a proper acquisition technique?

A. Disk to Image
B. Disk to Disk
C. Sparse Acquisition
D. All of the above

6. _____________ devices prevent altering data on drives attached to the

suspect computer and also offer very fast acquisition speeds.
A. Encryption
B. Imaging
C. Write Blocking
D. Hashing

7. Traditional crimes that became easier or more widespread because of

telecommunication networks and powerful PCs include all of the following
except
A. Money laundering
B. Illegal drug distribution
C. DoS attacks
D. Child pornography

8. To verify the original drive with the forensic copy, you use __________.
A. a password
B. a hash analysis
C. disk to disk verification
D. none of the above

9.As a good forensic practice, why would it be a good idea to wipe a forensic
drive before using it?
A. Chain of Custody
B. No need to wipe
C. Different file and operating systems
D. Cross-contamination

10. The ability to hide data in another file is called

A. Encryption.
B. Steganography.
C. Data parsing.
D. A and B.

11.USB drives use ______________.

A. RAM memory
B. Cache memory
C. Flash memory
D. None of the above

12. When shutting down a computer, what information is typically lost?

A. Data in RAM memory
B. Running processes
C. Current network connections
D. All of the above
13. Which of the following is not a type of volatile evidence?
A. Routing Tables
B. Main Memory
C. Log files
D. Cached Data

14. In establishing what evidence is admissible, many rules of evidence

concentrate first on the _____________ of the offered evidence.
A. Relevancy
B. Search and Seizure
C. Material
D. Admissibility

15. In which case, forensics fails:

A. Formatting of disk
B. Copying of Disk
C. Overwriting on Disk
D. Imaging of Disk

Day 5

1. ____________ is the property of safeguarding the accuracy and completeness of assets

A. Integrity
B. Availability
C. Confidentiality
D. Authenticity

2. Transmission Threats includes following attacks:

A. Eavesdropping
B. Buffer Overflow
C. Spying
D. Password Crackers

3. SQL Injection is _____________

A. Application Threat
B. Physical Threat
C. Malicious Code
D. Mobile Code

4. Why is security a low priority ?

A. Convenience
B. Cost
C. Open Architecture
D. All the Above

5. Arrange the following to make the life cycle of an attack:

1. Information Gathering
2. Clearing Tracks
3. Scanning
4. Maintaining Access

A. 1,2,3,4
B. 1,3,4,2
C. 2,3,1,4
D. 4,1,2,3

6. The clever manipulation of human tendency to trust is:

A. Reverse Engineering
B. Physical Spying
C. Shoulder Surfing
D. Social Engineering

7. Section __________ of IT Act mentions about Data Privacy:

A. 43
B. 43A, 72AD
C. 69A, 69B, 70B
D. 67C

8. Email Spoofing is punishable under Section _______ of IT Act:

A. 66C
B. 66D
C. 66
D. 66A

9. A_____________ vulnerability is an undisclosed computer-software vulnerability that

hackers can exploit to adversely affect computer programs, data, additional computers or a
network
A. Malware
B. Zero Day
C. Adware
D. Logic Bombs

10. Which of the following attack is an Application Threat ?

A. Buffer Overflow
B. Stuxnet
C. Zeus
D. Denial of Service
11. _______________ is an example of a private IP address.
A. 10.0.0.1
B. 189.10.90.108
C. 22.10.10.01
D. 193.101.90.111

12. 127.0.0.1 is an example of a ____________

A. MAC Address
B. Loopback Address
C. Dynamic Address
D. Hardware Address

13. Which of the following can be spoofed ?

A. IP Address
B. MAC Address
C. E-Mail
D. All of the above

14. Below methods can be included in phishing

a. Social Engineering
b. Fake website
c. Fake accounts
d. All of the above

15. Dark web is used for

a. Host a website
b. Sell illegal information
c. Send anonymous email
d. All of the above.

DAY 1-2-3-4

1. Forensic Accounting is essentially:

a. Accounting in a way to detect fraud
b. Auditing in a way to gather evidence
c. Investigating in a way to get different evidence
d. Combination of accounting, auditing, and investigative skills to gather
evidence usable in a court of law

2. Forensic Accountants
a. Rely on documentary evidence only
b. Rely on circumstantial and documentary evidence
c. Rely on explanations and interviews and field inspections
d. Collect and examine the reliability any kind of of evidence collected
3. The three useful characteristics which forensic accountants need to have are:
a. Professional Skepticism, perseverance, and aggression
b. Professional skepticism, three dimensional vision, and tact
c. Tact, perceptive skills, three dimensional vision
d. Aggression, perseverance, perceptive skills

4. Forensic accountant must:

a. Have capability of performing digital forensics
b. Have the tools to perform digital forensics
c. Have investigation software to perform an investigation
d. Have the knowledge of applying any or all of the above irrespective of
whether he possesses them or outsources them

5. Methods of investigation in a fraud investigation case:

a. Must be systematic and as laid down in past cases
b. Must be applied as determined by the leader of a team
c. Must be novel and adapted to the needs of a situation based on team
discussions
d. All of the above
6. Signature forgery can best be spotted by:
a. Juxtaposition and Comparison of signatures on two documents
b. Juxtaposition and Comparison of a signature on a document with specimen
signature
c. Juxtaposition and comparison of signatures on several documents
d. Any of the above
7. Which of the following are the best for a comprehensive investigation
a. Data vouching, trend analysis,
b. Trend analysis and tests of logic and absurdities
c. Data vouching and tests of impossibilities
d. All of the above to the extent possible in every case
8. Luhn’s algorithm is
a. A tool to find out valid credit card numbers
b. A tool to find out invalid debit card numbers
c. A tool to find valid or invalid debit cards/credit cards
d. None of the above
9. Red flags are
a. Symptoms of satisfactorily operating controls
b. Clear Indicators of a fraud attack
c. Early warning bells of something amiss which could be a fraud or error or
nothing at all
d. Clear indicator of an error but not fraud
10. Green Flags are:
a. ‘All is well’ signals
b. Everything is too good to be true. Fraud or error very likely
c. “Nothing is wrong’ signals
 d. None of the above
11. Fraud occurs because of
a. Opportunity
b. Perceived safety
c. Spirit of adventure
d. Any of the above

12. When does field investigation commence:

a. Before the commencement of the assignment
b. After the completion of the documentary review
c. Anytime as may deemed fit during the course of the assignment
d. None of the above

13. Which of the following is the MOST effective:

a. Only documentary audit
b. Only Field Investigation
c. Both Documentary review & Field Investigation if timed appropriately
d. None of the above

14. Which of the following is the BEST method during Covert Field audit:
a. Third Party inquiries for the purposes of background checks
b. Surveillance
c. Sting Operations- direct
d. Sting Operations- indirect

15. Which of the following would help in Upfront Field Audits:

a. Reference Checks
b. Third party confirmations for accounts, corroborations
c. Statutory verifications by inquiries with authorities
d. All of the above

16. Which of the following is NOT a tool for Field Investigation:

a. Voice Pen
b. Mobile phones or hidden cameras with specially designed bags
c. Ledger Account of a Party
d. Computer hidden cameras

17. Which of the following is the MOST IMPORTANT consideration at the time of
Interviewing & Field Investigation:
a. Privacy rights
b. Employee rights and to ensure that an innocent employee has adequate
protection
 c. Try and keep an HR person/ Legal representative always present when
interrogating at least
d. All of the above

18. Find the odd man out, as regards DO’s at the time of an interview:
a. ask the 5W+H (where, why, what, when, who + how) questions
b. keep questions simple and short
c. be judgmenta lrelying on facts as much as possible
d. follow up on your questions

19. Which of the following are the DO’s of Interviewing:

a. keep the interviewee on the track, interrupt him when he's divagating
b. expose contradictions in the answers, especially between general and specific
answers
c. be persistent
d. All of the above

20. INERROGATION starts where interviewing ends :

a. True
b. False
c. Could be possible
d. None of the above

21. A Successful Interrogator should have:

a. An ability to bluff
b. Knowledge of human behavior, the suspect, and the case
c. Non-judgmental attitude toward suspect
d. All of the above

22. An interview, at times, could be an interrogation but can it be vice versa:

a. True
b. False
c. Situation based
d. All of the above

23. A successful interrogation can accomplish which of the following objectives:

a. Obtaining facts
b. Eliminating the innocent & identifying the guilty
c. Obtaining a confession
d. All of the above
24. What are the characteristics of an interrogation:
a. Planning critical
b. Controlling surroundings critical
c. Absolute privacy essential
d. All of the above

25. What are the characteristics of an interview:

a. Establishing rapport important
b. Careful listening
c. Proper documentation
d. All of the above

26. Which of the following is the odd man out during an interview:
a. Purpose to obtain information
b. Hostile relationship between interviewer & subject likely
c. Minimal or no pre-interview legal requirements
d. No rights warning

27. Which of the following situation/s is/are a misfit during an interrogation:

a. No guilt or guilt uncertain
b. Moderate planning or preparation
c. Private or semi private environment desirable
d. All of the above

28. Which of the following would be the FIRST sought after point in an pre-interrogation
checklist:
a. Field & documentary evidence collected
b. The modus operandi of the perpetrator
c. Possible motive
d. Names of the persons having knowledge

29. Which of the following is/are the basic technique/s to elicit information:
a. Report everything, no matter how minor or unimportant it may appear
b. Recall events in different order
c. Change perspective by looking at the event from the standpoint of a third
person
d. All of the above
30. Which of the following can form a part of the interrogation process:
a. Composing and asking questions
b. Recognizing and coping with deception
c. Verbal & Non-verbal signs and statement analysis
d. All of the above

31. Which of the following interrogation approach/es could be adopted as BEST:

a. Logical
b. Sympathetic & Emotional
c. Indirect
d. Playing one suspect against another

32. Which of the following tips on listening would be useful during interrogation:
a. Investigators can conduct a successful interview only if good listeners
b. As valuable a tool as questioning
c. To be effective, one must be an active listener
d. All of the above

33. Which of the following is the only advantage as regards making notes during an
interview:
a. Prevents need for re-interviewing
b. May distract or offend witness
c. May preoccupy interviewer, creating appearance of inactiveness
d. May cause interviewer to miss non-verbal messages.

34. Which of the following is/are the advantage/s of handwritten or signed statements
by witness:
a. Useful if witness cannot testify
b. Can be used to impeach if witness changes story
c. Can be an added tool at the time of final presentation
d. All of the above

35. Which of the following is/are the advantage/s of sound or sound and visual
recording:
a. All information recorded in witnesses’ own words
b. Does not rely on inaccuracies of memory or another’s notes
c. Does not distract
d. All of the above
36. Which of the following is the ONLY disadvantage as regards video-audiotape or
movie during an interrogation:
a. Shows all, including fairness, procedures and treatment
b. Maybe some legal constraints and at times quality equipment may be costly
c. Easy to do
d. Can be relatively inexpensive

37. What is the ONLY advantage as regards audio recording during an interrogation:
a. Can infer fairness
b. Some words or descriptions may be meaningless without any pictorial
support
c. Necessitates identifying people
d. Necessitates things involved

38. What is the ONLY advantage as regards getting statement written and signed in the
suspect’s own handwriting:
a. Cant see demeanor
b. Cant hear voice inflections
c. Can be identified as coming directly from the suspect
d. Suspect may not agree to procedure

39. What is the ONLY disadvantage as regards getting typed unsigned statement
acknowledged by the suspect:
a. Contents of confession are present
b. Reduced believability of voluntariness and accuracy of contents
c. Contents of admission are present
d. Acknowledgements help show voluntariness.

40. Which of the following is/are the interrogation strategy/ies:

a. Tricks to learn the truth from lying suspects
b. From first admission to full confession
c. How to maneuver past pitfalls when testifying
d. All of the above

41. Which of the following is/are the step/s to successful interrogation:

a. The Positive Confrontation
b. Theme Development
c. Handling Denials
d. All of the above
42. Which of the following is/are the step/s to successful interrogation:
a. Overcoming Objections
b. Procuring and Retaining the Suspect's Attention
c. Handling the Suspect's Passive Mood
d. All of the above

43. Which of the following is/are the step/s to successful interrogation:

a. Presenting an Alternative Question
b. Detailing the Offense
c. Elements of Oral and Written Statements
d. All of the above

44. Which of the following is/are the stage during interrogation:

a. Defiant
b. Neutral
c. Acceptance & Profiling Suspects
d. All of the above

45. Which of the following is/are the behaviour symptom analysis:

a. Evaluating attitudes
b. Evaluating verbal & nonverbal behavior
c. Evaluating paralinguistic behavior
d. All of the above

46. Which of the following is/are the main purpose of interview / interrogation:
a. Establish Facts(Who, What, When, Where, and Why)
b. Identify the guilty party / parties
c. Obtain confession from the guilty (verbal & written) & establish a suspect
d. All of the above

47. What % of subjects may not confess during interrogations:

a. 0
b. 5
c. 10
d. None of the above

48. Which of the following is/are the phases of interrogation:

a. Reducing resistance
b. Obtaining & Development of Admission
c. Professional Close
 d. All of the above

49. Which of the following method/s could be used during interviewing:

a. Sweet & Sour
b. Factual
c. Bluff
d. None of the above

50. Interrogation of an emotional offender is easier to a non-emotional one:

a. True
b. False
c. Cant say, sometimes
d. None of the above

51. Apart from Interviewing & Interrogation, which of the following would give some
amount of information:
a. Use of informants
b. Undercover / Sting operations
c. Surveillance
d. All of the above