Chapter 6

Accounting Information Systems, 12e (Romney/Steinbart)
Chapter 6 Computer Fraud and Abuse Techniques

1) Wally Hewitt maintains an online brokerage account. In early March, Wally received an email from
the firm that exlained that there had been a comuter error and that rovided a hone number so that
Wally could verify his customer information. When he called, a recording asked that he enter the code
from the email, his account number, and his social security number. !fter he did so, he was told that he
would be connected with a customer service reresentative, but the connection was terminated. He
contacted the brokerage comany and was informed that they had not sent the email. Wally was a victim
of
!) "luesnarfing.
") slogging.
#) vishing.
$) tyos%uatting.
!nswer& #
'age (ef& 1)*
+b,ective& -earning +b,ective .
$ifficulty & /asy
!!#0"& !nalytic
.) When a comuter criminal gains access to a system by searching records or the trash of the target
comany, this is referred to as
!) data diddling.
") dumster diving.
#) eavesdroing.
$) iggybacking.
!nswer& "
'age (ef& 1)1
$ifficulty & /asy
!!#0"& !nalytic
2) 3erry 0chneider was able to amass oerating manuals and enough technical data to steal 41 million of
electronic e%uiment by
!) scavenging.
") skimming.
#) Internet auction fraud.
$) cyber extortion.
!nswer& !
'age (ef& 1)1
$ifficulty & /asy
!!#0"& !nalytic
1
#oyright 5 .61. 'earson /ducation, Inc. ublishing as 'rentice Hall
7) ! art of a rogram that remains idle until some date or event occurs and then is activated to cause
havoc in the system is a
!) tra door.
") data diddle.
#) logic bomb.
$) virus.
!nswer& #
'age (ef& 181
+b,ective& -earning +b,ective 2
$ifficulty & /asy
!!#0"& !nalytic
)) 9he unauthori:ed coying of comany data is known as
!) data leakage.
") eavesdroing.
#) mas%uerading.
$) hishing.
!nswer& !
'age (ef& 1)7
$ifficulty & /asy
!!#0"& !nalytic
8) #omuter fraud eretrators who use telehone lines to commit fraud and other illegal acts are
tyically called
!) hackers.
") crackers.
#) hreakers.
$) ,erks.
!nswer& #
'age (ef& 1)7
$ifficulty & /asy
!!#0"& !nalytic
*) What is a denial of service attack;
!) ! denial of service attack occurs when the eretrator sends hundreds of messages from randomly
generated false addresses, overloading an Internet service rovider<s e=mail server.
") ! denial of service attack occurs when an e=mail message is sent through a re=mailer, who removes
the message headers making the message anonymous, then resends the message to selected addresses.
#) ! denial of service attack occurs when a cracker enters a system through an idle modem, catures the
'# attached to the modem, and then gains access to the network to which it is connected.
$) ! denial of service attack occurs when the eretrator e=mails the same message to everyone on one
or more >senet newsgrous -I090/(? lists.
!nswer& !
'age (ef& 1)6
$ifficulty & Moderate
!!#0"& !nalytic
.
@) Aaining control of someone else<s comuter to carry out illicit activities without the owner<s
knowledge is known as
!) hacking.
") hi,acking.
#) hreaking.
$) sniffings.
!nswer& "
'age (ef& 1)6
$ifficulty & /asy
!!#0"& !nalytic
1) Illegally obtaining and using confidential information about a erson for economic gain is known as
!) eavesdroing.
") identity theft.
#) acket sniffing.
$) iggybacking.
!nswer& "
'age (ef& 1)8
$ifficulty & /asy
!!#0"& !nalytic
16) 9aing into a communications line and then entering the system by accomanying a legitimate user
without their knowledge is called
!) suer:aing.
") data leakage.
#) hacking.
$) iggybacking.
!nswer& $
'age (ef& 1)2
$ifficulty & /asy
!!#0"& !nalytic
11) Which of the following is not a method of identify theft;
!) 0cavenging
") 'hishing
#) 0houlder surfing
$) 'hreaking
!nswer& $
'age (ef& 1)7
$ifficulty & /asy
!!#0"& !nalytic
2
1.) Which method of fraud is hysical in its nature rather than electronic;
!) cracking
") hacking
#) eavesdroing
$) scavenging
!nswer& $
'age (ef& 1)1
$ifficulty & /asy
!!#0"& !nalytic
12) Which of the following is the easiest method for a comuter criminal to steal outut without ever
being on the remises;
!) dumster diving
") by use of a 9ro,an horse
#) using a telescoe to eer at aer reorts
$) electronic eavesdroing on comuter monitors
!nswer& $
'age (ef& 1)1
$ifficulty & /asy
!!#0"& !nalytic
17) 9he decetive method by which a eretrator gains access to the system by retending to be an
authori:ed user is called
!) cracking.
") mas%uerading.
#) hacking.
$) suer:aing.
!nswer& "
'age (ef& 1)2
$ifficulty & /asy
!!#0"& !nalytic
1)) 9he unauthori:ed access to, and use of, comuter systems is known as
!) hacking.
") hi,acking.
#) hreaking.
$) sniffing.
!nswer& !
'age (ef& 171
$ifficulty & /asy
!!#0"& !nalytic
7
18) ! fraud techni%ue that slices off tiny amounts from many ro,ects is called the BBBBBBBB techni%ue.
!) 9ro,an horse
") round down
#) salami
$) tra door
!nswer& #
'age (ef& 1)7
$ifficulty & /asy
!!#0"& !nalytic
1*) $ata diddling is
!) gaining unauthori:ed access to and use of comuter systems, usually by means of a ersonal
comuter and a telecommunications network.
") unauthori:ed coying of comany data such as comuter files.
#) unauthori:ed access to a system by the eretrator retending to be an authori:ed user.
$) changing data before, during, or after it is entered into the system in order to delete, alter, or add key
system data.
!nswer& $
'age (ef& 1)7
$ifficulty & /asy
!!#0"& !nalytic
1@) 0yware is
!) software that tells the user if anyone is sying on his comuter.
") software that monitors whether sies are looking at the comuter.
#) software that monitors comuting habits and sends the data it gathers to someone else.
$) none of the above
!nswer& #
'age (ef& 1)1
$ifficulty & /asy
!!#0"& !nalytic
11) 9he unauthori:ed use of secial system rograms to byass regular system controls and erform
illegal act is called
!) a 9ro,an horse.
") a tra door.
#) the salami techni%ue.
$) suer:aing.
!nswer& $
'age (ef& 18.
$ifficulty & /asy
!!#0"& !nalytic
)
.6) #omuter fraud eretrators that modify rograms during systems develoment, allowing access
into the system that byasses normal system controls are using
!) a 9ro,an horse.
") a tra door.
#) the salami techni%ue.
$) suer:aing.
!nswer& "
'age (ef& 18.
$ifficulty & /asy
!!#0"& !nalytic
.1) ! fraud techni%ue that allows a eretrator to byass normal system controls and enter a secured
system is called
!) suer:aing.
") data diddling.
#) using a tra door.
$) iggybacking.
!nswer& #
'age (ef& 18.
$ifficulty & /asy
!!#0"& !nalytic
..) ! set of unauthori:ed comuter instructions in an otherwise roerly functioning rogram is known
as a
!) logic bomb.
") syware.
#) tra door.
$) 9ro,an horse.
!nswer& $
'age (ef& 181
$ifficulty & /asy
!!#0"& !nalytic
.2) ! BBBBBBBB is similar to a BBBBBBBB, excet that it is a rogram rather than a code segment hidden
in a host rogram.
!) wormC virus
") 9ro,an horseC worm
#) wormC 9ro,an horse
$) virusC worm
!nswer& !
'age (ef& 182
$ifficulty & /asy
!!#0"& !nalytic
8
.7) Wally Hewitt is an accountant with a large accounting firm. 9he firm has a very strict olicy of
re%uiring all users to change their asswords every sixty days. In early March, Wally received an email
from the firm that exlained that there had been an error udating his assword and that rovided a link
to a Web site with instructions for re=entering his assword. 0omething about the email made Wally
susicious, so he called the firm<s information technology deartment and found that the email was
fictitious. 9he email was an examle of
!) social engineering.
") hishing.
#) iggybacking.
$) samming.
!nswer& "
'age (ef& 1)*
$ifficulty & /asy
!!#0"& !nalytic
.)) $eveloers of comuter systems often include a user name and assword that is hidden in the
system, ,ust in case they need to get into the system and correct roblems in the future. 9his is referred
to as a
!) 9ro,an horse.
") key logger.
#) soof.
$) back door.
!nswer& $
'age (ef& 18.
$ifficulty & /asy
!!#0"& !nalytic
.8) In the 1186s, techni%ues were develoed that allowed individuals to fool the hone system into
roviding free access to long distance hone calls. 9he eole who use these methods are referred to as
!) hreakers.
") hackers.
#) hi,ackers.
$) suer:aers.
!nswer& !
'age (ef& 1)7
$ifficulty & /asy
!!#0"& !nalytic
*
.*) $uring a routine audit, a review of cash receits and related accounting entries revealed
discreancies. >on further analysis, it was found that figures had been entered correctly and then
subse%uently changed, with the difference diverted to a fictitious customer account. 9his is an examle
of
!) kiting.
") data diddling.
#) data leakage.
$) hreaking.
!nswer& "
'age (ef& 1)7
$ifficulty & /asy
!!#0"& !nalytic
.@) It was late on a Driday afternoon when 9roy Willicott got a call at the hel desk for 9aggitt Dinances.
! man with an edge of anic clearly discernible in his voice was on the hone. EI<m really in a bind and I
sure hoe that you can hel me.E He identified himself as #het Dra:ier from the !ccounting $eartment.
He told 9roy that he had to work on a reort that was due on Monday morning and that he had forgotten
to bring a written coy of his new assword home with him. 9roy knew that 9aggitt<s new assword
olicy, that re%uired that asswords must be at least fifteen characters long, must contain letters and
numbers, and must be changed every sixty days, had created roblems. #onse%uently, 9roy rovided the
assword, listened as it was read back to him, and was rofusely thanked before ending the call. 9he
caller was not #het Dra:ier, and 9roy Willicott was a victim of
!) hreaking.
") war dialing.
#) identity theft.
$) social engineering.
!nswer& $
'age (ef& 1)8
$ifficulty & /asy
!!#0"& !nalytic
.1) #hiller7)1 was chatting online with 2-2t#owboy. EI can<t believe how lame some eole areF &) I
can get into any system by checking out the comany web site to see how user names are defined and
who is on the emloyee directory. 9hen, all it takes is brute force to find the assword.E #hiller7)1 is a
BBBBBBBB and the fraud he is describing is BBBBBBBB.
!) hreakerC dumster diving
") hackerC social engineering
#) hreakerC the salami techni%ue
$) hackerC assword cracking
!nswer& $
'age (ef& 1)2
!!#0"& !nalytic
@
26) !fter graduating from college with a communications degree, 0ylvia 'lacer exerienced some
difficulty in finding full=time emloyment. 0he free=lanced during the summer as a writer and then
started a blog in the fall. 0hortly thereafter she was contacted by #lickadoo +nline 0ervices, who
offered to ay her to romote their clients by mentioning them in her blog and linking to their Web sites.
0he set u several more blogs for this urose and is now generating a reasonable level of income. 0he
is engaged in
!) "luesnarfing.
") slogging.
#) vishing.
$) tyos%uatting.
!nswer& "
'age (ef& 1)6
$ifficulty & /asy
!!#0"& !nalytic
21) 9elefarm Industries is a telemarketing firm that oerates in the Midwest. 9he turnover rate among
emloyees is %uite high. (ecently, the information technology manager discovered that an unknown
emloyee had used a "luetooth=enabled mobile hone to access the firm<s database and coy a list of
customers from the ast three years that included credit card information. 9elefarm was a victim of
!) "luesnarfing.
") slogging.
#) vishing.
$) tyos%uatting.
!nswer& !
'age (ef& 18)
$ifficulty & /asy
!!#0"& !nalytic
2.) 3im #han decided to #hristmas sho online. He linked to !ma:on.com, found a erfect gift for his
daughter, registered, and laced his order. It was only later that he noticed that the Web site<s >(- was
actually !ma:om.com. 3im was a victim of
!) "luesnarfing.
") slogging.
#) vishing.
$) tyos%uatting.
!nswer& $
'age (ef& 1)@
$ifficulty & /asy
!!#0"& !nalytic
1
22) #omuters that are art of a botnet and are controlled by a bot herder are referred to as
!) osers.
") :ombies.
#) bots%uats.
$) evil twins.
!nswer& "
'age (ef& 1)6
$ifficulty & /asy
!!#0"& !nalytic
27) 3iao 3an had been the Web master for Dolding 0%uid 9echnologies for only three months when the
Web site was inundated with access attemts. 9he only solution was to shut down the site and then
selectively oen it to access from certain Web addresses. D09 suffered significant losses during the
eriod. 9he comany had been the victim of aGan)
!) denial=of=service attack.
") :ero=day attack.
#) malware attack.
$) cyber=extortion attack.
!nswer& !
'age (ef& 1)6
$ifficulty & /asy
!!#0"& !nalytic
2)) 3iao 3an had been the Web master for Dolding 0%uid 9echnologies for only three months when he
received an anonymous email that threatened to inundate the comany Web site with access attemts
unless a ayment was wired to an account in /astern /uroe. 3iao was concerned that D09 would suffer
significant losses if the threat was genuine. 9he author of the email was engaged in
!) a denial=of=service attack.
") Internet terrorism.
#) hacking.
$) cyber=extortion.
!nswer& $
'age (ef& 1)7
$ifficulty & /asy
!!#0"& !nalytic
28) Mo #hauncey was arrested in /moria, Hansas, on Debruary .1, .66@, for running an online
business that seciali:ed in buying and reselling stolen credit card information. Mo was charged with
!) tyos%uatting.
") carding.
#) harming.
$) hishing.
!nswer& "
'age (ef& 1)@
$ifficulty & /asy
!!#0"& !nalytic
16
2*) I work in the information technology deartment of a comany I<ll call #M?. +n Wednesday
morning, I arrived at work, scanned in my identity card and unched in my code. 9his guy in a delivery
uniform came u behind me carrying a bunch of boxes. I oened the door for him, he nodded and went
on in. I didn<t think anything of it until later. 9hen I wondered if he might have been
!) retexting.
") iggybacking.
#) osing.
$) soofing.
!nswer& "
'age (ef& 1)2
$ifficulty & /asy
!!#0"& !nalytic
2@) 9he call to tech suort was fairly routine. ! first=time comuter user had urchased a brand new '#
two months ago and it was now oerating much more slowly and sluggishly than it had at first. Had he
been accessing the Internet; Ies. Had he installed any EfreeE software; Ies. 9he roblem is likely to be
aGan)
!) virus.
") :ero=day attack.
#) denial of service attack.
$) dictionary attack.
!nswer& !
'age (ef& 182
$ifficulty & /asy
!!#0"& !nalytic
21) In Jovember of .66) it was discovered that many of the new #$s distributed by 0ony "MA
installed software when they were layed on a comuter. 9he software was intended to rotect the #$s
from coying. >nfortunately, it also made the comuter vulnerable to attack by malware run over the
Internet. 9he scandal and resulting backlash was very costly. 9he software installed by the #$s is a
!) virus.
") worm.
#) rootkit.
$) s%uirrel.
!nswer& #
'age (ef& 18.
!!#0"& !nalytic
11
76) Which of the following would be least effective to reduce exosure to a comuter virus;
!) +nly transfer files between emloyees with >0" flash drives.
") Install and fre%uently udate antivirus software.
#) Install all new software on a stand=alone comuter for until it is tested.
$) $o not oen email attachments from unknown senders.
!nswer& !
'age (ef& 187
!!#0"& !nalytic
71) Which of the following is not an examle of social engineering;
!) +btaining and using another erson<s 0ocial 0ecurity Jumber, credit card, or other confidential
information
") #reating hony Web sites with names and >(- addresses very similar to legitimate Web sites in
order to obtain confidential information or to distribute malware or viruses
#) >sing email to lure victims into revealing asswords or user I$s
$) 0etting u a comuter in a way that allows the user to use a neighbors unsecured wireless network
!nswer& $
'age (ef& 1)8=1)1
!!#0"& !nalytic
7.) How can a system be rotected from viruses;
!nswer& Install reliable antivirus software that scans for, identifies, and isolates or destroys viruses. >se
caution when coying files on to your diskettes from unknown machines. /nsure the latest version of the
antivirus rogram available is used. 0can all incoming emails for viruses at the server level. !ll software
should be certified as virus=free before loading it into the system. If you use ,um drives, diskettes, or
#$s, do not ut them in unfamiliar machines as they may become infected. +btain software and
diskettes only from known and trusted sources. >se caution when using or urchasing software or
diskettes from unknown sources. $eal with trusted software retailers. !sk whether the software you are
urchasing comes with electronic techni%ues that makes tamering evident. #heck new software on an
isolated machine with virus detection software before installing on the system. #old boot to clear and
reset the system. When necessary, Ecold bootE the machine from a write=rotected diskette. Have two
backus of all files. (estrict the use of ublic bulletin boards.
'age (ef& 187
!!#0"& !nalytic
1.
72) $escribe at least six comuter attacks and abuse techni%ues.
!nswer&
(ound=down techni%ue rounded off amounts from calculations and the fraction deosited in
eretrator<s account.
0alami techni%ue small amounts sliced off and stolen from many ro,ects over a eriod of time.
0oftware iracy unauthori:ed coying of software, robably the most committed comuter crime.
$ata diddling changing data in an unauthori:ed way.
$ata leakage unauthori:ed coying of data files.
'iggybacking latching onto a legitimate user in data communications.
Mas%uerading or Imersonation the eretrator gains access to the system by retending to be an
authori:ed user.
Hacking unauthori:ed access and use of a comuter system.
/=mail threats threatening legal action and asking for money via e=mail.
/=mail forgery removing message headers, using such anonymous e=mail for criminal activity. $enial
of service attack sending hundreds of e=mail messages from false addresses until the attacked server
shuts down.
Internet terrorism crackers using the Internet to disrut electronic commerce and communication
lines.
Internet misinformation using the Internet to sread false or misleading information.
War dialing searching for an idle modem by dialing thousands of telehones and intruding systems
through idle modems.
0amming e=mailing the same message to everyone on one or more >senet grous.
'age (ef& 18)=18*
!!#0"& !nalytic
12
77) $escribe at least four social engineering techni%ues.
!nswer&
'iggybacking latching onto a legitimate user in data communications.
Mas%uerading or Imersonation the eretrator gains access to the system by retending to be an
authori:ed user.
0ocial engineering a eretrator tricks an emloyee into giving him the information he needs to get
into the system.
Identity theft illegally assuming someone else<s identity, usually with the social security number.
'retexting using an invented scenario to increase the likelihood the victim will give away
information.
'osing fraudsters try to collect ersonal information by retending to be legitimate business
colleagues.
'hishing sending email, retending to be a legitimate business colleague, re%uesting user I$ or
assword or other confidential data.
?ishing retending to be a legitimate business colleague and attemting to get a victim to rovide
confidential information over the hone.
#arding using stolen credit card information.
'harming redirecting Web site traffic to a soofed Web site.
9yos%uatting setting u Web sites with names similar to real Web sites.
0cavenging gaining access to confidential data by searching cororate records in dumsters or
comuter storage.
0houlder surfing looking over a erson<s shoulder in a ublic lace to see 'IJ or asswords.
0kimming manually swiing a credit card through a handheld card reader and storing the data for
future use.
/avesdroing observation of rivate communications by wiretaing or other surveillance
techni%ues.
/=mail forgery removing message headers, using such anonymous e=mail for criminal activity.
'age (ef& 1)*=1)1
$ifficulty & /asy
!!#0"& !nalytic
7)) $escribe the differences between a worm and a virus;
!nswer& ! comuter virus is a segment of executable code that attaches itself to comuter software. !
virus has two hases& it relicates itself and sreads to other systems or files, and in the attack hase, the
virus carries out its mission to destroy files or the system itself. ! worm is similar to a virus, excet that
it is a rogram rather than a code segment hidden in a host rogram. ! worm can reside in e=mail
attachments, which when oened or activated can damage a user<s system. Worms can also reroduce
themselves by mailing themselves to the addresses found in the reciient<s mailing list. Worms do not
have long lives, but their lives can be very destructive nonetheless.
'age (ef& 182
!!#0"& !nalytic
17

Chapter 6

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Chapter 6

Diunggah oleh

Hak Cipta:

Format Tersedia

Accounting Information Systems, 12e (Romney/Steinbart)

Chapter 6 Computer Fraud and Abuse Techniques

Anda mungkin juga menyukai