Chapter 6 - note PDF

Preview

Summary

note...

Description

Accounting Information Systems, 14e (Romney/Steinbart) Chapter 6 Computer Fraud and Abuse Techniques 1 Compare and contrast computer attack and abuse tactics. 1) ________ consists of the unauthorized copying of company data. A) Phishing B) Masquerading C) Data leakage D) Eavesdropping Answer: C Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 2) Individuals who use telephone lines to commit fraud and other illegal acts are typically called A) phreakers. B) crackers. C) phishers. D) hackers. Answer: A Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 3) A hacker who changed the voice mail greeting of a company to say that it is offering free products by asking customers to dial a different phone number to claim their gifts is engaging in A) diddling. B) phreaking C) phishing. D) hacking. Answer: B Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking

1 Copyright © 2018 Pearson Education, Inc.

4) What is a denial of service attack? A) It is an attack when the perpetrator is inserting malicious query in input such that it is passed to and executed by an application program. B) It is an attack when the perpetrator is inputting so much data that the input buffer overflows. The overflow contains code that takes control of the company's computer. C) It is an attack when the perpetrator uses software to guess company's addresses, send employees blank e-mails, and add unreturned messages to spammer e-mail list. D) It is an attacked when the perpetrator sends hundreds of messages from randomly generated false addresses, overloading an Internet service provider's e-mail server. Answer: D Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Moderate AACSB: Analytical Thinking 5) What is a dictionary attack? A) It is an attack when the perpetrator is inserting malicious query in input such that it is passed to and executed by an application program. B) It is an attack when the perpetrator is inputting so much data that the input buffer overflows. The overflow contains code that takes control of the company's computer. C) It is an attack when the perpetrator uses software to guess company's addresses, send employees blank e-mails, and add unreturned messages to spammer e-mail list. D) It is an attacked when the perpetrator sends hundreds of messages from randomly generated false addresses, overloading an Internet service provider's e-mail server. Answer: C Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Moderate AACSB: Analytical Thinking 6) What is a buffer overflow attack? A) It is an attack when the perpetrator is inserting malicious query in input such that it is passed to and executed by an application program. B) It is an attack when the perpetrator is inputting so much data that the input buffer overflows. The overflow contains code that takes control of the company's computer. C) It is an attack when the perpetrator uses software to guess company's addresses, send employees blank e-mails, and add unreturned messages to spammer e-mail list. D) It is an attacked when the perpetrator sends hundreds of messages from randomly generated false addresses, overloading an Internet service provider's e-mail server. Answer: B Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking

2 Copyright © 2018 Pearson Education, Inc.

7) What is a SQL injection attack? A) It is an attack when the perpetrator is inserting malicious query in input such that it is passed to and executed by an application program. B) It is an attack when the perpetrator is inputting so much data that the input buffer overflows. The overflow contains code that takes control of the company's computer. C) It is an attack when the perpetrator uses software to guess company's addresses, send employees blank e-mails, and add unreturned messages to spammer e-mail list. D) It is an attacked when the perpetrator sends hundreds of messages from randomly generated false addresses, overloading an Internet service provider's e-mail server. Answer: A Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Moderate AACSB: Analytical Thinking 8) Gaining control of somebody's computer without their knowledge and using it to carry out illicit activities is known as A) hacking. B) spamming. C) posing. D) hijacking. Answer: D Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 9) Creating a seemingly legitimate business, collecting personal data while making a sale, and never delivering items sold is known as A) hacking. B) spamming. C) posing. D) hijacking. Answer: C Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking

3 Copyright © 2018 Pearson Education, Inc.

10) Sending an unsolicited message to many people at the same time is known as A) hacking. B) spamming. C) posing. D) hijacking. Answer: B Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 11) Unauthorized access, modification, or use of an electronic device or some element of a computer system is known as A) hacking. B) spamming. C) posing. D) hijacking. Answer: A Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 12) Tapping into a communications line and then entering the system by accompanying a legitimate user without their knowledge is called A) superzapping. B) tabnapping. C) pretexting. D) piggybacking. Answer: D Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 13) Using special software to bypass system controls and perform illegal acts is called A) superzapping. B) tabnapping. C) pretexting. D) piggybacking. Answer: A Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 4 Copyright © 2018 Pearson Education, Inc.

14) Secretly changing an already open browser tab using JavaScript is called A) superzapping. B) tabnapping. C) pretexting. D) piggybacking. Answer: B Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 15) Acting under false pretenses to gain confidential information is called A) superzapping. B) tabnapping. C) pretexting. D) piggybacking. Answer: C Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 16) Which of the following is not a method of identity theft? A) Scavenging B) Phishing C) Shoulder surfing D) Phreaking Answer: D Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 17) The deceptive method by which a perpetrator gains access to the system by pretending to be an authorized user is called A) masquerading. B) bluebugging. C) eavesdropping. D) podslurping. Answer: A Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking

5 Copyright © 2018 Pearson Education, Inc.

18) Taking control of a phone to make calls, send text messages, listen to calls, or read text messages is called A) masquerading. B) bluebugging. C) eavesdropping. D) podslurping. Answer: B Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 19) Listening to private voice or data transmissions is called A) masquerading. B) bluebugging. C) eavesdropping. D) podslurping. Answer: C Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 20) Using a small device with storage capacity (iPod, Flash drive) to download unauthorized data from a computer is called A) masquerading. B) bluebugging. C) eavesdropping. D) podslurping. Answer: D Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 21) The unauthorized access to, or use of, a computer system is known as A) pharming. B) cyber-bullying. C) hacking. D) vishing. Answer: C Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 6 Copyright © 2018 Pearson Education, Inc.

22) Redirecting traffic to a spoofed website to obtain confidential information is known as A) pharming. B) cyber-bullying. C) hacking. D) vishing. Answer: A Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 23) Voice phishing, in which e-mail recipients are asked to call a phone number that asks them to divulge confidential data is known as A) pharming. B) cyber-bullying. C) hacking. D) vishing. Answer: D Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 24) Using computer technology to harm another person is known as A) pharming. B) cyber-bullying. C) hacking. D) vishing. Answer: B Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 25) A fraud technique that slices off tiny amounts from many projects is called the ________ technique. A) Trojan horse B) man-in-the-middle C) salami D) trap door Answer: C Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking

7 Copyright © 2018 Pearson Education, Inc.

26) A fraud technique that uses a back door into a system that bypasses normal system controls is called the ________ technique. A) Trojan horse B) man-in-the-middle C) salami D) trap door Answer: D Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 27) A fraud technique that uses unauthorized codes in an authorized and properly functioning program is called the ________ technique. A) Trojan horse B) man-in-the-middle C) salami D) trap door Answer: A Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 28) A fraud technique that allows a hacker to place himself or herself between a client and a host to intercept network traffic is called the ________ technique. A) Trojan horse B) man-in-the-middle C) salami D) trap door Answer: B Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking

8 Copyright © 2018 Pearson Education, Inc.

29) Data diddling is A) verifying credit card validity; buying and selling stolen credit cards. B) inserting a sleeve into an ATM so that it will not eject the victim's card, pretending to help the victim as a means of obtaining his PIN, and using the card and PIN to drain the account. C) a technique that tricks a person into disclosing confidential information. D) changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data. Answer: D Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 30) Social engineering is A) verifying credit card validity; buying and selling stolen credit cards. B) inserting a sleeve into an ATM so that it will not eject the victim's card, pretending to help the victim as a means of obtaining his PIN, and using the card and PIN to drain the account. C) a technique that tricks a person into disclosing confidential information. D) changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data. Answer: C Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 31) Lebanese looping is A) verifying credit card validity; buying and selling stolen credit cards. B) inserting a sleeve into an ATM so that it will not eject the victim's card, pretending to help the victim as a means of obtaining his PIN, and using the card and PIN to drain the account. C) a technique that tricks a person into disclosing confidential information. D) changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data. Answer: B Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking

9 Copyright © 2018 Pearson Education, Inc.

32) Carding is A) verifying credit card validity; buying and selling stolen credit cards. B) inserting a sleeve into an ATM so that it will not eject the victim's card, pretending to help the victim as a means of obtaining his PIN, and using the card and PIN to drain the account. C) a technique that tricks a person into disclosing confidential information. D) changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data. Answer: A Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 33) In the 1960s, techniques were developed that allowed individuals to fool the phone system into providing free access to long distance phone calls. The people who use these methods are referred to as A) phreakers. B) hackers. C) hijackers. D) superzappers. Answer: A Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 34) During a routine audit, a review of cash receipts and related accounting entries revealed discrepancies. Upon further analysis, it was found that figures had been entered correctly and then subsequently changed, with the difference diverted to a fictitious customer account. This is an example of A) kiting. B) data diddling. C) data leakage. D) phreaking. Answer: B Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking

10 Copyright © 2018 Pearson Education, Inc.

35) LOLer was chatting online with l33ter. "I can't believe how lame some people are! :) I can get into any system by checking out the company website to see how user names are defined and who is on the employee directory. Then, all it takes is brute force to find the password." LOLer is a ________, and the fraud he is describing is ________. A) hacker; social engineering B) phreaker; dumpster diving C) hacker; password cracking D) phreaker; the salami technique Answer: C Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Moderate AACSB: Analytical Thinking 36) After graduating from college, Rob Johnson experienced some difficulty in finding full-time employment. He free-lanced during the summer as a writer and then started a blog in the fall. Shortly thereafter he was contacted by SitePromoter Incorporated, who offered to pay him to promote their clients in his blog. He set up several more blogs for this purpose and is now generating a reasonable level of income. He is engaged in A) splogging. B) Bluesnarfing. C) vishing. D) typosquatting. Answer: A Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 37) After graduating from college, Rob Johnson experienced some difficulty in finding full-time employment. Trying to make ends meet, Rob used all of his saving to buy a significant number of shares in small, low-priced, thinly traded penny stocks. He then uses spam e-mails and blog postings to disseminate overly optimistic information about the company in hope to drives up the company's stock price. He is waiting to sell his shares to investors and pocket a profit. He is engaged in A) internet pump-and-dump. B) Bluesnarfing. C) vishing. D) typosquatting. Answer: A Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking

11 Copyright © 2018 Pearson Education, Inc.

38) Computers that are part of a botnet and are controlled by a bot herder are referred to as A) sniffers. B) zombies. C) botsquats. D) evil twins. Answer: B Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 39) Inspecting information packets as they travel across computer networks are referred to as A) sniffers. B) zombies. C) botsquats. D) evil twins. Answer: A Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 40) A wireless network with the same name as another wireless access point is referred to as A) sniffers. B) zombies. C) botsquats. D) evil twins. Answer: D Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 41) Ashley Baker has been the webmaster for Berryhill Finance only ten days when Berryhill's website was flooded with access attempts. Ashley shut down the site and only opened it to Web addresses which she specifically identified as legitimate. As a result, many of Berryhill's customers were unable to obtain loans, causing Berryhill to lose a significant amount of business. Berryhill Finance suffered from a A) denial-of-service attack. B) zero-day attack. C) phreaking attack. D) cyber-extortion attack. Answer: A Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 12 Copyright © 2018 Pearson Education, Inc.

42) Ashley Baker has been the webmaster for Berryhill Finance only ten days when Berryhill's website was scheduled for a routine security patch update. Unbeknown to Ashley, cybercrooks found out the timing of the patch update and launched attacks right before Berryhill's update from a remote location miles away. As a result of the attack, Berryhill lost a significant amount of clients' private information. Berryhill Finance suffered from a A) hacking attack. B) zero-day attack. C) identity theft attack. D) cyber-extortion attack. Answer: B Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Moderate AACSB: Analytical Thinking 43) Ashley Baker has been the webmaster for Berryhill Finance only ten days when she received an e-mail that threatened to shut down Berryhill's website unless Ashley wired payment to an overseas account. Ashley was concerned that Berryhill Finance would suffer huge losses if its website went down, so she wired money to the appropriate account. The author of the e-mail successfully committed A) a denial-of-service attack. B) Internet terrorism. C) hacking. D) cyber-extortion. Answer: D Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking 44) Ashley Baker works in the information technology department of Core Company. On Monday morning, she arrived at work, scanned her identity card, and entered her access code. At that moment, a man in a delivery uniform came up behind Ashley with a bunch of boxes. Although Ashley held the door for the delivery man, she later wondered if the man was engaged in A) pretexting. B) piggybacking. C) posing. D) spoofing. Answer: B Concept: Computer attacks and abuse Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytical Thinking

13 Copyright © 2018 Pearson Education, Inc.

45) Describe at least six computer attacks and abuse techniques. Answer: Round-down technique — rounded off amounts from calculations and the fraction deposited in perpetrator's account. Salami technique — small amounts sliced off and stolen from many projects over a period of time. Software piracy — unauthorized copying of software, probably the most committed computer crime. Data diddling — changing data in an unauthorized way. Data leakage — unauthorized copying of data files. Piggybacking — latching onto a legitimate user in data communications. Masquerading or Impersonation — the perpetrator gains access to the system by pretending to be an authorized user. Hacking — unauthorized access and use of a computer system. E-mail threats — threatening legal action and asking for money via e-mail. E-mail forgery — removing message headers,...