1.

Which of the following could be examples of unintentional threats to accounting information systems?

a. Typing error by a data entry clerk who entered the figure A$10,000 instead of A$1,000.

b. Several businesses remained without electricity for up to 8 hours due to a generator breakdown at the power station.

c. An update to an online retailers sale items erroneously changed sale prices for all products to A$50, instead of a markdown of 50% on each item.

d. Undetected data transmission errors costed a company close to A$300,000 because the errors were picked up only after 48 hours.

e. A center housing all the servers of a large enterprise was flooded due to torrential rains.

Which of the following is (are) TRUE about fraud?

a. White-collar criminals are trusted by their peers and their managers.

b. Production workers are the most likely to be involved in corruption.

c. Bid rigging is an example of investment fraud.

d. Misappropriation of assets refers to the theft of physical assets.

e. Justifiable reliance (where a person uses misrepresented information to take action) does not constitute fraud.

Which of the following opportunities permit employee and/or management

fraud?

a. Low turnover of employees in key positions.

b. Management participation in internal control systems.

c. Unclear policies and procedures in the company.

d. Effective internal auditing staff.

e. Numerous year-end adjustments.

Which of the following are NOT examples of computer fraud?

a. Students accessing a university database to view their peers assessment marks.

b. Payroll staff changing commission rates of their friends in sales.

c. HR clerk accessing and making a digital copy of the pay scales of all employees

in the company from his direct line managers workstation.

d. Submitting handwritten invoices for electronic payment on behalf of a home

industry for supposed catering purposes.

e. Creating fraudulent paychecks.

An employee at a large organization used the company computer during his lunch time to conduct a betting scheme. What type of fraud did he commit?

a. input fraud.

b. processor fraud.

c. computer instruction fraud.

d. data fraud.

e. output fraud.

2.

3.

4.

5.

6. A graphic design graduate used design software to create paychecks that looked identical to those of a company in his town. The paychecks were deposited electronically into several of his friends accounts. What type of fraud did he commit?

a. input fraud.

b. processor fraud.

c. computer instruction fraud.

d. data fraud.

e. output fraud.

7. A companys current password policy requires that passwords be alphanumeric, case- sensitive, and be 10 characters long. Which one of the following changes to a companys password policy will increase password strength the most?

a. Require passwords to also include special characters (such as $, &, etc.)

b. Require passwords to be 15 characters long

c. Both of the above changes would have the same effect on password strength

8. Which of the following set of authentication credentials provides the strongest access control?

a. A password and a security question.

b. A PIN and a smart card.

c. Voice recognition and a fingerprint.

d. All of the combinations of credentials are equally strong.

9. Which of the following factors increase the strength of an encryption solution?

a. Securely storing encryption keys somewhere other than in the browser.

b. Keeping the encryption algorithm secret.

c. Using a 24-bit encryption key.

d. All three options increase the strength of an encryption solution.

e. None of the three factors increase the strength of an encryption solution.

10. Able wants to send an encrypted document to Baker as an email attachment. If Able wants to securely send Baker the key to decrypt the document, Able should encrypt

the key using:

a. Able's public asymmetric key.

b. Able's private asymmetric key.

c. Baker's public asymmetric key.

d. Baker's private asymmetric key.

11. Which of the following statements is true?

a. A file encrypted with X's private key can only be decrypted by using X's

private key.

b. A file encrypted with X's private key can only be decrypted using X's public

key.

c. A file encrypted with X's private key can only be decrypted by using Y's

private key.

d. A file encrypted with X's private key can only be decrypted using Y's public

key.

12. To decrypt a digital signature, the recipient uses the _____.

a. sender's private key.

b. sender's public key.

c. recipient's private key.

d. recipient's public key.