Chapter 14
pdf
keyboard_arrow_up
School
The University of Sydney *
*We aren’t endorsed by this school
Course
500
Subject
Information Systems
Date
Dec 6, 2023
Type
Pages
21
Uploaded by CoachEnergyOpossum25
1 Testbank
©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 Chapter 14 Digital Forensics Analysis
MULTIPLE CHOICE QUESTIONS
—
CHAPTER 14
43. Forensic accountants must understand the Internet's protocols so that they: a. Can write code to collect courtroom evidence. b. Can hire a professional to handle the problem. c. Understand electronic courtroom procedures. d. Understand the nature of a cyber attack. e. All of the above. 44. If your client's website is breached, the best policy is to: a. Make sure no one finds out about the attack. b. Document the evidence about the attack. c. Call in law enforcement authorities as soon as possible. d. Call in a tiger team. e. None of the above. 45. Datagrams are: a. Unchanged as they move across the Internet. b. Another term used to describe e-mail messages. c. Packets of message verification data. d. Packets of data. e. None of the above. 46. Which is the top most layer in the OSI Model used in TCP/IP? a. Data link layer. b. Transportation layer. c. Network layer. d. Application layer. e. None of the above. 47. Message integrity in the OSI Model used in TCP/IP is performed by the:
2 Forensic and Investigative Accounting ©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 a. Data link layer. b. Transportation layer. c. Network layer. d. Application layer. e. None of the above. 48. What protocol uses "send and forget" messages over the Internet? a. FTC. b. TCP/IP. c. UDP. d. SMTP. e. None of the above. 49. SMTP uses which of the following ports? a. 23. b. 25. c. 80. d. 1024. e. All of the above. 50. The number of ports on a web server are: a. Indefinite number. b. 1,024. c. 32,768. d. 65,535. e. All of the above. 51. If the data received by a web server is not the data that was expected which of the following flags is sent (keyed)? a. HLEN. b. FIN. c. RST.
3 Testbank
©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 d. ACK. e. TCP. 52. The IP address is composed of a(n): a. 8-bit address. b. 1-bit address. c. 32-bit address. d. 64-bit address. e. None of the above. 53. Time to Live (TTL) in the IP header: a. Determines how long a source and destination server should continue to try to establish a connection. b. Determines whether the last packet in a message has arrived. c. There is no TTL field in a TCP/IP header. d. Determines how long a packet will continue to travel over the Internet. e. The source address in the header. 54. A network computer's MAC address is found in the: a. ARP table. b. URL address. c. Domain name system. d. Traceroute. e. Ping response. 55. A HTTP response code of "200" means the: a. Web page was incompletely transferred. b. Web page was successfully received. c. The wrong web page was received. d. The web page was successfully sent. e. None of the above.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4 Forensic and Investigative Accounting ©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 56. TCPDUMP is a: a. Traceroute program. b. Virus program. c. Sniffer. d. Trojan horse. e. None of the above. 57. Linux program for searching website E-mail logs are best found in: a. FTP servers. b. HTTP servers. c. SMTP servers. d. TCP servers. e. None of the above. 58. The time information found in an e-mail header is based on: a. Eastern Standard Time. b. Greenwich Mean Time. c. International Time Standard. d. Internet Mean Time. e. None of the above. 59. To trace an IP address back to its source address, which of the following tools would be best to use? a. Remail. b. Traceroute. c. Ping. d. ARIN. e. TCP Dump.
5 Testbank
©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 60. To determine if a port on a web server is alive and connected to the Internet, which of the following tools would be best to use? a. Whois. b. Traceroute. c. Ping. d. ARIN. e. All ports are close to traffic today. 61. Which of the following search engines is a metacrawler? a. Dogpile. b. Google. c. Lycos. d. Yahoo. e. Metacrawl Shodan. 62. The purpose of remailers is to: a. Send back e-mail to a sender so that the sender knows it did not go to the recipient. b. Let the sender know e-mail was received by the receipent. c. Send spam. d. Send anonymous e-mail. e. There are no remailers left the U.S. government has outlawed them. 63. The best method to search for a downloadable FTP file located on an Argentinean-based hacker group is to use: a. Google. b. Tile-net. c. XGoogle. d. L-soft. e. None of the above. 64. Currently, which of the following would be the most difficult to identify through an Internet search? a. An individual social security number.
6 Forensic and Investigative Accounting ©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 b. The path of a packet over the Internet. c. The birth date for a person. d. The individual who sent an e-mail message through two remailers. 65. The most pertinent federal law for prosecuting computer fraud is: a. Electronic Protection Privacy Act. b. Computer Fraud and Abuse Act. c. Title 18 USC 1030. d. Patriot Act. e. Sarbanes-Oxley Act 66. One way to hide my e-mail address is to: a. Use a different PC than normally used to send my e-mail message. b. Use a proxy server for sending e-mail. c. Use a remailer. d. Both b and c. e. All of the above. 67. Which of the following sites can be searched by a search engine? a. FTP sites. b. Listserv sites. c. IRC sites. d. All of the above. e. None of the above. 68. What is the port number for SMTP protocol? a. 25 b. 23 c. 70 d. 80 e. Some other answer.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7 Testbank
©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 69. Route control occurs in which OSI layer? a. Application Layer. b. Session Layer. c. Network Layer. d. Transportation Layer. e. Some other Layer. 70. The protocol in which of the following systems is mainly used for downloading files? a. IP b. FTP c. Telnet d. Netstat e. None of the above. 71. ICMP is best described as service: a. For datagrams. b. To identify and translate MAC addresses. c. Used for error control messages between machines. d. To control routing between hosts. e. Both a and b. 72. Ninety-five
—
a decimal value
—
converted to a hexadecimal value equals: a. 95 b. 5F c. 137F d. 59 e. 63 73. What is the purpose of the domain name system? a. To assign IP addresses. b. To ensure each host has a unique name.
8 Forensic and Investigative Accounting ©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 c. To be certain that browsers work correctly with IP addresses. d. To ensure that traceroute works. e. Both a and d. 74. Which utility would be used for obtaining all IP address connections to a server during a chat session? a. ARP b. FTP c. Netstat d. Traceroute e. Some other answer. 75. To display MAC addresses in an Windows OS, type the following command. a. Tracert b. Ping c. Ipconfig -all d. Ping MAC e. Some other command. 76. To display the path a packet takes as it goes over the Internet, type the following command. a. Netstat b. Ping c. Finger d. Tracert e. Some other command. 77. Which of the following is most likely a MAC address? a. 155.67.819.432 b. 00F34768E411 c. F56I89754E006G d. ffffffffff e. None of the above.
9 Testbank
©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 78. Which of the following is an advantage of the traditional OSI model? a. Enables interoperability among diverse systems. b. Allows connections to operate faster. c. Prevents attackers from getting into the system. d. Simple system. e. All are advantages. 79. In the OSI model, the data link layer controls: a. Transfers of datagrams between nodes. b. Routing, switching, and flow over a network. c. Network addressing. d. Time-to-live on a datagram. e. Both a and b. 80. What address is used by machines transferring data across the Internet? a. Node address. b. IP address. c. MAC address. d. Domain name. e. Both b and c. 81. How are datagrams deleted from the Internet? a. When their electrical charge is gone, they are deleted. b. When their time-to-live field is at zero. c. When their originating IP address calls them back. d. When they reach the end of the Internet. e. Both c and b. 82. Sequence and acknowledgment numbers can range up to: a. An unlimited number. b. 4,294,967,295.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
10 Forensic and Investigative Accounting ©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 c. Numbers combined with letters to make any combination possible. d. The highest prime number possible. e. The lowest prime number. 83. Which of the following is not part of the TCP header? a. Source port. b. Destination port. c. Time-to-live field. d. Checksum. e. All of the above. 84. Which of the following is not part of the IP header? a. Source IP address. b. Time-to-live field. c. SYN flag. d. TOS. e. Both a and b. 85. How many packets are exchanged in the initial handshaking exchange in setting up a connection? a. 1 b. 2 c. 3 d. 4 e. 5 86. In order to determine whether there is a good connection with an IP address at another location, which is the best utility to use? a. Finger b. Ping c. Traceroute d. Google e. Both a and c.
11 Testbank
©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 87. Which port does HTTP use? a. 80 b. 25 c. 21 d. 1024 e. 75 88. Which of the following techniques are being used by the financial auditors in their annual audit? a. Confirmation of receivables. b. Analyzing executive's email messages for indications of fraud. c. Organization cultural assessments to measure fraud risk. d. All of the above. e. Both a and c. 89. Which of the following practices or procedures are more likely to apply a continuous review of the client's possible fraudulent activities? a. Financial audit. b. Forensic audit. c. Fraud investigation. d. Continuous audit. e. All of the above. 90. Which of the following practices or procedures are more likely to use real-time data for decision making? a. Financial audit. b. Forensic audit. c. Fraud investigation. d. None of the above. 91. Which of the following practices or procedures are more likely to use historical data in their analysis of business events? a. Financial audit.
12 Forensic and Investigative Accounting ©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 b. Forensic audit. c. Fraud investigation. d. Both a and c. 92. Which layer from the Operating System Interconnection (OSI) Model used with TCP/IP exists just below the user's operating system? a. Hardware layer. b. Data Link layer. c. Network layer. d. Application layer. e. Both b and c. 93. What is the correct order for the layered Operating System Interconnection (OSI) Model used with TCP/ IP? a. Application, network, transportation, data link, hardware. b. Application, transportation, network, data link, hardware. c. Application, transportation, data link, network, hardware. d. Application, network, data link, transportation, hardware. e. Some other order. 94. If there is an open SMTP relay port, it allows a computer user to: a. Collect hidden files on a remote PC. b. Check for software updates. c. Slow down a remote PC. d. Connect and execute commands on a remote PC. e. Both a and c. 95. A private Internet: a. Used by hackers to trade information about exploits and credit card numbers. b. Shields IP address information from being easily traced. c. Considered to be an unaccepted network protocol by the ICANN. d. Should only be used by law enforcement. e. All of the above.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
13 Testbank
©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 96. The main reason IPv4 protocols are being replaced IPv6 is because: a. IPv4 ran out of IP addresses. b. IPv4 is too slow for new networks and computers. c. IPv4 is too easy for hackers to exploit. d. IPv4 was found to be a major reason financial institutions' websites were breached. 97. Each layer in a TCP/IP envelope: a. Contains a portion of the plain text of an e-mail message. b. Can only communicate with the layer above it. c. Can communicate with the layers above and below it. d. Are interchangeable when a transmission problem occurs. e. All of the above. 98. When data packets are sent over the Internet, under IPv4, they go: a. Directly to the recipient's computer. b. Through numerous web servers before arriving at their destination. c. Through a maximum of three web servers before the packets time out and the information is lost. d. Through one master web server which distributes the packets to the proper address. 99. With IPv6, the packets: a. Are faster. b. Are not fragmented like with IPv4. c. Are still fragmented like IPv4. d. Are first compressed and then uncompressed when they are received. 100. A botherder is an individual who: a. Come on, there is no such thing as a botherder. b. Writes a blog about zombie computers. c. Is a gamer and builds mechanical robots to enter in competitions for prize money. d. Controls and rents a botnet.
14 Forensic and Investigative Accounting ©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 101. What is the most common way financial frauds are discovered today? a. By auditors preparing financial reports. b. By digital investigators. c. Tips from third parties. d. SEC investigations. e. Management review. 102. Turning off a computer is most likely to cause ___________ to disappear. a. Involatile data. b. Swap files. c. Deleted files. d. Unallocated space. e. All of the above. 103. Today IPv4 has been replaced by: a. IPv5 b. IPv6 c. IPv7 d. IPv8 e. Some other answer. 104. How many layers are in the OSI model? a. zero b. 4 c. 5 d. 7 e. 9 105. Which OSI layer deals with FTP? a. Application Layer b. Transportation Layer
15 Testbank
©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 c. Net Link Layer d. Data Link Layer e. Some other layer. 106. An IPv4 address: a. is a 32 bit field b. is a 64 bit field c. varies with the size of the message d. is a 128 bit field e. is a 160 bit field 107. Time stamp data recording when data was sent in the IPv4 is: a. located in the TTL b. one of the options in the data packet c. not recorded in the packet as it is in the e-mail message d. found in the TOS 108. Someone can change the service delivery method of the packet with the: a. TOS b. TTL c. Ping Control d. ACK 109. Any actual physical address on a device connected to a network is the: a. logical link control address b. IP address, only in IPv6 c. media access control address d. IP address 110. The layer in the OSI Model that is connected to cables, cards, etc. is the: a. Network Layer b. Transportation Layer
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
16 Forensic and Investigative Accounting ©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 c. Data Link Layer d. Hardware Layer e. Some other Layer 111. The best time codes in web logs come from: a. Internet time b. Internal clock time c. GMT time zone logs d. Washington, D.C. zone logs e. Military time 112. Which of the following is NOT found in Internet web logs? a. file being requested b. name of the computer making the request c. name of the web browser used by the computer making the request d. IP address of a visitor to the website. e. None of the above. 113. Which of the following is NOT a protocol used on the web? a. HTTP b. FTP c. COSB d. UDP e. None of the ahove. 114. Which of the following countries would be in the highest (largest) GMT time zone? a. Ireland b. East Coast of the United States c. New Zealand d. Panama
17 Testbank
©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 115. Crowdfunding has been enacted by: a. Securities and Exchange Commission Regulations b. Sarbanes-Oxley Act c. Jumpstart Our Business Startup Act d. Part of the Obama Health Care Law e. PCAOB regulations. 116. Crowdfunding: a. A means for small business to obtain start-up capital b. Allows homeowner in foreclosure to obtain temporary mortgage funding c. Allows groups of investors (crowds) to combine their resources and make stock purchases at reduced prices d. Allows the SEC to better regulate investment banks e. Allows PCAOB to regulate audit firms. 117. A search engine that would be useful in identifying industrial control systems connected to the Internet would be: a. Google b. Bing c. Wikipedia d. Shodan e. None of the above. 118. If unauthorized spam is being sent through a company's network, the most important job of an accountant Is to: a. identify who is sending the spam b. shut down the company's access to the Internet to curtail financial losses c. determine the dollar amount of the financial loss experienced by the company d. call law enforcement for assistance 119. Ping probes are sent with the following protocol. a. TCP b. TCP/IP
18 Forensic and Investigative Accounting ©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 c. UPD d. ICMP e. Some other protocol. 120. The purpose of a ping is to identify: a. Number of ports on a webserver b. Whether a webserver is listening c. Software being used on a webserver's port d. IP address of the PC sending the ping e. All of the above. 121. A traceback on an IP address locates the following information: a. How the attack was discovered b. A contact mail address c. A contact phone number d. An IP address e. a and d 122. Three factors for implementing forensic methods to monitor C-suite executives are all of the following except: a. Cost effective software for electronic monitoring b. Agency theory c. Limited privacy protections in the workplace d. Regulations under Sarbanes-Oxley e. Regulations of PCAOB 123. Pretexting is: a. Occurs when teenagers send compromising photos of themselves to their friends b. When a cell phone user pretends to be someone else and uses a false scenario (story) to collect personal data about a person. c. System whereby a text message is compose on one date but not sent out until a later date d. Method of saving a string of URLs while using a search engine such as Google or Bing
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
19 Testbank
©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 124. Which of the following software packages is used to analyze large volumes of log files? a. Maltego b. RFID Chek c. Net Map d. PyFlag e. None of the above. 125. To search background information about an individual which of the following is the least likely source where such information can be collected? a. Twitter b. Usenet c. LinkedIn d. Facebook 126. Netstat is a program that allows a computer user to determine: a. Physical location of an IP address b. Active IP connections on a computer c. Name of files in the C-Drive d. Use name of people who are currently writing e-mail messages on a webserver 127. The best way to determine the relationships between individuals on social media websites is by using: a. Netstat b. Ping search c. Data mining software d. Law enforcement help 128. Computers on a network have either a static or __________________IP address. a. latent b. dynamic c. moving d. network
20 Forensic and Investigative Accounting ©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 129. A good website to use to find out all the information on an IP address is ________________. a. ipaddresslocator.net b. forensic-tools.com c. websecuritycorp.gov d. network-tools.com 130. All of the following are true regarding TCPDUMP except. a. Form of network sniffer b. Unix-based program c. Used in ethics training programs d. Can secretly capture diagrams 131. According to the textbook, what is the dollar amount of the largest cybercrime theft from a bank or banks? a. $9 million b. $45 million c. $100 million d. $1 billion 132. A cookie is used to: a. Identify criminal behavior on the web b. Identify a computer user c. Eat when you are hungry d. Infect computers and steal financial information 133. Registry keys are: a. Keys that lock down a computer case b. Electronic information that tells the computer which applications to run c. Keys that are used on the Internet to register private information about a computer in case the computer is stolen d. Electronic logs that record what happens when applications are used in a computer
21 Testbank
©
2021 CCH Incorporated and its affiliates. All rights reserved. Chapter 14 134. A search engine that has a reputation for private browsing is: a. Google b. Yahoo c. DuckDuckGo d. Bing 135. Netstat includes all of the following except: a. IP address b. Protocol information c. MAC address d. port state
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help