AIS Exam 2025 With 100% Correct
Answers
Which of the following is not an example of one of the basic types of fraud?
A) A salesperson approves a large sales discount on an order from a company owned partially
by the salesperson's sister.
B) While straightening the store at the end of the day, a shoe store employee finds and keeps an
expensive pair of sunglasses left by a customer.
C) A purchasing agent places a large order at higher-than-normal unit prices with a vendor that
gave the agent tickets to several football games.
D) An executive devised and implemented a plan to accelerate revenue recognition on a long-
term contract, which will allow the company to forestall filing for bankruptcy. The executive
does not own any stock, stock options or grants, and will not receive a bonus or perk because of
the overstated revenue. - CORRECT ANSWER✔✔While straightening the store at the end of the
day, a shoe store employee finds and keeps an expensive pair of sunglasses left by a customer.
Which of the following is least likely to result in computer fraud?
A) releasing data to unauthorized users
B) storing backup tapes in a location where they can be quickly accessed
C) allowing computer operators full access to the computer room
D) allowing computer users to test software upgrades - CORRECT ANSWER✔✔allowing
computer operators full access to the computer room
Which of the following preventive controls are necessary to provide adequate security for social
engineering threats?
,A) host and application hardening B) encryption
C) awareness training D) controlling remote access - CORRECT ANSWER✔✔awareness training
4 Which of the following is not a management characteristic that increases pressure to commit
fraudulent financial reporting?
A) close relationship with the current audit engagement partner and manager
B) pay for performance incentives based on short-term performance measures
C) high management and employee turnover
D) highly optimistic earnings projections - CORRECT ANSWER✔✔close relationship with the
current audit engagement partner and manager
In 2007, a major U.S. financial institution hired a security firm to attempt to compromise its
computer network. A week later, the firm reported that it had successfully entered the system
without apparent detection and presented an analysis of the vulnerabilities that had been
found. This is an example of a - CORRECT ANSWER✔✔detective control
Noseybook is a social networking site that boasts over a million registered users and a quarterly
membership growth rate in the double digits. As a consequence, the size of the information
technology department has been growing very rapidly, with many new hires. Each employee is
provided with a name badge with a photo and embedded computer chip that is used to gain
entry to the facility. This is an example of a(n) - CORRECT ANSWER✔✔authentication control
If an organization asks you to disclose your social security number, but decides to use it for a
different purpose than the one stated in the organization's privacy policies, the organization has
likely violated which of the Generally Accepted Privacy Principles?
A) Collection
B) Access
C) Security
, D) Quality - CORRECT ANSWER✔✔Collection
________ is/are an example of a detective control.
A) Physical access controls
B) Encryption
C) Emergency response teams
D) Log analysis - CORRECT ANSWER✔✔Log Analysis
All of the following are basic purposes of internal control except
A. Eliminating fraud
B. Ensuring reliable financial statements
C. Promoting Operating Efficiency
D. Safeguarding assets - CORRECT ANSWER✔✔A. Eliminating fraud: cannot eliminate all fraud
Which of the following legally requires management to assess a company's internal control
annually?
Foreign Corrupt Practices Act
Brown's risk taxonomy
COSO Internal control framework
Sarbanes-Oxley Act - CORRECT ANSWER✔✔Sarbanes-Oxley Act requires management to assess
a company's internal control annually.
Which of the following reports are issued quarterly?
10-K
8-K
Answers
Which of the following is not an example of one of the basic types of fraud?
A) A salesperson approves a large sales discount on an order from a company owned partially
by the salesperson's sister.
B) While straightening the store at the end of the day, a shoe store employee finds and keeps an
expensive pair of sunglasses left by a customer.
C) A purchasing agent places a large order at higher-than-normal unit prices with a vendor that
gave the agent tickets to several football games.
D) An executive devised and implemented a plan to accelerate revenue recognition on a long-
term contract, which will allow the company to forestall filing for bankruptcy. The executive
does not own any stock, stock options or grants, and will not receive a bonus or perk because of
the overstated revenue. - CORRECT ANSWER✔✔While straightening the store at the end of the
day, a shoe store employee finds and keeps an expensive pair of sunglasses left by a customer.
Which of the following is least likely to result in computer fraud?
A) releasing data to unauthorized users
B) storing backup tapes in a location where they can be quickly accessed
C) allowing computer operators full access to the computer room
D) allowing computer users to test software upgrades - CORRECT ANSWER✔✔allowing
computer operators full access to the computer room
Which of the following preventive controls are necessary to provide adequate security for social
engineering threats?
,A) host and application hardening B) encryption
C) awareness training D) controlling remote access - CORRECT ANSWER✔✔awareness training
4 Which of the following is not a management characteristic that increases pressure to commit
fraudulent financial reporting?
A) close relationship with the current audit engagement partner and manager
B) pay for performance incentives based on short-term performance measures
C) high management and employee turnover
D) highly optimistic earnings projections - CORRECT ANSWER✔✔close relationship with the
current audit engagement partner and manager
In 2007, a major U.S. financial institution hired a security firm to attempt to compromise its
computer network. A week later, the firm reported that it had successfully entered the system
without apparent detection and presented an analysis of the vulnerabilities that had been
found. This is an example of a - CORRECT ANSWER✔✔detective control
Noseybook is a social networking site that boasts over a million registered users and a quarterly
membership growth rate in the double digits. As a consequence, the size of the information
technology department has been growing very rapidly, with many new hires. Each employee is
provided with a name badge with a photo and embedded computer chip that is used to gain
entry to the facility. This is an example of a(n) - CORRECT ANSWER✔✔authentication control
If an organization asks you to disclose your social security number, but decides to use it for a
different purpose than the one stated in the organization's privacy policies, the organization has
likely violated which of the Generally Accepted Privacy Principles?
A) Collection
B) Access
C) Security
, D) Quality - CORRECT ANSWER✔✔Collection
________ is/are an example of a detective control.
A) Physical access controls
B) Encryption
C) Emergency response teams
D) Log analysis - CORRECT ANSWER✔✔Log Analysis
All of the following are basic purposes of internal control except
A. Eliminating fraud
B. Ensuring reliable financial statements
C. Promoting Operating Efficiency
D. Safeguarding assets - CORRECT ANSWER✔✔A. Eliminating fraud: cannot eliminate all fraud
Which of the following legally requires management to assess a company's internal control
annually?
Foreign Corrupt Practices Act
Brown's risk taxonomy
COSO Internal control framework
Sarbanes-Oxley Act - CORRECT ANSWER✔✔Sarbanes-Oxley Act requires management to assess
a company's internal control annually.
Which of the following reports are issued quarterly?
10-K
8-K
