Which of the following is a red flag for insider computer fraud?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Coach CFE Exam. Study using flashcards and multiple-choice questions, each with hints and explanations. Get ready for your assessment!

Multiple Choice

Which of the following is a red flag for insider computer fraud?

Explanation:
Lack of monitoring and follow-through on exceptions is a major red flag in insider fraud detection. Exception reports highlight deviations from normal policies or expected behavior. If these reports are not reviewed and not resolved, those deviations can accumulate without anyone noticing, making it easy for someone inside to conceal unauthorized activity or transactions. The absence of corrective action signals weak governance and increased opportunity for fraud. Regularly reviewing access logs shows active monitoring, which is a positive control. Production programs running at unusual hours can have legitimate reasons like batch processing or maintenance windows, so it isn’t by itself definitive of fraud. End users not being allowed to access production data is a security best practice and reduces risk, not a warning sign.

Lack of monitoring and follow-through on exceptions is a major red flag in insider fraud detection. Exception reports highlight deviations from normal policies or expected behavior. If these reports are not reviewed and not resolved, those deviations can accumulate without anyone noticing, making it easy for someone inside to conceal unauthorized activity or transactions. The absence of corrective action signals weak governance and increased opportunity for fraud.

Regularly reviewing access logs shows active monitoring, which is a positive control. Production programs running at unusual hours can have legitimate reasons like batch processing or maintenance windows, so it isn’t by itself definitive of fraud. End users not being allowed to access production data is a security best practice and reduces risk, not a warning sign.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy