CFE UPDATED ACTUAL Questions and
CORRECT Answers
Falsified Hours & Salary Schemes - CORRECT ANSWER- ✔✔The most common method
of misappropriating funds from the payroll is the overpayment of wages. For hourly
employees, the size of a paycheck is based on two factors: the number of hours worked and
the rate of pay. Therefore, for hourly employees to fraudulently increase the size of their
paycheck, they must either falsify the number of hours they have worked or change their
wage rate.
Common ways to commit a falsified hours and salary scheme - CORRECT ANSWER- ✔✔1)
Inflating the number of hours worked
2) Inflating the rate of pay
3) Forging a supervisor's signature
4) Collusion with a supervisor
5) Implementing poor custody procedures
6) Altering a timesheet after it has been approved
Fictitious Provider Scheme - CORRECT ANSWER- ✔✔Corrupt providers or other criminals
fraudulently obtain and use another provider's identification information and steal or purchase
lists of patients' identifying information. Thereafter, the perpetrator submits bills using the
fictitious provider's information to the insurance provider or government health care program
for medical services, although no services are performed.
Address Similarity Reports - CORRECT ANSWER- ✔✔electronically compare multiple
payments going to the same address. These reports are extremely useful because they might
show a payment defalcation or funds going to another insurance company, broker, or
fictitious payee.
Bad Debt Expense - CORRECT ANSWER- ✔✔Managers can overstate their company's
accounts receivable balance by failing to record bad debt expense. Bad debt expense is
recorded to account for any uncollectible accounts receivable. The debit side of the entry
increases bad debt expense, and the credit side of the entry increases the allowance (or
provision) for doubtful accounts, which is a contra account that is recorded against accounts
receivable. Therefore, if the controller fails to record bad debt expense, the allowance (or
provision) for doubtful accounts will be understated.
,Systems for safeguarding sensitive and proprietary information should include: - CORRECT
ANSWER- ✔✔* Task force
* Security risk assessments
* Security policies and procedures
* Awareness training
* Nondisclosure agreements
* Noncompetition agreements
* Data classification
* Data retention and destruction policies
* Data minimization
* Security controls
* Measures to guard manual file systems
* Monitoring of visitor access
* Quiet room
* Incident response plan
The failure to include any of these measures is a poor information security practice that can
contribute to the loss of proprietary information.
To prevent the loss or misuse of sensitive data or proprietary information, organizations
should . . . - CORRECT ANSWER- ✔✔develop and implement risk-based information-
security systems designed to detect and prevent unauthorized access to sensitive information.
An information security system requires controls that are designed to ensure that data are
used as intended, and such controls will depend on the combination and coordination of
people, processes, technologies, and other resources.
Off-book fraud - CORRECT ANSWER- ✔✔A fraud that occurs outside the financial system
and therefore has no direct audit trail. There are several kinds of off-book frauds that will be
discussed in this book. Skimming is the most common off-book fraud.
Skimming - CORRECT ANSWER- ✔✔The removal of cash from a victim entity prior to its
entry in an accounting system. Employees who skim from their companies steal sales or
receivables before they are recorded in the company books. Because of this aspect of their
nature, skimming schemes are known as off-book frauds; they leave no direct audit trail
,DRG creep - CORRECT ANSWER- ✔✔occurs when a hospital or other medical institution
deliberately and systematically manipulates diagnostic and procedural codes to increase
reimbursement amounts or other forms of funding. In other words, DRG creep is an
intentional pattern of upcoding by a hospital or other medical institution.
smartcard - CORRECT ANSWER- ✔✔a plastic card, the size of a credit or debit card,
embedded with a microchip. A key advantage of smart cards is that, unlike regular magnetic
stripe credit and debit cards, they cannot be easily replicated. Similarly, smart cards cannot be
easily counterfeited, which greatly reduces the potential for fraud with in-person transactions.
Smart cards include a wide variety of hardware and software features capable of detecting
and reacting to tampering attempts and countering possible attacks. If someone tries to
tamper with a chip on a smart card, the card detects the intrusion and shuts itself down,
rendering the card useless.
Steps individuals can take to protect their personal information and prevent identity theft -
CORRECT ANSWER- ✔✔* Do not give out government identification numbers unless
absolutely necessary.
* Do not carry government identification cards (or numbers) in purses or wallets.
* Create complex passwords or passphrases that are at least eight characters in length and
contain upper- and lowercase letters, numbers, and symbols.
* Do not reuse passwords. Use a different password for every website, account, or device.
* Never send personal information, such as a password or government identification number,
via email. Reputable organizations will not request personal information by email.
* When available, use biometric authentication (e.g., fingerprints, voice recognition).
* Create unique answers for security questions. Do not choose answers containing personal
information that is publicly available (e.g., name of high school, mother's maiden name).
* Protect computers with strong and regularly updated firewall and antivirus software, and
promptly install all security updates and patches.
* Avoid suspicious websites.
* Delete messages from unknown senders without opening them.
* Only download software from trusted websites.
* Avoid using unsecured, public Wi-Fi networks.
* Limit the amount of personal information shared on social media.
* Use software to permanently erase all data from hard drives before disposing of computers,
smartphones, copiers, printers, and other electronic devices.
, * Secure physical mailboxes with a lock, check physical mail regularly, and instruct the post
office to suspend mail during vacations.
* Shred all sensitive documents.
* Opt out of unsolicited offers for pre-approved credit cards or other lines of credit.
* Pay attention to billing cycles and review all bills and statements.
* Check credit reports regularly.
Indicators of Compromise (IOCs) or Indicators of Attack (IOAs) - CORRECT ANSWER-
✔✔Signs that attackers accessed or are currently attempting to access a system; can include
unusual inbound or outbound network traffic, anomalies in user access to network files, or
unusual network or computer performance.
Abnormal Traffic - CORRECT ANSWER- ✔✔Either higher or lower than usual, could be an
indication that an attacker has gained access to an organization's network and is manipulating
traffic by sending malicious software to the network or exfiltrating data from it, among other
things. A common sign of unusual network traffic includes geographical irregularities related
to network access and traffic.
Abnormal Access Patterns - CORRECT ANSWER- ✔✔Most organizations employ a system
that restricts access to sensitive files or information on their network to only those who
require that access as part of their organizational role, and user patterns typically reflect
access that aligns with the normal course of business. Any abnormalities or outliers to the
usual access patterns could indicate that the network has been compromised by an insider or
external actor and might include passwords that are not working or bundles of data being in
the incorrect place.
Unusual Performance Issues - CORRECT ANSWER- ✔✔Many different types of computer
and network intrusion or compromise can result in performance issues for the computers or
networks that are presumed to be affected, whether the issues relate to malware infection,
external unauthorized access, or insider actions. Some unusual performance issues that could
indicate that a computer or network is compromised might include unexpected patching of
systems or the installation of unwanted or unknown software.
Technical Surveillance - CORRECT ANSWER- ✔✔the practice of covertly acquiring audio,
visual, or other types of data from targets through the use of technical devices, procedures,
and techniques. When corporate spies resort to this, it is usually to gather nondocumentary
evidence or information that cannot be found through open sources.
