CFE Cheat Sheet 2026

The 30 highest-yield CFE facts, distilled from real exam questions. Print it, save it as a PDF, or study it here โ€” free, no sign-up.

310 questions
390 min time limit
75% to pass
  1. Which of the following is a common red flag that might indicate an employee is involved in an asset misappropriation scheme? โ†’ The employee consistently lives a lifestyle that appears to be beyond their known salary.
  2. A 'shell company' is most commonly used in money laundering schemes to: โ†’ Conceal the true ownership and origin of funds through complex corporate layers
  3. Which of the following tasks does not fall under the purview of bankruptcy courts? โ†’ Supervising bankruptcy petitions
  4. What is 'steganography' in the context of digital fraud? โ†’ Hiding secret data within ordinary digital files such as images or audio
  5. This is what the Gramm-Leach-Bliley Act lets: โ†’ All of the above
  6. Which of the following is a common form of financial statement fraud? โ†’ Overstating expenses to reduce taxes
  7. According to the principles of a sound fraud risk management program, which of the following is considered a foundational component? โ†’ A strong governance structure and a commitment to ethical conduct from senior management.
  8. Which of the following correctly outlines the three general phases of a structured interview process used by fraud examiners? โ†’ Introduction, Informational, and Closing
  9. When a CFE preserves digital evidence, what is the first critical step to ensure admissibility and integrity? โ†’ Create a forensic image and verify it with a hash value
  10. All of the following are common red flags associated with bribery and corruption EXCEPT: โ†’ Consistently rotating winning bidders on government contracts to ensure fairness.
  11. Which term describes the use of cash-intensive businesses (such as car washes or restaurants) to mix criminal proceeds with legitimate revenue? โ†’ Commingling
  12. What is the primary purpose of a honeypot in a fraud detection context? โ†’ To lure and detect unauthorized users or fraudsters accessing systems
  13. Which analytical procedure involves tracing a transaction from its origin through all processing steps to the final recorded amount? โ†’ Tracing
  14. Which of the following activities is MOST critical for evaluating the operating effectiveness of existing anti-fraud controls during a fraud risk assessment? โ†’ Conducting transactional testing and observing control activities.
  15. Each of these agencies is a good fit for the kind of information it gives, except: โ†’ State attorney gen: maintains birth records and info about people's SSNs
  16. Which of these is usually the best way to get proof that something happened? โ†’ Computer based queries of full population accounting and other databases
  17. Which element is NOT required to prove civil fraud in the United States? โ†’ A criminal conviction of the perpetrator
  18. Which type of fraud involves creating fictitious identities by combining real and fabricated personal information to obtain credit? โ†’ Synthetic identity fraud
  19. Which metadata attribute can help a CFE determine when a document was originally created on a computer? โ†’ File creation timestamp
  20. The forms that allow noncash assets to be moved from one place in a company to another are called: โ†’ Asset requisition
  21. Which federal statute criminalizes the use of mail or wire communications in furtherance of a scheme to defraud? โ†’ Mail and Wire Fraud Statutes (18 U.S.C. ยงยง 1341, 1343)
  22. The Sarbanes-Oxley Act Section 806 primarily protects which group? โ†’ Employees of publicly traded companies who report securities fraud
  23. Which of the following is an example of a red flag on a financial statement? โ†’ A large number of bank reconciliations have not been completed
  24. Why is a fraud investigation done in the first place? โ†’ To determine if fraud has occurred
  25. Which of the following is the best example of a proactive fraud *prevention* control? โ†’ Performing mandatory background checks on all new employees in sensitive positions.
  26. A launderer deposits $9,500 in cash multiple times to avoid the $10,000 Currency Transaction Report (CTR) threshold. This activity is known as: โ†’ Structuring (smurfing)
  27. Under the Bank Secrecy Act (BSA), financial institutions in the U.S. must file a Currency Transaction Report (CTR) for cash transactions exceeding: โ†’ $10,000
  28. Which doctrine holds that a corporation is criminally liable for crimes committed by its employees acting within the scope of their employment? โ†’ Respondeat superior
  29. Which of the following best describes 'mens rea' in the context of fraud? โ†’ The guilty mind or criminal intent required for fraud
  30. Which data analysis technique involves comparing an organization's financial ratios to industry norms to identify anomalies suggesting fraud? โ†’ Ratio analysis