Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission
SYN (synchronize)
Data-oriented systems development
Web site
Check digit

2. The individual responsible for the safeguard and maintenance of all program and data files
Encryption
Incremental testing
Audit charter
Librarian

3. Changing data with malicious intent before or during input into the system
Data diddling
Validity check
Split DNS
UDP (User Datagram Protocol)

4. Weaknesses in systems that can be exploited in ways that violate security policy
Normalization
Vulnerabilities
Wiretapping
Database specifications

5. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.
Table look-ups
Electronic signature
Intelligent terminal
L2TP (Layer 2 tunneling protocol)

6. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of
Voice mail
Preventive controls
Degauss
Partitioned file

7. A program that translates programming language (source code) into machine executable instructions (object code)
Table look-ups
Error risk
Procedure
Compiler

8. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination
Datagram
Coupling
Encryption key
Address space

9. Refers to a sprinkler system that does not have water in the pipes during idle usage; unlike a fully charged fire extinguisher system that has water in the pipes at all times. The dry-pipe system is activated at the time of the fire alarm; and water
Criteria
Dry-pipe fire extinguisher system
Corporate governance
Spoofing

10. Considered for acquisition the person responsible for high-level decisions; such as changes to the scope and/or budget of the project; and whether or not to implement
Cryptography
Local loop
Project sponsor
Mapping

11. These controls are designed to prevent or restrict an error; omission or unauthorized intrusion.
Preventive controls
Record
Electronic data interchange (EDI)
Offline files

12. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch
System narratives
Telecommunications
Spanning port
Outsourcing

13. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto
Program flowcharts
Simple Object Access Protocol (SOAP)
Internet
Firmware

14. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal
Corporate exchange rate
Check digit
System testing
Real-time processing

15. Those controls that seek to maintain confidentiality; integrity and availability of information
Data security
Decision support systems (DSS)
Recovery testing
Local loop

16. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco
Modem (modulator-demodulator)
Backup
Full duplex
Mutual takeover

17. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem
Project team
Dumb terminal
Distributed data processing network
Symmetric key encryption

18. A type of LAN architecture that utilizes a central controller to which all nodes are directly connected. All transmissions from one station to another pass through the central controller; which is responsible for managing and controlling all communic
Star topology
Population
Mutual takeover
Data Encryption Standard (DES)

19. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action
Data security
Range check
Passive response
Piggy backing

20. A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster
Waterfall development
Record
Check digit
Hot site

21. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.
Intrusion
Fail-over
Budget organization
Noise

22. An integrated set of computer programs designed to serve a particular function that has specific input; processing and output activities (e.g.; general ledger; manufacturing resource planning; human resource management)
Application system
Professional competence
Masking
Authorization

23. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange
Machine language
Feasibility study
legal risk
Telecommunications

24. Any information collection mechanism utilized by an intrusion detection system
Monitor
Transaction protection
Assembly language
Logoff

25. The physical layout of how computers are linked together. Examples include ring; star and bus.
Topology
DoS (denial-of-service) attack
World Wide Web Consortium (W3C)
Range check

26. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.
Data-oriented systems development
Budget hierarchy
Batch processing
Leased lines

27. The practice of eavesdropping on information being transmitted over telecommunications links
Wiretapping
Independent appearance
UNIX
Memory dump

28. Group of people responsible for a project; whose terms of reference may include the development; acquisition; implementation or maintenance of an application system. The team members may include line management; operational line staff; external contr
Project team
Protocol converter
Decentralization
Penetration testing

29. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules
Bandwidth
Data communications
Packet filtering
Private key cryptosystems

30. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results
Public key infrastructure
Parallel testing
Electronic funds transfer (EFT)
Encapsulation (objects)

31. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)
X.25 interface
Duplex routing
Attitude
Token

32. A hierarchical database that is distributed across the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail servers
Application proxy
L2TP (Layer 2 tunneling protocol)
legal risk
DNS (domain name system)

33. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.
Access rights
Masking
Spool (simultaneous peripheral operations online)
Compensating control

34. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.
Trusted processes
Assembly language
Trojan horse
Registration authority (RA)

35. Is present when a financial asset or liability is denominated in a foreign currency or is funded by borrowings in another currency
Auditability
Foreign exchange risk
Coverage
Hub

36. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t
Service provider
Datagram
Magnetic card reader
legal risk

37. Polymorphism refers to database structures that send the same command to different child objects that can produce different results depending on their family hierarchical tree structure.
Centralized data processing
Audit responsibility
Audit evidence
Polymorphism (objects)

38. A layer within the International Organization for Standardization (ISO)/Open Systems Interconnection (OSI) model. It is used in information transfers between users through application programs and other devices. In this layer various protocols are ne
Application layer
Network hop
Leased lines
Standing data

39. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C
COCO
Router
Bar code
Object Management Group (OMG)

40. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei
Bus topology
ISP (Internet service provider)
Central office (CO)
Reputational risk

41. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.
Default deny policy
Run instructions
Screening routers
Voice mail

42. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking
Electronic cash
Application program
L2TP (Layer 2 tunneling protocol)
Private key cryptosystems

43. Confidentiality concerns the protection of sensitive information from unauthorized disclosure
Confidentiality
ASCII (American Standard Code for Information Interchange)
Offline files
Reasonableness check

44. An evaluation of any part of a project to perform maintenance on an application system (e.g.; project management; test plans; user acceptance testing procedures)
Vulnerabilities
Batch control
Uploading
Application maintenance review

45. The process of monitoring the events occurring in a computer system or network; detecting signs of security problems
Monitor
Intrusion detection
Sufficient audit evidence
Electronic funds transfer (EFT)

46. A file format in which the file is divided into multiple subfiles and a directory is established to locate each subfile
Confidentiality
FTP (file transfer protocol)
Partitioned file
External router

47. The risk of errors occurring in the area being audited
Permanent virtual circuit (PVC)
Diskless workstations
Real-time processing
Error risk

48. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)
Coverage
Teleprocessing
Security software
Application implementation review

49. A protocol and program that allows the remote identification of users logged into a system
RS-232 interface
Finger
Control objective
Piggy backing

50. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information
Partitioned file
Trusted systems
Virtual private network (VPN)
Spanning port