Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase
Control perimeter
Regression testing
War dialler
Journal entry

2. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems
Continuity
Project team
Application software tracing and mapping
Risk

3. An Internet standard that allows a network to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. The server; providing the NAT service; changes the source address of outgoing packets from the internal
NAT (Network Address Translation)
Offsite storage
Spoofing
Editing

4. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer
Data-oriented systems development
Management information system (MIS)
Public key cryptosystem
Control section

5. Used to electronically scan and input written information from a source document
Asymmetric key (public key)
Appearance
Optical character recognition
Integrity

6. The roles; scope and objectives documented in the service level agreement between management and audit
Mutual takeover
RFC (request for comments)
Indexed sequential access method (ISAM)
Audit responsibility

7. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links
Data communications
Voice mail
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Data integrity

8. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig
Harden
Downloading
Preventive controls
Fiber optic cable

9. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint
Router
Detailed IS ontrols
Check digit verification (self-checking digit)
Biometrics

10. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making
Management information system (MIS)
Field
DDoS (distributed denial-of-service) attack
Consumer

11. An audit designed to determine the accuracy of financial records; as well as evaluate the internal controls of a function or department
Comprehensive audit
Uploading
Telecommunications
Nonrepudiation

12. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).
Anomaly
Preventive controls
Recovery point objective (RPO)—
L2TP (Layer 2 tunneling protocol)

13. A program that processes actions upon business data; such as data entry; update or query. It contrasts with systems program; such as an operating system or network control program; and with utility programs; such as copy or sort.
Recovery testing
Utility software
Cross-certification
Application program

14. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.
Security software
Passive assault
Router
Security/transaction risk

15. A protocol used for transmitting data between two ends of a connection
business process integrity
PPP (point-to-point protocol)
RSA
RS-232 interface

16. The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction
Expert systems
Initial program load (IPL)
File
Internet banking

17. A protocol for packet-switching networks
Exception reports
HTTPS (hyper text transfer protocol secure)
Value-added network (VAN)
X.25

18. Refers to a sprinkler system that does not have water in the pipes during idle usage; unlike a fully charged fire extinguisher system that has water in the pipes at all times. The dry-pipe system is activated at the time of the fire alarm; and water
Bulk data transfer
L2TP (Layer 2 tunneling protocol)
Executable code
Dry-pipe fire extinguisher system

19. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently
Address
Foreign exchange risk
Concurrent access
Logical access controls

20. Those controls that seek to maintain confidentiality; integrity and availability of information
Non-intrusive monitoring
Data security
Mutual takeover
Middleware

21. A project management technique used in the planning and control of system projects
Centralized data processing
Program evaluation and review technique (PERT)
Telecommunications
Penetration testing

22. A sampling technique that estimates the amount of overstatement in an account balance
Bypass label processing (BLP)
IT governance
Error
Monetary unit sampling

23. An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals
Application security
Fail-over
Access control table
Recovery testing

24. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.
Digital signature
Utility software
Personal identification number (PIN)
Default password

25. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco
Address space
Assembler
Modem (modulator-demodulator)
Worm

26. A language; which enables electronic documents that present information that can be connected together by links instead of being presented sequentially; as is the case with normal text.
Test generators
Detailed IS ontrols
Hypertext
Information processing facility (IPF)

27. Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure; more responsive to the customer base and market conditions; while yielding material cost savings. To ree
Hexadecimal
Application acquisition review
Random access memory (RAM)
Business process reengineering (BPR)

28. The transfer of service from an incapacitated primary component to its backup component
Operational audit
Authorization
Systems analysis
Fail-over

29. A device for sending and receiving computerized data over transmission lines
Threat
Terminal
Technical infrastructure security
X.500

30. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame
Journal entry
Frame relay
Hardware
Network

31. To record details of information or events in an organized record-keeping system; usually sequenced in the order they occurred
Financial audit
Default deny policy
Utility software
Log

32. The ability to exercise judgement; express opinions and present recommendations with impartiality
Anonymity
Communications controller
Sampling risk
Objectivity

33. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.
Encapsulation (objects)
Audit evidence
Intranet
Logon

34. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Object code
Dynamic analysis
Remote job entry (RJE)
Data flow

35. Records of system events generated by a specialized operating system mechanism
Taps
Information processing facility (IPF)
Operating system audit trails
RADIUS

36. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.
Address space
Tuple
Middleware
Mutual takeover

37. The process of monitoring the events occurring in a computer system or network; detecting signs of security problems
Anomaly detection
Data owner
Intrusion detection
RADIUS (remote authentication dial-in user service)

38. Use of the Internet as a remote delivery channel for banking services. Services include the traditional ones; such as opening an account or transferring funds to different accounts; and new banking services; such as electronic bill presentment and pa
Field
Internet banking
Reciprocal agreement
Structured Query Language (SQL)

39. Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However; the goal of component
Electronic cash
Plaintext
Components (as in component-based development)
Port

40. A deficiency in the design or operation of a control procedure. Control weaknesses can potentially result in risks relevant to the area of activity not being reduced to an acceptable level (relevant risks are those that threaten achievement of the ob
Allocation entry
Corrective controls
Project sponsor
Control weakness

41. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.
Digital certificate
Run-to-run totals
Terms of reference
Surge suppressor

42. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems
Taps
Worm
PPP (point-to-point protocol)
Regression testing

43. The interface between the user and the system
DMZ (demilitarized zone)
Shell
Security software
Audit expert systems

44. A technique used to recover the original plaintext from the ciphertext such that it is intelligible to the reader. The decryption is a reverse process of the encryption.
Decryption
Firmware
Client-server
Ciphertext

45. An individual using a terminal; PC or an application can access a network to send an unstructured message to another individual or group of people.
Multiplexing
Format checking
Criteria
E-mail/interpersonal messaging

46. In broadband; multiple channels are formed by dividing the transmission medium into discrete frequency segments. It generally requires the use of a modem.
Sequential file
Firewall
Broadband
Router

47. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context
IT governance
Materiality
Security testing
Nonrepudiable trnasactions

48. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product
IDS (intrusion detection system)
Compiler
Request for proposal (RFP)
Recovery point objective (RPO)—

49. The physical layout of how computers are linked together. Examples include ring; star and bus.
Topology
Verification
COCO
Audit authority

50. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs
Requirements definition
Independence
UDDI
Object Management Group (OMG)