SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t
Asynchronous transmission
Public key infrastructure
legal risk
General computer controls
2. A report that identifies the elapsed time when a computer is not operating correctly because of machine failure
Central processing unit (CPU)
Control group
Local area network (LAN)
Downtime report
3. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and
Librarian
Application controls
Uploading
Split DNS
4. The risk that an error which could occur in an audit area; and which could be material; individually or in combination with other errors; will not be prevented or detected and corrected on a timely basis by the internal control system
Cathode ray tube (CRT)
Data structure
Bypass label processing (BLP)
Control risk
5. An interface point between the CPU and a peripheral device
Port
Security policy
Tape management system (TMS)
Split data systems
6. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research (can be alpha or numeric and usually utilizes a key field)
Sequence check
Detailed IS ontrols
Hacker
Cross-certification
7. A piece of information; in a digitized form; used to recover the plaintext from the corresponding ciphertext by decryption
Procedure
Decryption key
Diskless workstations
War dialler
8. A group of items that is waiting to be serviced or processed
Decryption
Queue
Symmetric key encryption
Parity check
9. System narratives provide an overview explanation of system flowcharts; with explanation of key control points and system interfaces.
System narratives
Indexed sequential access method (ISAM)
Worm
Inherent risk
10. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat
Database administrator (DBA)
Application acquisition review
Fourth generation language (4GL)
Electronic vaulting
11. An international consortium founded in 1994 of affiliates from public and private organizations involved with the Internet and the web. The W3C's primary mission is to promulgate open standards to further enhance the economic growth of Internet web s
business process integrity
Node
World Wide Web Consortium (W3C)
Electronic funds transfer (EFT)
12. Patterns indicating misuse of a system
Project sponsor
Signatures
Requirements definition
Cryptography
13. A standardized body of data created for testing purposes. Users normally establish the data. Base case validates production application systems and tests the ongoing accurate operation of the system.
Threat
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
Bar case
Run instructions
14. A protocol and program that allows the remote identification of users logged into a system
Parity check
Assembly language
Generalized audit software
Finger
15. The boundary defining the scope of control authority for an entity. For example; if a system is within the control perimeter; the right and ability exists to control it in response to an attack.
Teleprocessing
Signatures
Control perimeter
Gateway
16. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy
Audit
Trap door
System exit
Cryptography
17. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas
Assembler
Control risk
Microwave transmission
Ring topology
18. An engagement where management does not make a written assertion about the effectiveness of their control procedures; and the IS auditor provides an opinion about subject matter directly; such as the effectiveness of the control procedures
Fraud risk
Frame relay
Direct reporting engagement
Hash total
19. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto
Intranet
Simple Object Access Protocol (SOAP)
Validity check
Centralized data processing
20. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination
Datagram
Operational risk
World Wide Web Consortium (W3C)
Multiplexing
21. The organization providing the outsourced service
Service provider
Downtime report
Exception reports
Decryption key
22. The person responsible for maintaining a LAN and assisting end users
Network administrator
Security management
Exposure
Dial-back
23. A computer program or set of programs that perform the processing of records for a specific function
System exit
Personal identification number (PIN)
Application program
Application
24. The area of the central processing unit that performs mathematical and analytical operations
Application programming interface (API)
Strategic risk
Arithmetic-logic unit (ALU)
Bulk data transfer
25. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint
Circuit-switched network
Biometrics
Public key infrastructure
Network
26. Use of the Internet as a remote delivery channel for banking services. Services include the traditional ones; such as opening an account or transferring funds to different accounts; and new banking services; such as electronic bill presentment and pa
virtual organizations
Internet banking
Black box testing
Split data systems
27. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems
File
Magnetic card reader
Control Objectives for Enterprise Governance
Finger
28. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba
Trap door
Datagram
Operational risk
RSA
29. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities
Piggy backing
browser
Protection domain
Local loop
30. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).
Hyperlink
L2TP (Layer 2 tunneling protocol)
Limit check
Idle standby
31. The central database that stores and organizes data
Point-of-sale systems (POS)
Recovery point objective (RPO)—
Repository
Point-of-presence (POP)
32. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action
Audit sampling
Passive response
Memory dump
Verification
33. Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.
Firmware
Address
Application maintenance review
Middleware
34. A journal entry entered at a computer terminal. Manual journal entries can include regular; statistical; inter-company and foreign currency entries
Manual journal entry
Request for proposal (RFP)
Hacker
Validity check
35. The risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Internet banking provides the opportunity for banks to expand their geographic range. Customers can r
Image processing
Cohesion
Database management system (DBMS)
Credit risk
36. The objectives of management that are used as the framework for developing and implementing controls (control procedures).
Control objective
Verification
liquidity risk
COSO
37. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial
Executable code
Enterprise resource planning
Operating system
Reciprocal agreement
38. Measure of interconnectivity among software program modules' structure. Coupling depends on the interface complexity between modules. This can be defined as the point at which entry or reference is made to a module; and what data passes across the in
Audit
BSP (business service provider)
Anomaly detection
Coupling
39. The transmission of job control language (JCL) and batches of transactions from a remote terminal location
Integrity
Confidentiality
Remote job entry (RJE)
Telecommunications
40. A system's level of resilience to seamlessly react from hardware and/or software failure
Fault tolerance
Firewall
Link editor (linkage editor)
Split DNS
41. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem
Appearance
RSA
Universal Description; Discovery and Integration (UDDI)
Symmetric key encryption
42. The process of transmitting messages in convenient pieces that can be reassembled at the destination
Program flowcharts
Hot site
Packet switching
Performance indicators
43. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.
Detective controls
Audit expert systems
Gateway
Active response
44. A cipher technique whereby different cryptographic keys are used to encrypt and decrypt a message (see public key cryptosystems)
General computer controls
Circuit-switched network
Asymmetric key (public key)
Audit expert systems
45. Defined minimum performance measures at or above which the service delivered is considered acceptable
Telecommunications
Encryption key
Service level agreement (SLA)
Test programs
46. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups
Control group
Application software tracing and mapping
Credentialed analysis
Control Objectives for Enterprise Governance
47. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe
Cohesion
Librarian
Expert systems
Table look-ups
48. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.
Requirements definition
Hyperlink
L2TP (Layer 2 tunneling protocol)
Error risk
49. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.
Computer-assisted audit technique (CAATs)
Spool (simultaneous peripheral operations online)
Standing data
Audit accountability
50. A file of semipermanent information that is used frequently for processing data or for more than one purpose
Port
Master file
Non-intrusive monitoring
Systems development life cycle (SDLC)