Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. An international consortium founded in 1994 of affiliates from public and private organizations involved with the Internet and the web. The W3C's primary mission is to promulgate open standards to further enhance the economic growth of Internet web s
World Wide Web Consortium (W3C)
Universal Description; Discovery and Integration (UDDI)
Logoff
Hash total

2. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.
HTTPS (hyper text transfer protocol secure)
Judgment sampling
Ciphertext
TCP (transmission control protocol)

3. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for
Baseband
Penetration testing
Recovery point objective (RPO)—
Multiplexor

4. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in
Password cracker
Sequential file
Backup
Check digit verification (self-checking digit)

5. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions
Population
Object orientation
Computationally greedy
Local area network (LAN)

6. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio
Bar code
Coaxial cable
Brouters
Nonrepudiation

7. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof
Run-to-run totals
Binary code
PPP (point-to-point protocol)
Audit expert systems

8. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.
Function point analysis
Audit charter
Direct reporting engagement
Field

9. The proportion of known attacks detected by an intrusion detection system
Coverage
Corporate exchange rate
Network
Cohesion

10. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically
Judgment sampling
Console log
Signatures
Range check

11. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.
vulnerability
Spool (simultaneous peripheral operations online)
Web page
Audit charter

12. The Internet standards setting organization with affiliates internationally from network industry representatives. This includes all network industry developers and researchers concerned with evolution and planned growth of the Internet.
Fail-over
Bus
Evidence
Internet Engineering Task Force (IETF)

13. A set of utilities that implement a particular network protocol. For instance; in Windows machines a TCP/IP stack consists of TCP/IP software; sockets software and hardware driver software.
Control risk self-assessment
Protocol stack
Personal identification number (PIN)
SMTP (Simple Mail Transport Protocol)

14. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.
Computer-assisted audit technique (CAATs)
Continuity
Systems acquisition process
Control objective

15. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme
Network
Public key
Generalized audit software
Harden

16. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates
Hardware
Operational risk
Certificate authority (CA)
Data owner

17. Any information collection mechanism utilized by an intrusion detection system
Adjusting period
Monitor
Asymmetric key (public key)
Business impact analysis (BIA)

18. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.
Token ring topology
File layout
Leased lines
Audit

19. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department
Operational audit
Application
Object Management Group (OMG)
Project sponsor

20. The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risk.
Audit objective
Asynchronous transmission
Parallel testing
Librarian

21. Used in data encryption; it uses an encryption key; as a public key; to encrypt the plaintext to the ciphertext. It uses the different decryption key; as a secret key; to decrypt the ciphertext to the corresponding plaintext. In contrast to a private
Private key
Application proxy
Source code
Public key cryptosystem

22. Advanced computer systems that can simulate human capabilities; such as analysis; based on a predetermined set of rules
Input controls
Artificial intelligence
Capacity stress testing
Transaction log

23. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks
Decision support systems (DSS)
Generalized audit software
Exception reports
Harden

24. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi
Internal control
Computer-assisted audit technique (CAATs)
Access control
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)

25. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.
Structured Query Language (SQL)
Protocol
Internal control
Card swipes

26. A device that is used to authenticate a user; typically in addition to a username and password. It is usually a credit card-sized device that displays a pseudo random number that changes every few minutes.
Single point of failure
Packet filtering
Interest rate risk
Token

27. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules
Hot site
Packet filtering
Comparison program
LDAP (Lightweight Directory Access Protocol)

28. Freedom from unauthorized intrusion
Direct reporting engagement
Privacy
Circuit-switched network
Availability

29. The act or function of developing and maintaining applications programs in production
Spanning port
Application programming
Data security
Operational audit

30. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac
Test data
Reciprocal agreement
Router
Adjusting period

31. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.
Technical infrastructure security
Demodulation
Promiscuous mode
Audit sampling

32. Interface between data terminal equipment and data communications equipment employing serial binary data interchange
RS-232 interface
Security policy
Anomaly
Journal entry

33. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature
RADIUS (remote authentication dial-in user service)
Biometric locks
Run-to-run totals
System narratives

34. To configure a computer or other network device to resist attacks
Parallel testing
Network hop
Harden
Librarian

35. A popular local area network operating system developed by the Novell Corp.
Attribute sampling
Degauss
Netware
Fraud risk

36. A software engineering technique whereby an existing application system code can be redesigned and coded using computer-aided software engineering (CASE) technology
Smart card
Accountability
Quick ship
Reverse engineering

37. A computer file storage format in which one record follows another. Records can be accessed sequentially only. It is required with magnetic tape.
Detection risk
Sequential file
Application acquisition review
Cryptography

38. A manual or automated log of all updates to data files and databases
Transaction log
Audit expert systems
vulnerability
Master file

39. Programs that are used to process live or actual data that were received as input into the production environment.
Production programs
implementation life cycle review
Default deny policy
Electronic signature

40. Used to electronically scan and input written information from a source document
Optical character recognition
Anomaly
Digital certificate
Password

41. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems
Ciphertext
Risk
Telecommunications
Cold site

42. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules
Due professional care
Filtering router
Protocol
Noise

43. An approach to system development where the basic unit of attention is an object; which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template ca
Combined Code on Corporate Governance
Logs/Log file
Bus
Object orientation

44. A protocol for packet-switching networks
X.25
Comprehensive audit
Fail-over
Security policy

45. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no
Combined Code on Corporate Governance
Idle standby
Management information system (MIS)
Trusted processes

46. Diligence which a person would exercise under a given set of circumstances
PPTP (point-to-point tunneling protocol)
IP (Internet protocol)
Due care
Statistical sampling

47. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.
Electronic funds transfer (EFT)
Posting
Distributed data processing network
Trust

48. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users
Tuple
Transaction
Split DNS
Local loop

49. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes
Application acquisition review
IT governance
Image processing
Rounding down

50. An audit designed to determine the accuracy of financial records and information
e-commerce
Service provider
Financial audit
Artificial intelligence