Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An exception report is generated by a program that identifies transactions or data that appear to be incorrect. These items may be outside a predetermined range or may not conform to specified criteria.






2. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of






3. Memory chips with embedded program code that hold their content when power is turned off






4. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links






5. Record layouts provide information regarding the type of record; its size and the type of data contained in the record. Screen and report layouts describe what information is provided and necessary for input.






6. Requiring a great deal of computing power; processor intensive






7. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d






8. Files created specifically to record various actions occurring on the system to be monitored; such as failed login attempts; full disk drives and e-mail delivery failures






9. Estimated cost and revenue amounts for a given range of periods and set of books. There can be multiple budget versions for the same set of books.






10. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv






11. The code used to designate the location of a specific piece of data within computer storage






12. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator






13. A methodology that enables organisations to develop strategically important systems faster; while reducing development costs and maintaining quality by using a series of proven application development techniques; within a well-defined methodology.






14. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed






15. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.






16. The flow of data from the input (in Internet banking; ordinarily user input at his/her desktop) to output (in Internet banking; ordinarily data in a bank's central database). Data flow includes travelling through the communication lines; routers; swi






17. A protocol used for transmitting data between two ends of a connection






18. A standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system.






19. A system software tool that logs; monitors and directs computer tape usage






20. The boundary defining the scope of control authority for an entity. For example; if a system is within the control perimeter; the right and ability exists to control it in response to an attack.






21. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users






22. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.






23. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od






24. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.






25. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame






26. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)






27. A biometric device that is used to authenticate a user through palm scans






28. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas






29. A set of protocols developed by the IETF to support the secure exchange of packets






30. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).






31. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.






32. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy






33. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis






34. A system of interconnected computers and the communications equipment used to connect them






35. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.






36. The practice of eavesdropping on information being transmitted over telecommunications links






37. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an






38. The name given to a class of algorithms that repeatedly try all possible combinations until a solution is found






39. Weaknesses in systems that can be exploited in ways that violate security policy






40. English-like; user friendly; nonprocedural computer languages used to program and/or read and process computer files






41. The risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Internet banking provides the opportunity for banks to expand their geographic range. Customers can r






42. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.






43. A piece of information; in a digitized form; used to recover the plaintext from the corresponding ciphertext by decryption






44. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.






45. A sampling technique used to estimate the average or total value of a population based on a sample; a statistical model used to project a quantitative characteristic; such as a dollar amount






46. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.






47. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity






48. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996






49. Identified by one central processor and databases that form a distributed processing configuration






50. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements