Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.






2. A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations






3. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.






4. A fail-over process in which the primary node owns the resource group. The backup node runs a non-critical application (e.g.; a development or test environment) and takes over the critical resource group but not vice versa.






5. A debit or credit to a general ledger account. See also manual journal entry.






6. The application of an edit; using a predefined field definition to a submitted information stream; a test to ensure that data conform to a predefined format






7. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack






8. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim






9. The potential loss to an area due to the occurrence of an adverse event






10. Software used to create data to be used in the testing of computer programs






11. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes






12. The main memory of the computer's central processing unit






13. The act of giving the idea or impression of being or doing something






14. A program written in a portable; platform independent computer language; such as Java. It is usually embedded in an HTML page and then executed by a browser. Applets can only perform a restricted set of operations; thus preventing; or at least minimi






15. Refers to a sprinkler system that does not have water in the pipes during idle usage; unlike a fully charged fire extinguisher system that has water in the pipes at all times. The dry-pipe system is activated at the time of the fire alarm; and water






16. A data transmission service requiring the establishment of a circuit-switched connection before data can be transferred from source data terminal equipment (DTE) to a sink DTE. A circuit-switched data transmission service uses a connection network.






17. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm






18. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.






19. Integral part of an application system that is designed to identify and report specific transactions or other information based on pre-determined criteria. Identification of reportable items occurs as part of real-time processing. Reporting may be re






20. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems






21. The computer room and support areas






22. A networking device that can send (route) data packets from one local area network (LAN) or wide area network (WAN) to another; based on addressing at the network layer (Layer 3) in the OSI model. Networks connected by routers can use different or si






23. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking






24. The process of creating and managing duplicate versions of a database. Replication not only copies a database but also synchronizes a set of replicas so that changes made to one replica are reflected in all the others. The beauty of replication is th






25. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem






26. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed






27. Data that is not encrypted. Also known as plaintext.






28. The act of copying raw data from one place to another with little or no formatting for readability. Usually; dump refers to copying data from main memory to a display screen or a printer. Dumps are useful for diagnosing bugs. After a program fails; o






29. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.






30. A document which defines the IS audit function's responsibility; authority and accountability






31. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities






32. A system software tool that logs; monitors and directs computer tape usage






33. Asoftware testing technique whereby the internal workings of the item being tested are not known by the tester. For example - in a black box test on a software design the tester only knows the inputs and what the expected outcomes should be and not h






34. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.






35. Software packages that sequentially dial telephone numbers; recording any numbers that answer






36. The process of determining what types of activities are permitted. Ordinarily; authorisation is in the context of authentication: once you have authenticated a user; he/she may be authorised to perform different types of access or activity






37. The susceptibility of an audit area to error which could be material; individually or in combination with other errors; assuming that there are no related internal controls






38. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti






39. Files maintained by a system; primarily a database management system; for the purposed of reapplying changes following an error or outage recovery






40. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio






41. Using telecommunications facilities for handling and processing of computerized information






42. In a passive assault; intruders attempt to learn some characteristic of the data being transmitted. They may be able to read the contents of the data so the privacy of the data is violated. Alternatively; although the content of the data itself may r






43. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer






44. The technique used for selecting records in a file; one at a time; for processing; retrieval or storage. The access method is related to; but distinct from; the file organization that determines how the records are stored.






45. The interface between the user and the system






46. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.






47. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems






48. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances






49. A piece of information; in a digitized form; used to recover the plaintext from the corresponding ciphertext by decryption






50. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)