SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions
Population
Threat
System flowcharts
Application programming
2. Memory chips with embedded program code that hold their content when power is turned off
browser
Coverage
Firmware
Output analyzer
3. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
ISP (Internet service provider)
ICMP (internet control message protocol)
Trust
Requirements definition
4. Software used to create data to be used in the testing of computer programs
Geographic disk mirroring
Electronic cash
Test generators
Alpha
5. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems
Third-party review
Information engineering
Monitor
COSO
6. Software packages that sequentially dial telephone numbers; recording any numbers that answer
RADIUS (remote authentication dial-in user service)
Database
Completeness check
War dialler
7. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.
Partitioned file
Security perimeter
Electronic funds transfer (EFT)
Application maintenance review
8. Changing data with malicious intent before or during input into the system
Outsourcing
Data diddling
ISP (Internet service provider)
Business-to-consumer e-commerce (B2C)
9. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in
Bus
Data flow
Wiretapping
Password cracker
10. Disturbances; such as static; in data transmissions that cause messages to be misinterpreted by the receiver
Credit risk
Noise
Enterprise resource planning
Check digit verification (self-checking digit)
11. The act or function of developing and maintaining applications programs in production
Smart card
Application programming
Librarian
Hub
12. Data that is not encrypted. Also known as plaintext.
Management information system (MIS)
Cleartext
Criteria
Bandwidth
13. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio
Initial program load (IPL)
Coverage
Audit plan
Coaxial cable
14. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.
Corporate exchange rate
Format checking
Buffer
Sequence check
15. A sampling technique used to estimate the average or total value of a population based on a sample; a statistical model used to project a quantitative characteristic; such as a dollar amount
Variable sampling
Offsite storage
Topology
Numeric check
16. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.
Useful audit evidence
Project team
Database replication
Image processing
17. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key
Microwave transmission
Universal Description; Discovery and Integration (UDDI)
Private key
Reasonable assurance
18. Data unit that is routed from source to destination in a packet-switched network. A packet contains both routing information and data. Transmission control protocol/Internet protocol (TCP/IP) is such a packet-switched network.
Technical infrastructure security
Budget formula
Packet
Encryption
19. To configure a computer or other network device to resist attacks
Initial program load (IPL)
Harden
Controls (Control procedures)
Format checking
20. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity
Error
False negative
Detective controls
Database specifications
21. A collection of related information treated as a unit. Separate fields within the record are used for processing of the information.
Real-time processing
Librarian
Warm-site
Record
22. Error control deviations (compliance testing) or misstatements (substantive testing)
Error risk
Split DNS
Error
Router
23. Processes certified as supporting a security goal
IT governance
Dumb terminal
Modem (modulator-demodulator)
Trusted processes
24. General controls which are designed to manage and monitor the IS environment and which; therefore; affect all IS-related activities
Operational audit
Address
Pervasive IS controls
Source code
25. A document which defines the IS audit function's responsibility; authority and accountability
Reasonableness check
Telecommunications
Audit charter
Incremental testing
26. A protocol for packet-switching networks
HTTPS (hyper text transfer protocol secure)
X.25
Application implementation review
Parallel testing
27. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.
Inherent risk
Packet filtering
Run instructions
Integrated services digital network (ISDN)
28. The person responsible for maintaining a LAN and assisting end users
Network administrator
Random access memory (RAM)
Batch control
Unit testing
29. Simulated transactions that can be used to test processing logic; computations and controls actually programmed in computer applications. Individual programs or an entire system can be tested. This technique includes Integrated Test Facilities (ITFs)
Feasibility study
Job control language (JCL)
Test data
Rotating standby
30. A networking device that can send (route) data packets from one local area network (LAN) or wide area network (WAN) to another; based on addressing at the network layer (Layer 3) in the OSI model. Networks connected by routers can use different or si
Utility programs
Parallel testing
Audit plan
Router
31. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.
Source documents
Objectivity
Program narratives
Dry-pipe fire extinguisher system
32. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.
Address space
Firewall
Integrated test facilities (ITF)
Source documents
33. A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify if they actually arrive at the destination; not if
UDP (User Datagram Protocol)
Cleartext
Reasonableness check
Taps
34. Auxiliary computer hardware equipment used for input; output and data storage. Examples include disk drives and printers.
Tape management system (TMS)
Digital certification
Intranet
Peripherals
35. Specifies the format of packets and the addressing scheme
Middleware
Internet banking
Netware
IP (Internet protocol)
36. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.
Indexed sequential access method (ISAM)
Standing data
Decryption key
Brouters
37. A data recovery strategy that includes a recovery from complete backups that are physically shipped off site once a week. Specifically; logs are batched electronically several times daily; and then loaded into a tape library located at the same facil
Telnet
Object-oriented system development
Credit risk
Bulk data transfer
38. Universal Description; Discovery and Integration
IP (Internet protocol)
Data diddling
Recovery point objective (RPO)—
UDDI
39. 1) The set of management statements that documents an organization's philosophy of protecting its computing and information assets 2) The set of security rules enforced by the system's security features
Packet filtering
Database
Penetration testing
Security policy
40. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.
Audit risk
Static analysis
Asymmetric key (public key)
Electronic signature
41. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.
Production programs
Base case
Piggy backing
Application programming
42. Used in data encryption; it uses a secret key to encrypt the plaintext to the ciphertext. It also uses the same key to decrypt the ciphertext to the corresponding plaintext. In this case; the key is symmetric such that the encryption key is equivalen
Private key cryptosystems
browser
Completeness check
Project team
43. The portion of a security policy that states the general process that will be performed to accomplish a security goal
Addressing
Tuple
Sampling risk
Procedure
44. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o
Open systems
Certificate authority (CA)
Split data systems
Active recovery site (mirrored)
45. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm
Digital certification
Privilege
Permanent virtual circuit (PVC)
Systems development life cycle (SDLC)
46. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.
Assembler
Reengineering
Security software
Microwave transmission
47. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload
Network hop
Misuse detection
Active recovery site (mirrored)
Whitebox testing
48. A document that confirms the client's and the IS auditor's acceptance of a review assignment
L2TP (Layer 2 tunneling protocol)
Terms of reference
Tuple
Modem (modulator-demodulator)
49. The boundary that defines the area of security concern and security policy coverage
Security perimeter
Service user
Intrusive monitoring
DMZ (demilitarized zone)
50. Special system software features and utilities that allow the user to perform complex system maintenance. Use of these exits often permits the user to operate outside of the security access control system.
Business impact analysis (BIA)
Arithmetic-logic unit (ALU)
Synchronous transmission
System exit
