SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences
Journal entry
Trap door
Proxy server
Comparison program
2. The rules by which a network operates and controls the flow and priority of transmissions
Random access memory (RAM)
Business risk
Protocol
Twisted pairs
3. An authentication protocol; often used by remote-access servers
Feasibility study
TACACS+ (terminal access controller access control system plus)
Split DNS
Credit risk
4. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.
Cadbury
Recovery point objective (RPO)—
Digital certificate
Offsite storage
5. Integral part of an application system that is designed to identify and report specific transactions or other information based on pre-determined criteria. Identification of reportable items occurs as part of real-time processing. Reporting may be re
Anomaly
Embedded audit module
Screening routers
Object orientation
6. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C
Materiality
Direct reporting engagement
Demodulation
Object Management Group (OMG)
7. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently
Addressing
Concurrent access
Uninterruptible power supply (UPS)
Appearance
8. A protocol for packet-switching networks
Spoofing
X.25
Operating system
Detection risk
9. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.
Application acquisition review
Parallel simulation
Electronic cash
Online data processing
10. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu
Electronic funds transfer (EFT)
Permanent virtual circuit (PVC)
Application development review
Completeness check
11. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs
Client-server
Twisted pairs
Simple Object Access Protocol (SOAP)
Requirements definition
12. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be
Test data
Automated teller machine (ATM)
Appearance
Hash function
13. A device that forwards packets between LAN devices or segments. LANs that use switches are called switched LANs.
Independence
Intrusion detection
Switch
Reasonable assurance
14. Intentional violations of established management policy or regulatory requirements. Deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole; gross negligence or unintentional illegal acts.
Trojan horse
Irregularities
Half duplex
False negative
15. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul
ISO17799
IT governance
Request for proposal (RFP)
Parallel simulation
16. A communication network that serves several users within a specified geographic area. It is made up of servers; workstations; a network operating system and a communications link. Personal computer LANs function as distributed processing systems in w
Decryption
Teleprocessing
Local area network (LAN)
Network hop
17. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules
Computer-assisted audit technique (CAATs)
Masqueraders
Security testing
Internet Inter-ORB Protocol (IIOP)
18. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer
Hot site
Salami technique
Input controls
Concurrent access
19. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research
Computer sequence checking
Hardware
Electronic cash
Bypass label processing (BLP)
20. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.
Reliable audit evidence
Independence
Logical access controls
Sampling risk
21. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m
Operational control
Request for proposal (RFP)
price risk
Control objective
22. Block-at-a-time data transmission
Test generators
Professional competence
Application security
Synchronous transmission
23. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial
Database specifications
NAT (Network Address Translation)
X.500
Enterprise resource planning
24. A system of interconnected computers and the communications equipment used to connect them
Source code
Network
Service provider
Business process reengineering (BPR)
25. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research (can be alpha or numeric and usually utilizes a key field)
Service user
Sequence check
Budget hierarchy
Audit objective
26. A computer file storage format in which one record follows another. Records can be accessed sequentially only. It is required with magnetic tape.
Internet banking
Security management
Protection domain
Sequential file
27. A protocol used for transmitting data between two ends of a connection
Pervasive IS controls
PPP (point-to-point protocol)
Procedure
Database specifications
28. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications
Continuous auditing approach
Limit check
Memory dump
Application security
29. Also known as traditional development; it is a very procedure-focused development cycle with formal sign-off at the completion of each level.
Waterfall development
Modem (modulator-demodulator)
Audit
Audit program
30. The rate of transmission for telecommunication data. It is expressed in bits per second (bps).
Baud rate
Logs/Log file
Integrity
BSP (business service provider)
31. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking
Reengineering
Transaction protection
Electronic cash
IT governance
32. 1) The set of management statements that documents an organization's philosophy of protecting its computing and information assets 2) The set of security rules enforced by the system's security features
Verification
Authorization
Security policy
Symmetric key encryption
33. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.
Program narratives
Active response
System testing
File layout
34. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec
Sampling risk
Expert systems
COSO
Administrative controls
35. Freedom from unauthorized intrusion
Privacy
Credit risk
Hot site
External router
36. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))
Budget
Range check
Reciprocal agreement
Web Services Description Language (WSDL)
37. An exception report is generated by a program that identifies transactions or data that appear to be incorrect. These items may be outside a predetermined range or may not conform to specified criteria.
Procedure
Leased lines
Exception reports
Application acquisition review
38. Relates to the technical and physical features of the computer
Latency
Service provider
Adjusting period
Hardware
39. Auxiliary computer hardware equipment used for input; output and data storage. Examples include disk drives and printers.
Magnetic card reader
Public key
Peripherals
Noise
40. The act of transferring computerized information from one computer to another computer
Downloading
Tcpdump
Network hop
Real-time analysis
41. The area of the system that the intrusion detection system is meant to monitor and protect
Protection domain
Operator console
Application software tracing and mapping
Echo checks
42. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.
Coupling
Integrated test facilities (ITF)
Cathode ray tube (CRT)
Offsite storage
43. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions
Availability
BSP (business service provider)
Antivirus software
Population
44. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy
Generalized audit software
Point-of-presence (POP)
e-commerce
Virtual private network (VPN)
45. Those controls that seek to maintain confidentiality; integrity and availability of information
Intelligent terminal
Digital signature
Scheduling
Data security
46. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination
Rounding down
Datagram
Proxy server
Security perimeter
47. A series of tests designed to ensure that the modified program interacts correctly with other system components. These test procedures typically are performed by the system maintenance staff in their development library.
Discovery sampling
System testing
Record; screen and report layouts
Detection risk
48. A journal entry entered at a computer terminal. Manual journal entries can include regular; statistical; inter-company and foreign currency entries
Pervasive IS controls
Budget formula
Transaction
Manual journal entry
49. The computer's primary working memory. Each byte of memory can be accessed randomly regardless of adjacent bytes.
Card swipes
Random access memory (RAM)
Access control
Gateway
50. A computer facility that provides data processing services to clients on a continual basis
Service bureau
Data leakage
Relevant audit evidence
Intrusive monitoring
