SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A system software tool that logs; monitors and directs computer tape usage
Tape management system (TMS)
Asymmetric key (public key)
Port
Baseband
2. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical
virtual organizations
Coaxial cable
Test programs
Computer-aided software engineering (CASE)
3. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.
Compensating control
Protocol converter
Inheritance (objects)
Due care
4. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.
Budget hierarchy
COBIT
Misuse detection
Whitebox testing
5. Programmed checking of data validity in accordance with predetermined criteria
Validity check
Network administrator
Control Objectives for Enterprise Governance
Independent appearance
6. Used to electronically input; read and interpret information directly from a source document; requires the source document to have specially-coded magnetic ink typeset
Compensating control
Parallel testing
Magnetic ink character recognition (MICR)
ISP (Internet service provider)
7. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed
Static analysis
Anomaly
Business-to-consumer e-commerce (B2C)
Content filtering
8. A testing technique that is used to evaluate output from one application; while the information is sent as input to another application
Offline files
Dial-in access controls
System software
Interface testing
9. Any intentional violation of the security policy of a system
Intrusion
Dynamic analysis
Run-to-run totals
Rotating standby
10. A biometric device that is used to authenticate a user through palm scans
Optical scanner
Relevant audit evidence
Internet banking
Handprint scanner
11. Relates to the technical and physical features of the computer
DNS (domain name system)
Direct reporting engagement
Hardware
Check digit
12. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information
Cryptography
Trusted systems
Security/transaction risk
Demodulation
13. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes
Filtering router
Alpha
IT governance
Reputational risk
14. Program flowcharts show the sequence of instructions in a single program or subroutine. The symbols used should be the internationally accepted standard. Program flowcharts should be updated when necessary.
Terminal
Hypertext
Program flowcharts
Asynchronous Transfer Mode (ATM)
15. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers
Judgment sampling
Systems acquisition process
Cleartext
Whitebox testing
16. A program designed to detect computer viruses
False negative
HTTPS (hyper text transfer protocol secure)
Vaccine
Hardware
17. The standard e-mail protocol on the Internet
Data dictionary
SMTP (Simple Mail Transport Protocol)
Run instructions
L2F (Layer 2 forwarding)
18. Interface between data terminal equipment and data communications equipment employing serial binary data interchange
Finger
Optical character recognition
RS-232 interface
Continuous auditing approach
19. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems
Biometric locks
Information engineering
Non-intrusive monitoring
Personal identification number (PIN)
20. An approach to system development where the basic unit of attention is an object; which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template ca
Public key cryptosystem
Object orientation
Computer-aided software engineering (CASE)
Operational risk
21. A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.
Black box testing
FIN (final)
Data owner
Circular routing
22. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase
Topology
Regression testing
Rulebase
Password
23. An individual or department responsible for the security and information classification of the shared data stored on a database system. This responsibility includes the design; definition and maintenance of the database.
Remote job entry (RJE)
File
Database administrator (DBA)
NAT (Network Address Translation)
24. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer
File
Piggy backing
Control section
Operational risk
25. The flow of data from the input (in Internet banking; ordinarily user input at his/her desktop) to output (in Internet banking; ordinarily data in a bank's central database). Data flow includes travelling through the communication lines; routers; swi
Data flow
Audit risk
Untrustworthy host
Interface testing
26. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.
Production software
Token ring topology
Switch
Verification
27. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity
Log
False negative
Token
Reengineering
28. Processes certified as supporting a security goal
Hacker
Netware
Trusted processes
Monitor
29. The person responsible for maintaining a LAN and assisting end users
ASCII (American Standard Code for Information Interchange)
Bus topology
Value-added network (VAN)
Network administrator
30. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files
Logical access controls
Audit authority
Sniff
Cadbury
31. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system
Universal Description; Discovery and Integration (UDDI)
implementation life cycle review
Rootkit
Intrusion
32. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)
Application proxy
Mapping
Middleware
Detection risk
33. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems
Twisted pairs
Nonrepudiable trnasactions
Taps
UNIX
34. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)
Detection risk
Editing
Application implementation review
Appearance of independence
35. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of
Reciprocal agreement
Circular routing
Degauss
Bridge
36. A type of service providing an authentication and accounting system often used for dial-up and remote access security
RADIUS (remote authentication dial-in user service)
Structured programming
Range check
Diskless workstations
37. Data unit that is routed from source to destination in a packet-switched network. A packet contains both routing information and data. Transmission control protocol/Internet protocol (TCP/IP) is such a packet-switched network.
liquidity risk
Packet
Parity check
Quick ship
38. A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Analog signals are used in telecommunications.
Taps
L2F (Layer 2 forwarding)
Structured Query Language (SQL)
Analog
39. The area of the central processing unit that performs mathematical and analytical operations
Database replication
Single point of failure
Operational audit
Arithmetic-logic unit (ALU)
40. The process of distributing computer processing to different locations within an organization
Recovery point objective (RPO)—
Decentralization
Web page
Application layer
41. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.
Evidence
Signatures
Detective controls
COBIT
42. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi
Access control
Coverage
Honey pot
Magnetic card reader
43. Refers to a sprinkler system that does not have water in the pipes during idle usage; unlike a fully charged fire extinguisher system that has water in the pipes at all times. The dry-pipe system is activated at the time of the fire alarm; and water
Dry-pipe fire extinguisher system
Uploading
Topology
Firewall
44. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
Tcpdump
Electronic data interchange (EDI)
Third-party review
Data security
45. A flag set in a packet to indicate that this packet is the final data packet of the transmission
Demodulation
FIN (final)
Harden
LDAP (Lightweight Directory Access Protocol)
46. A type of LAN architecture that utilizes a central controller to which all nodes are directly connected. All transmissions from one station to another pass through the central controller; which is responsible for managing and controlling all communic
Frame relay
Star topology
Penetration testing
Whitebox testing
47. The primary language used by both application programmers and end users in accessing relational databases
Voice mail
Structured Query Language (SQL)
L2F (Layer 2 forwarding)
Object Management Group (OMG)
48. A printed machine-readable code that consists of parallel bars of varied width and spacing
Dial-back
Surge suppressor
Corrective controls
Bar code
49. A computer file storage format in which one record follows another. Records can be accessed sequentially only. It is required with magnetic tape.
Librarian
Online data processing
Sequential file
Continuous auditing approach
50. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame
Privacy
Frame relay
Static analysis
Protocol converter
