Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.






2. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system






3. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.






4. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in






5. The central database that stores and organizes data






6. A software engineering technique whereby an existing application system code can be redesigned and coded using computer-aided software engineering (CASE) technology






7. Using telecommunications facilities for handling and processing of computerized information






8. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels






9. The level to which transactions can be traced and audited through a system






10. A computerized technique of blocking out the display of sensitive information; such as passwords; on a computer terminal or report






11. A protocol used for transmitting data between two ends of a connection






12. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an






13. Data that is not encrypted. Also known as plaintext.






14. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem






15. A fail-over process in which the primary node owns the resource group. The backup node runs a non-critical application (e.g.; a development or test environment) and takes over the critical resource group but not vice versa.






16. Programs that are tested and evaluated before approval into the production environment. Test programs; through a series of change control moves; migrate from the test environment to the production environment and become production programs.






17. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities






18. A workstation or PC on a network that does not have its own disk. Instead; it stores files on a network file server.






19. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.






20. Emergency processing agreements between two or more organizations with similar equipment or applications. Typically; participants promise to provide processing time to each other when an emergency arises.






21. A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also; that permits multimedia (graphics) applications on the World Wide Web






22. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it






23. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission






24. A resource whose loss will result in the loss of service or production






25. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context






26. An entity that may be given responsibility for performing some of the administrative tasks necessary in the registration of subjects; such as confirming the subject's identity; validating that the subject is entitled to have the attributes requested






27. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.






28. A file format in which records are organized and can be accessed; according to a preestablished key that is part of the record






29. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator






30. Memory chips with embedded program code that hold their content when power is turned off






31. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su






32. Formal document which defines the IS auditor's responsibility; authority and accountability for a specific assignment






33. A type of LAN ring topology in which a frame containing a specific format; called the token; is passed from one station to the next around the ring. When a station receives the token; it is allowed to transmit. The station can send as many frames as






34. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis






35. The logical language a computer understands






36. The flow of data from the input (in Internet banking; ordinarily user input at his/her desktop) to output (in Internet banking; ordinarily data in a bank's central database). Data flow includes travelling through the communication lines; routers; swi






37. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes






38. Detects transmission errors by appending calculated bits onto the end of each segment of data






39. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.






40. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and






41. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results






42. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.






43. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain






44. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.






45. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.






46. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).






47. The process of actually entering transactions into computerized or manual files. Such transactions might immediately update the master files or may result in memo posting; in which the transactions are accumulated over a period of time; then applied






48. A statement of the position within the organization; including lines of reporting and the rights of access






49. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically






50. The list of rules and/or guidance that is used to analyze event data







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests