Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be
Computer sequence checking
Network hop
Hash function
Nonrepudiation

2. A multiuser; multitasking operating system that is used widely as the master control program in workstations and especially servers
UNIX
Application development review
Repository
Non-intrusive monitoring

3. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups
Service user
SYN (synchronize)
Access method
Control group

4. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is
Protocol stack
Hardware
Partitioned file
Expert systems

5. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user
Allocation entry
Integrated test facilities (ITF)
Screening routers
Cold site

6. A series of tests designed to ensure that the modified program interacts correctly with other system components. These test procedures typically are performed by the system maintenance staff in their development library.
System testing
BSP (business service provider)
Cluster controller
Computer server

7. An international consortium founded in 1994 of affiliates from public and private organizations involved with the Internet and the web. The W3C's primary mission is to promulgate open standards to further enhance the economic growth of Internet web s
Preventive controls
Payment system
World Wide Web Consortium (W3C)
Corporate exchange rate

8. A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements
Database
Recovery time objective (RTO)
Intelligent terminal
Telnet

9. Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network; while denying access from the Internet directly to the private network.
Information processing facility (IPF)
Run-to-run totals
Audit authority
DMZ (demilitarized zone)

10. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase
Real-time analysis
Regression testing
Encryption
Certificate Revocation List

11. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed
Application proxy
Content filtering
Hexadecimal
Idle standby

12. Comparing the system's performance to other equivalent systems using well defined benchmarks
Performance testing
Simple Object Access Protocol (SOAP)
Transaction
Brouters

13. Deliberately testing only the value-added functionality of a software component
Baud rate
Password cracker
Incremental testing
COCO

14. The portion of a security policy that states the general process that will be performed to accomplish a security goal
Ciphertext
Procedure
Nonrepudiable trnasactions
Microwave transmission

15. Those policies and procedures implemented to achieve a related control objective
Criteria
Application controls
Controls (Control procedures)
Continuity

16. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in
Public key
Application controls
Password cracker
Personal identification number (PIN)

17. Defined minimum performance measures at or above which the service delivered is considered acceptable
Procedure
Service level agreement (SLA)
Audit expert systems
Distributed data processing network

18. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems
Data flow
legal risk
Electronic signature
Risk

19. Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer.
Encapsulation (objects)
Data-oriented systems development
Financial audit
Automated teller machine (ATM)

20. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer
Control section
Independent attitude
Shell
Coaxial cable

21. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).
Address space
L2TP (Layer 2 tunneling protocol)
System exit
Sufficient audit evidence

22. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements
Project sponsor
Database replication
Application software tracing and mapping
Terminal

23. A disk access method that stores data sequentially; while also maintaining an index of key fields to all the records in the file for direct access capability
Telnet
Indexed sequential access method (ISAM)
Electronic vaulting
Computer server

24. A system software tool that logs; monitors and directs computer tape usage
Tape management system (TMS)
Node
Firewall
Inherent risk

25. The boundary defining the scope of control authority for an entity. For example; if a system is within the control perimeter; the right and ability exists to control it in response to an attack.
E-mail/interpersonal messaging
Web page
Control perimeter
DoS (denial-of-service) attack

26. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.
Consumer
Inheritance (objects)
Data leakage
Biometric locks

27. A broad and wide-ranging concept of corporate governance; covering associated organizations such as global strategic alliance partners. (Source: Control Objectives for Enterprise Governance Discussion Document; published by the Information Systems Au
Enterprise governance
Idle standby
System exit
Object Management Group (OMG)

28. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal
Electronic signature
Executable code
Test generators
Real-time processing

29. An authentication protocol; often used by remote-access servers
Passive response
Operating system
TACACS+ (terminal access controller access control system plus)
Operational risk

30. In a passive assault; intruders attempt to learn some characteristic of the data being transmitted. They may be able to read the contents of the data so the privacy of the data is violated. Alternatively; although the content of the data itself may r
Passive assault
Telecommunications
Broadband
Audit accountability

31. Estimated cost and revenue amounts for a given range of periods and set of books. There can be multiple budget versions for the same set of books.
Hacker
COBIT
Budget
Judgment sampling

32. These controls are designed to prevent or restrict an error; omission or unauthorized intrusion.
Internet banking
Reasonableness check
Application controls
Preventive controls

33. An interface point between the CPU and a peripheral device
IPSec (Internet protocol security)
Port
Masqueraders
Queue

34. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.
Blackbox testing
Trusted systems
Piggy backing
Administrative controls

35. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules
Access method
Cross-certification
Filtering router
Feasibility study

36. Used to ensure that input data agree with predetermined criteria stored in a table
Payment system
Remote procedure calls (RPCs)
Tuple
Table look-ups

37. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.
Asynchronous transmission
RADIUS (remote authentication dial-in user service)
Network hop
Unit testing

38. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint
Biometrics
Teleprocessing
X.25 interface
Dial-back

39. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks
Decision support systems (DSS)
Queue
Budget hierarchy
Trusted processes

40. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.
Budget organization
Segregation/separation of duties
Fault tolerance
Circular routing

41. The standard e-mail protocol on the Internet
Signatures
SMTP (Simple Mail Transport Protocol)
Baseband
Firewall

42. The act of giving the idea or impression of being or doing something
Standing data
Shell
Fail-over
Appearance

43. In broadband; multiple channels are formed by dividing the transmission medium into discrete frequency segments. It generally requires the use of a modem.
Hardware
Broadband
Discovery sampling
Dry-pipe fire extinguisher system

44. The central database that stores and organizes data
DNS (domain name system)
Real-time analysis
Repository
Performance testing

45. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.
Queue
Application maintenance review
TACACS+ (terminal access controller access control system plus)
Digital certification

46. A process used to identify and evaluate risks and their potential effects
Quick ship
Risk assessment
Batch control
Detailed IS ontrols

47. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide
Address
Data analysis
RADIUS (remote authentication dial-in user service)
Access method

48. Character-at-a-time transmission
Electronic cash
Asynchronous transmission
Worm
Cross-certification

49. A destructive computer program that spreads from computer to computer using a range of methods; including infecting floppy disks and other programs. Viruses typically attach themselves to a program and modify it so that the virus code runs when the p
Initial program load (IPL)
Security software
Systems acquisition process
Virus

50. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems
IT governance
Regression testing
Network administrator
Taps