Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Files maintained by a system; primarily a database management system; for the purposed of reapplying changes following an error or outage recovery
Batch control
Permanent virtual circuit (PVC)
Redo logs
Source code compare programs

2. The highest level of management in the organization; responsible for direction and control of the organization as a whole (such as director; general manager; partner; chief officer and executive manager).
Voice mail
Top-level management
Rulebase
Corporate governance

3. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.
Local loop
Default deny policy
X.500
Downtime report

4. The outward impression of being self-governing and free from conflict of interest and undue influence
Downloading
Virtual private network (VPN)
Queue
Independent appearance

5. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software
DNS (domain name system)
Internal control structure
Card swipes
Sniff

6. A method of selecting a portion of a population; by means of mathematical calculations and probabilities; for the purpose of making scientifically and mathematically sound inferences regarding the characteristics of the entire population
Electronic vaulting
Statistical sampling
Relevant audit evidence
Token

7. A type of service providing an authentication and accounting system often used for dial-up and remote access security
RADIUS (remote authentication dial-in user service)
Terms of reference
Extended Binary-coded Decimal Interchange Code (EBCDIC)
TACACS+ (terminal access controller access control system plus)

8. A sub-network of the Internet through which information is exchanged by text; graphics; audio and video.
world wide web (WWW)
Local loop
Biometrics
Subject matter (Area of activity)

9. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.
Inheritance (objects)
Broadband
Consumer
Operational audit

10. A small electronic device that contains electronic memory; and possibly an embedded integrated circuit. It can be used for a number of purposes including the storage of digital certificates or digital cash; or it can be used as a token to authenticat
Decryption key
Circuit-switched network
Public key infrastructure
Smart card

11. The act of transferring computerized information from one computer to another computer
Downloading
Backup
Run instructions
Fail-over

12. Disconnecting from the computer
Range check
Corporate governance
UDP (User Datagram Protocol)
Logoff

13. The specific information subject to the IS auditor's report and related procedures which can include things such as the design or operation of internal controls and compliance with privacy practices or standards or specified laws and regulations.
Star topology
Waterfall development
Preventive controls
Subject matter (Area of activity)

14. The portion of a security policy that states the general process that will be performed to accomplish a security goal
Internal penetrators
Surge suppressor
Security perimeter
Procedure

15. Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However; the goal of component
Web site
Latency
Components (as in component-based development)
Rootkit

16. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations
Ethernet
TCP (transmission control protocol)
ICMP (internet control message protocol)
Integrity

17. A set of protocols that allow systems to communicate information about the state of services on other systems. It is used; for example; in determining whether systems are up; maximum packet sizes on links; whether a destination host/network/port is a
Attribute sampling
Electronic signature
Source code
ICMP (internet control message protocol)

18. The main memory of the computer's central processing unit
Variable sampling
Project team
Internal storage
Information processing facility (IPF)

19. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu
Validity check
Application development review
IP (Internet protocol)
Corporate exchange rate

20. A layer within the International Organization for Standardization (ISO)/Open Systems Interconnection (OSI) model. It is used in information transfers between users through application programs and other devices. In this layer various protocols are ne
Due professional care
Application layer
Downloading
Enterprise governance

21. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.
Operational control
World Wide Web Consortium (W3C)
Detective controls
Misuse detection

22. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.
Audit authority
Screening routers
Corporate exchange rate
Leased lines

23. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis
Application programming interface (API)
Dynamic analysis
Fail-over
Static analysis

24. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.
Online data processing
Independent appearance
Security software
Batch processing

25. Hardware devices; such as asynchronous and synchronous transmissions; that convert between two different types of transmission
Network
Digital signature
Protocol converter
Certificate Revocation List

26. The rules by which a network operates and controls the flow and priority of transmissions
Protocol stack
Protocol
Audit risk
Log

27. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all
Computer-assisted audit technique (CAATs)
Criteria
World Wide Web Consortium (W3C)
SYN (synchronize)

28. A file of semipermanent information that is used frequently for processing data or for more than one purpose
Master file
Finger
Electronic vaulting
DNS (domain name system)

29. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels
Audit accountability
Trap door
Service bureau
Windows NT

30. A file format in which the file is divided into multiple subfiles and a directory is established to locate each subfile
Queue
Partitioned file
Uninterruptible power supply (UPS)
HTTPS (hyper text transfer protocol secure)

31. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.
Offline files
Gateway
Budget organization
HTTP (hyper text transfer protocol)

32. An edit check designed to ensure the data in a particular field is numeric
Uninterruptible power supply (UPS)
Internal control
Check digit
Numeric check

33. A sampling technique that estimates the amount of overstatement in an account balance
Audit expert systems
Digital signature
Monetary unit sampling
Security perimeter

34. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links
Control group
FIN (final)
Data communications
Nonrepudiable trnasactions

35. A numeric value; which has been calculated mathematically; is added to data to ensure that original data have not been altered or that an incorrect; but valid match has occurred. This control is effective in detecting transposition and transcription
Outsourcing
Passive response
Check digit
Computer-aided software engineering (CASE)

36. Character-at-a-time transmission
Integrated services digital network (ISDN)
Integrated test facilities (ITF)
Remote job entry (RJE)
Asynchronous transmission

37. An authentication protocol; often used by remote-access servers
Master file
TACACS+ (terminal access controller access control system plus)
False negative
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)

38. A high-capacity disk storage device or a computer that stores data centrally for network users and manages access to that data. File servers can be dedicated so that no process other than network management can be executed while the network is availa
File server
Relevant audit evidence
Validity check
Budget formula

39. The act or function of developing and maintaining applications programs in production
Mutual takeover
Operator console
Application programming
Monitoring policy

40. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw
Queue
Mapping
Recovery point objective (RPO)—
Firewall

41. A 24-hour; stand-alone mini-bank; located outside branch bank offices or in public places like shopping malls. Through ATMs; clients can make deposits; withdrawals; account inquiries and transfers. Typically; the ATM network is comprised of two spher
Indexed sequential file
Network
Automated teller machine (ATM)
Mutual takeover

42. A piece of information; in a digitized form; used by an encryption algorithm to convert the plaintext to the ciphertext
BSP (business service provider)
Encryption key
Request for proposal (RFP)
Discovery sampling

43. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system
Public key cryptosystem
Indexed sequential file
Database administrator (DBA)
Intrusive monitoring

44. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
Data flow
Fscal year
IDS (intrusion detection system)
Trust

45. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus
Attribute sampling
ACK (acknowledgement)
e-commerce
Corporate exchange rate

46. A set of utilities that implement a particular network protocol. For instance; in Windows machines a TCP/IP stack consists of TCP/IP software; sockets software and hardware driver software.
Card swipes
Protocol stack
Allocation entry
False negative

47. Formal document which defines the IS auditor's responsibility; authority and accountability for a specific assignment
Fscal year
World Wide Web Consortium (W3C)
Population
Engagement letter

48. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results
Rapid application development
Backup
TACACS+ (terminal access controller access control system plus)
Parallel testing

49. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas
Attribute sampling
Hardware
Ring topology
Record

50. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur
Ring topology
Benchmark
Coverage
Validity check