Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The risk that the IS auditor's substantive procedures will not detect an error which could be material; individually or in combination with other errors
Audit responsibility
Detection risk
Teleprocessing
Audit objective

2. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.
Technical infrastructure security
Sufficient audit evidence
Trust
Cluster controller

3. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.
Credentialed analysis
Web site
Consumer
Microwave transmission

4. A broad and wide-ranging concept of corporate governance; covering associated organizations such as global strategic alliance partners. (Source: Control Objectives for Enterprise Governance Discussion Document; published by the Information Systems Au
Internal penetrators
Untrustworthy host
Enterprise governance
Internal control

5. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.
Idle standby
Rapid application development
Data custodian
Posting

6. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas
Hardware
Continuity
Confidentiality
Ring topology

7. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
Control section
Port
Public key
Trust

8. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.
Reputational risk
Internal control
Intrusive monitoring
LDAP (Lightweight Directory Access Protocol)

9. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac
Standing data
Adjusting period
Discovery sampling
Record

10. A sub-network of the Internet through which information is exchanged by text; graphics; audio and video.
world wide web (WWW)
Regression testing
Trap door
browser

11. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being
Electronic funds transfer (EFT)
Trap door
Buffer
Encryption

12. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no
Idle standby
Batch control
Real-time analysis
Components (as in component-based development)

13. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d
Accountability
Production software
Integrated services digital network (ISDN)
Standing data

14. An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals
Frame relay
Access control table
Hash function
Production programs

15. Provide verification that all transmitted data are read and processed
Reputational risk
Capacity stress testing
Source code compare programs
Run-to-run totals

16. An eight-digit/seven-bit code representing 128 characters; used in most small computers
ASCII (American Standard Code for Information Interchange)
Ciphertext
Foreign exchange risk
Fail-safe

17. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes
Offline files
Subject matter (Area of activity)
Rounding down
Link editor (linkage editor)

18. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system
ICMP (internet control message protocol)
Parity check
Rootkit
Harden

19. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks
Audit objective
Range check
Run-to-run totals
Decision support systems (DSS)

20. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.
Database management system (DBMS)
Filtering router
Integrated test facilities (ITF)
Bus

21. An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions
Data diddling
Audit charter
Compensating control
Manual journal entry

22. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.
SMTP (Simple Mail Transport Protocol)
Exception reports
HTTP (hyper text transfer protocol)
Magnetic card reader

23. The highest level of management in the organization; responsible for direction and control of the organization as a whole (such as director; general manager; partner; chief officer and executive manager).
Web page
Data structure
Internal storage
Top-level management

24. Estimated cost and revenue amounts for a given range of periods and set of books. There can be multiple budget versions for the same set of books.
Utility software
Access control
Budget
Top-level management

25. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements
Distributed data processing network
Integrated test facilities (ITF)
Professional competence
Systems analysis

26. A code whose representation is limited to 0 and 1
Binary code
Vulnerability analysis
Waterfall development
Data-oriented systems development

27. Range checks ensure that data fall within a predetermined range (also see limit checks).
File
Extensible Markup Language (XML)
Record
Range check

28. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial
Sequence check
Optical character recognition
Enterprise resource planning
Public key

29. The machine language code that is generally referred to as the object or load module
Man-in-the-middle attack
Log
Batch processing
Executable code

30. An audit designed to determine the accuracy of financial records and information
Content filtering
Financial audit
Hyperlink
Open systems

31. Deliberately testing only the value-added functionality of a software component
Security perimeter
Downtime report
Incremental testing
Payment system

32. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator
Pervasive IS controls
Screening routers
Synchronous transmission
Handprint scanner

33. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.
TACACS+ (terminal access controller access control system plus)
Reliable audit evidence
Centralized data processing
Statistical sampling

34. The process of determining what types of activities are permitted. Ordinarily; authorisation is in the context of authentication: once you have authenticated a user; he/she may be authorised to perform different types of access or activity
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
business process integrity
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Authorization

35. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making
ASP/MSP (application or managed service provider)
Remote procedure calls (RPCs)
Management information system (MIS)
Accountability

36. The router at the extreme edge of the network under control; usually connected to an ISP or other service provider; also known as border router
Personal identification number (PIN)
Reasonableness check
Integrity
External router

37. A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify if they actually arrive at the destination; not if
Local loop
Compliance testing
Partitioned file
UDP (User Datagram Protocol)

38. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.
Performance indicators
Sampling risk
Ciphertext
Hierarchical database

39. Devices that perform the functions of both bridges and routers; are called brouters. Naturally; they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones; which
virtual organizations
Brouters
Node
Default deny policy

40. The art of designing; analyzing and attacking cryptographic schemes
Cryptography
Black box testing
Access control
Hexadecimal

41. Those policies and procedures implemented to achieve a related control objective
Internet Engineering Task Force (IETF)
Controls (Control procedures)
Hacker
Optical character recognition

42. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem
Logs/Log file
Black box testing
Asymmetric key (public key)
Symmetric key encryption

43. Compares data to predefined reasonability limits or occurrence rates established for the data.
Edit controls
Feasibility study
Reasonableness check
Encapsulation (objects)

44. Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network; while denying access from the Internet directly to the private network.
DMZ (demilitarized zone)
Local loop
Multiplexing
Check digit verification (self-checking digit)

45. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b
Coverage
Hierarchical database
Reputational risk
Batch control

46. Source lines of code are often used in deriving single-point software-size estimations.
Transaction log
Credentialed analysis
Backup
Source lines of code (SLOC)

47. The logical language a computer understands
Machine language
Service user
Comparison program
Data integrity

48. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload
Active recovery site (mirrored)
Default deny policy
Record; screen and report layouts
Relevant audit evidence

49. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne
Project team
Application system
Internal penetrators
Proxy server

50. A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers
Split data systems
Packet switching
Penetration testing
Address