Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.






2. Deliberately testing only the value-added functionality of a software component






3. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences






4. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator






5. A master control program that runs the computer and acts as a scheduler and traffic controller. It is the first program copied into the computer's memory after the computer is turned on and must reside in memory at all times. It is the software that






6. Character-at-a-time transmission






7. In broadband; multiple channels are formed by dividing the transmission medium into discrete frequency segments. It generally requires the use of a modem.






8. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur






9. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d






10. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme






11. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal






12. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.






13. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed






14. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes






15. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.






16. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure






17. A type of service providing an authentication and accounting system often used for dial-up and remote access security






18. Filters out electrical surges and spikes






19. A device used for combining several lower-speed channels into a higher-speed channel






20. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.






21. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.






22. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be






23. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission






24. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed






25. The transmission of job control language (JCL) and batches of transactions from a remote terminal location






26. The roles; scope and objectives documented in the service level agreement between management and audit






27. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period






28. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.






29. A fail-over process in which the primary node owns the resource group. The backup node runs a non-critical application (e.g.; a development or test environment) and takes over the critical resource group but not vice versa.






30. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas






31. System flowcharts are graphical representations of the sequence of operations in an information system or program. Information system flowcharts show how data from source documents flow through the computer to final distribution to users. Symbols use






32. Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period






33. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display






34. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The






35. A version of the Windows operating system that supports preemptive multitasking






36. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)






37. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.






38. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com






39. The outward impression of being self-governing and free from conflict of interest and undue influence






40. A code whose representation is limited to 0 and 1






41. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.






42. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).






43. A data recovery strategy that includes a recovery from complete backups that are physically shipped off site once a week. Specifically; logs are batched electronically several times daily; and then loaded into a tape library located at the same facil






44. The elimination of redundant data






45. An interface point between the CPU and a peripheral device






46. Point at which terminals are given access to a network






47. A file format in which the file is divided into multiple subfiles and a directory is established to locate each subfile






48. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to






49. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem






50. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission