Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A method of selecting a portion of a population; by means of mathematical calculations and probabilities; for the purpose of making scientifically and mathematically sound inferences regarding the characteristics of the entire population






2. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research (can be alpha or numeric and usually utilizes a key field)






3. A type of service providing an authentication and accounting system often used for dial-up and remote access security






4. The use of alphabetic characters or an alphabetic character string






5. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and






6. An evaluation of any part of a project to perform maintenance on an application system (e.g.; project management; test plans; user acceptance testing procedures)






7. A protocol for accessing a secure web server; whereby all data transferred is encrypted






8. Criteria Of Control; published by the Canadian Institute of Chartered Accountants in 1995






9. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto






10. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making






11. The act of transferring computerized information from one computer to another computer






12. Records of system events generated by a specialized operating system mechanism






13. Universal Description; Discovery and Integration






14. A denial-of-service (DoS) assault from multiple sources; see DoS






15. A protocol used to transmit data securely between two end points to create a VPN






16. These controls are designed to correct errors; omissions and unauthorized uses and intrusions; once they are detected.






17. Also known as traditional development; it is a very procedure-focused development cycle with formal sign-off at the completion of each level.






18. Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure; more responsive to the customer base and market conditions; while yielding material cost savings. To ree






19. A fail-over process; which is basically a two-way idle standby: two servers are configured so that both can take over the other node's resource group. Both must have enough CPU power to run both applications with sufficient speed; or performance loss






20. In broadband; multiple channels are formed by dividing the transmission medium into discrete frequency segments. It generally requires the use of a modem.






21. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.






22. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.






23. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules






24. Programs that are used to process live or actual data that were received as input into the production environment.






25. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user






26. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules






27. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi






28. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.






29. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))






30. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups






31. The code used to designate the location of a specific piece of data within computer storage






32. The process of transmitting messages in convenient pieces that can be reassembled at the destination






33. A named collection of related records






34. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.






35. Self-governance and freedom from conflict of interest and undue influence. The IS auditor should be free to make his/her own decisions; not influenced by the organization being audited and its people (managers and employers).






36. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.






37. A sampling technique that estimates the amount of overstatement in an account balance






38. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.






39. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.






40. Checks the accuracy of the results produced by a test run. There are three types of checks that an output analyzer can perform. First; if a standard set of test data and test results exists for a program; the output of a test run after program mainte






41. Confidentiality concerns the protection of sensitive information from unauthorized disclosure






42. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.






43. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code






44. An individual who attempts to gain unauthorized access to a computer system






45. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an






46. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).






47. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code






48. A computer facility that provides data processing services to clients on a continual basis






49. Data that is not encrypted. Also known as plaintext.






50. A system that authentically distributes users' public keys using certificates