Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Error control deviations (compliance testing) or misstatements (substantive testing)
COBIT
virtual organizations
Error
Access path

2. A testing approach that uses knowledge of a program/module's underlying implementation and code intervals to verify its expected behavior.
Benchmark
Pervasive IS controls
Microwave transmission
Whitebox testing

3. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;
Indexed sequential file
Database replication
Echo checks
Card swipes

4. An integrated set of computer programs designed to serve a particular function that has specific input; processing and output activities (e.g.; general ledger; manufacturing resource planning; human resource management)
Batch control
Hub
Application system
Application maintenance review

5. The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction
Master file
Modem (modulator-demodulator)
Control Objectives for Enterprise Governance
Initial program load (IPL)

6. The rules by which a network operates and controls the flow and priority of transmissions
Operator console
Signatures
Access control table
Protocol

7. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.
Access control table
Decryption
Unit testing
Subject matter (Area of activity)

8. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack
Field
Procedure
System software
False positive

9. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.
Hierarchical database
Technical infrastructure security
Audit authority
Cathode ray tube (CRT)

10. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.
Budget organization
Asynchronous transmission
Address space
Wiretapping

11. A system development methodology that is organised around ''objects'' rather than ''actions;' and 'data ' rather than 'logic.' Object-oriented analysis is an assessment of a physical system to determine which objects in the real world need to be repr
RSA
Object-oriented system development
TCP (transmission control protocol)
DNS (domain name system)

12. A manual or automated log of all updates to data files and databases
Transaction log
UNIX
Inheritance (objects)
Access control table

13. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of
Logon
Degauss
Public key
Masking

14. An attack capturing sensitive pieces of information; such as passwords; passing through the network
Windows NT
Sniffing
Internet banking
Digital certification

15. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.
Log
Program narratives
Source code compare programs
Unit testing

16. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.
Hierarchical database
Data analysis
virtual organizations
Consumer

17. The act of connecting to the computer. It typically requires entry of a user ID and password into a computer terminal.
Logon
Mapping
Direct reporting engagement
Fiber optic cable

18. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.
Consumer
Trust
Single point of failure
Access rights

19. Character-at-a-time transmission
Modem (modulator-demodulator)
Memory dump
Executable code
Asynchronous transmission

20. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei
Substantive testing
Tape management system (TMS)
Bus topology
Trojan horse

21. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).
Addressing
price risk
Magnetic card reader
Third-party review

22. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.
Sequence check
Offsite storage
Exposure
Edit controls

23. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.
Optical character recognition
Spool (simultaneous peripheral operations online)
Internal control
Bus

24. A pair of small; insulated wires that are twisted around each other to minimize interference from other wires in the cable. This is a low-capacity transmission medium.
Twisted pairs
Components (as in component-based development)
NAT (Network Address Translation)
System narratives

25. A report that identifies the elapsed time when a computer is not operating correctly because of machine failure
Audit objective
Downtime report
IDS (intrusion detection system)
Voice mail

26. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.
X.500
Distributed data processing network
L2F (Layer 2 forwarding)
Control perimeter

27. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user
Cold site
IT governance
Port
Remote job entry (RJE)

28. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.
Monitor
Telnet
Validity check
Limit check

29. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.
Multiplexor
Uninterruptible power supply (UPS)
Telnet
HTTP (hyper text transfer protocol)

30. Memory chips with embedded program code that hold their content when power is turned off
Value-added network (VAN)
Prototyping
Engagement letter
Firmware

31. A low-level computer programming language which uses symbolic code and produces machine instructions
Assembly language
Dial-back
DDoS (distributed denial-of-service) attack
Split data systems

32. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files
Logical access controls
Circuit-switched network
Hardware
Brute force

33. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack
Recovery time objective (RTO)
Network hop
legal risk
Cold site

34. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.
Piggy backing
Administrative controls
Electronic signature
Firewall

35. The level to which transactions can be traced and audited through a system
Auditability
Static analysis
Error risk
Administrative controls

36. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research (can be alpha or numeric and usually utilizes a key field)
Port
Value-added network (VAN)
Sequence check
Optical character recognition

37. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.
Reliable audit evidence
Audit responsibility
Latency
browser

38. Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure; more responsive to the customer base and market conditions; while yielding material cost savings. To ree
System exit
Business risk
Business process reengineering (BPR)
Alpha

39. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.
Internal control
Electronic signature
Systems development life cycle (SDLC)
Rounding down

40. A computerized technique of blocking out the display of sensitive information; such as passwords; on a computer terminal or report
Top-level management
Controls (Control procedures)
Dynamic analysis
Masking

41. The ability to map a given activity or event back to the responsible party
False negative
Accountability
Benchmark
Optical scanner

42. The process of transmitting messages in convenient pieces that can be reassembled at the destination
Brouters
Structured programming
Packet switching
Input controls

43. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period
Substantive testing
Embedded audit module
Procedure
Taps

44. The area of the system that the intrusion detection system is meant to monitor and protect
Protection domain
Test generators
Field
Spool (simultaneous peripheral operations online)

45. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure
Encapsulation (objects)
Checkpoint restart procedures
Application controls
Tuple

46. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.
liquidity risk
Threat
Data custodian
Point-of-sale systems (POS)

47. Computer programs provided by a computer hardware manufacturer or software vendor and used in running the system. This technique can be used to examine processing activities; to test programs; system activities and operational procedures; to evaluate
Utility software
E-mail/interpersonal messaging
Operational control
Reengineering

48. Relates to the technical and physical features of the computer
Certificate Revocation List
Hardware
BSP (business service provider)
Private key cryptosystems

49. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules
Outsourcing
Filtering router
Professional competence
Control objective

50. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus
Default password
Completeness check
e-commerce
Port