Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Program flowcharts show the sequence of instructions in a single program or subroutine. The symbols used should be the internationally accepted standard. Program flowcharts should be updated when necessary.
Job control language (JCL)
Administrative controls
Database
Program flowcharts

2. An individual or department responsible for the security and information classification of the shared data stored on a database system. This responsibility includes the design; definition and maintenance of the database.
Salami technique
Trojan horse
Integrity
Database administrator (DBA)

3. A utility program that combines several separately compiled modules into one; resolving internal references between them
Link editor (linkage editor)
Reciprocal agreement
Performance indicators
Database replication

4. A method of selecting a portion of a population; by means of mathematical calculations and probabilities; for the purpose of making scientifically and mathematically sound inferences regarding the characteristics of the entire population
Cadbury
Mapping
Operator console
Statistical sampling

5. A data communication network that adds processing services such as error correction; data translation and/or storage to the basic function of transporting data
Structured programming
NAT (Network Address Translation)
Logs/Log file
Value-added network (VAN)

6. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all
Password cracker
Criteria
Useful audit evidence
Financial audit

7. A small electronic device that contains electronic memory; and possibly an embedded integrated circuit. It can be used for a number of purposes including the storage of digital certificates or digital cash; or it can be used as a token to authenticat
Sniffing
X.25 interface
Project sponsor
Smart card

8. Asoftware testing technique whereby the internal workings of the item being tested are not known by the tester. For example - in a black box test on a software design the tester only knows the inputs and what the expected outcomes should be and not h
Network administrator
Auditability
Blackbox testing
Fault tolerance

9. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network
Intelligent terminal
Fail-safe
ASP/MSP (application or managed service provider)
Router

10. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical
Computer-aided software engineering (CASE)
Decryption
Intrusive monitoring
Asynchronous Transfer Mode (ATM)

11. A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also; that permits multimedia (graphics) applications on the World Wide Web
Application proxy
Service level agreement (SLA)
browser
Half duplex

12. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)
Duplex routing
Worm
Signatures
Intelligent terminal

13. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw
Database management system (DBMS)
Firewall
Frame relay
Hash total

14. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).
Information engineering
Production programs
Addressing
Hypertext

15. A protocol used to transfer files over a TCP/IP network (Internet; UNIX; etc.)
FTP (file transfer protocol)
System flowcharts
Point-of-sale systems (POS)
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)

16. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim
Nonrepudiation
Checkpoint restart procedures
Personal identification number (PIN)
False negative

17. The elimination of redundant data
Service user
Shell
Bandwidth
Normalization

18. A resource whose loss will result in the loss of service or production
L2F (Layer 2 forwarding)
Sequential file
FTP (file transfer protocol)
Single point of failure

19. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.
TACACS+ (terminal access controller access control system plus)
Budget organization
Protocol
Credit risk

20. Detects line errors by retransmitting data back to the sending device for comparison with the original transmission
Data analysis
Modem (modulator-demodulator)
Latency
Echo checks

21. Character-at-a-time transmission
Asynchronous transmission
Integrated services digital network (ISDN)
War dialler
Dynamic analysis

22. A code whose representation is limited to 0 and 1
Budget
Protection domain
Trusted systems
Binary code

23. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig
Fiber optic cable
Certificate authority (CA)
Access method
Password cracker

24. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display
Corrective controls
Surge suppressor
Tcpdump
System flowcharts

25. Interface between data terminal equipment and data communications equipment employing serial binary data interchange
Backup
Sequential file
RS-232 interface
Statistical sampling

26. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements
price risk
Frame relay
System software
Systems analysis

27. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions
Limit check
Half duplex
Password
Population

28. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.
Reputational risk
Business-to-consumer e-commerce (B2C)
Budget formula
Twisted pairs

29. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development
BSP (business service provider)
vulnerability
Threat
Fiber optic cable

30. The organization providing the outsourced service
Password cracker
Service provider
Split data systems
Worm

31. The area of the system that the intrusion detection system is meant to monitor and protect
Netware
Electronic funds transfer (EFT)
Control section
Protection domain

32. The level of trust with which a system object is imbued
Interest rate risk
Privilege
Protocol
Degauss

33. A methodology that enables organisations to develop strategically important systems faster; while reducing development costs and maintaining quality by using a series of proven application development techniques; within a well-defined methodology.
Terms of reference
Run instructions
Modulation
Rapid application development

34. A financial system that establishes the means for transferring money between suppliers and users of funds; ordinarily by exchanging debits or credits between banks or financial institutions.
Universal Description; Discovery and Integration (UDDI)
Application program
Payment system
TACACS+ (terminal access controller access control system plus)

35. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl
Segregation/separation of duties
Decryption key
Encryption key
Intelligent terminal

36. System narratives provide an overview explanation of system flowcharts; with explanation of key control points and system interfaces.
System narratives
Tape management system (TMS)
Application system
Brute force

37. The boundary defining the scope of control authority for an entity. For example; if a system is within the control perimeter; the right and ability exists to control it in response to an attack.
X.25 interface
Web Services Description Language (WSDL)
Audit expert systems
Control perimeter

38. An individual who attempts to gain unauthorized access to a computer system
Hacker
War dialler
Surge suppressor
Numeric check

39. A document which defines the IS audit function's responsibility; authority and accountability
Audit charter
Access method
Run-to-run totals
Segregation/separation of duties

40. The rules by which a network operates and controls the flow and priority of transmissions
Consumer
Dry-pipe fire extinguisher system
Protocol
Internet Inter-ORB Protocol (IIOP)

41. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur
Data-oriented systems development
Central processing unit (CPU)
System exit
Benchmark

42. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure
Control perimeter
Detective controls
Application implementation review
Tuple

43. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.
Run instructions
Addressing
Shell
Spoofing

44. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.
Bar case
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Shell
Packet

45. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.
Reliable audit evidence
Automated teller machine (ATM)
Gateway
Ethernet

46. The risk associated with an event when the control is in place to reduce the effect or likelihood of that event being taken into account
Feasibility study
Dumb terminal
Residual risk
Masqueraders

47. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.
Capacity stress testing
IPSec (Internet protocol security)
Service bureau
Detective controls

48. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities
Professional competence
Enterprise resource planning
Local loop
Function point analysis

49. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu
Application development review
Audit risk
Redundancy check
Bypass label processing (BLP)

50. Transactions that cannot be denied after the fact
Anomaly
Auditability
Nonrepudiable trnasactions
Due professional care