Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Defined minimum performance measures at or above which the service delivered is considered acceptable






2. The roles; scope and objectives documented in the service level agreement between management and audit






3. Proven level of ability; often linked to qualifications issued by relevant professional bodies and compliance with their codes of practice and standards






4. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.






5. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.






6. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator






7. The process of converting a digital computer signal into an analog telecommunications signal






8. A debit or credit to a general ledger account. See also manual journal entry.






9. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.






10. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network






11. The physical layout of how computers are linked together. Examples include ring; star and bus.






12. A procedure designed to ensure that no fields are missing from a record






13. System flowcharts are graphical representations of the sequence of operations in an information system or program. Information system flowcharts show how data from source documents flow through the computer to final distribution to users. Symbols use






14. An engagement where management does not make a written assertion about the effectiveness of their control procedures; and the IS auditor provides an opinion about subject matter directly; such as the effectiveness of the control procedures






15. Software packages that sequentially dial telephone numbers; recording any numbers that answer






16. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.






17. Checks that data are entered correctly






18. A device that connects two similar networks together






19. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate






20. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.






21. An input device that reads characters and images that are printed or painted on a paper form into the computer.






22. A small electronic device that contains electronic memory; and possibly an embedded integrated circuit. It can be used for a number of purposes including the storage of digital certificates or digital cash; or it can be used as a token to authenticat






23. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.






24. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of






25. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management






26. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe






27. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups






28. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission






29. A file of semipermanent information that is used frequently for processing data or for more than one purpose






30. Hardware devices; such as asynchronous and synchronous transmissions; that convert between two different types of transmission






31. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv






32. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes






33. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain






34. Used in data encryption; it uses a secret key to encrypt the plaintext to the ciphertext. It also uses the same key to decrypt the ciphertext to the corresponding plaintext. In this case; the key is symmetric such that the encryption key is equivalen






35. A level of comfort short of a guarantee but considered adequate given the costs of the control and the likely benefits achieved






36. A program written in a portable; platform independent computer language; such as Java. It is usually embedded in an HTML page and then executed by a browser. Applets can only perform a restricted set of operations; thus preventing; or at least minimi






37. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.






38. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population






39. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide






40. Detection on the basis of whether the system activity matched that defined as abnormal






41. A protocol used to transfer files over a TCP/IP network (Internet; UNIX; etc.)






42. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes






43. A collection of computer programs used in the design; processing and control of all applications. The programs and processing routines that control the computer hardware; including the operating system and utility programs. Refers to the operating sy






44. A group of computers connected by a communications network; where the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server but it






45. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul






46. A set of protocols developed by the IETF to support the secure exchange of packets






47. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels






48. The level of trust with which a system object is imbued






49. A system that authentically distributes users' public keys using certificates






50. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the