Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The structure through which the objectives of an organization are set; and the means of attaining those objectives; and determines monitoring performance guidelines. Good corporate governance should provide proper incentives for board and management






2. Refers to a sprinkler system that does not have water in the pipes during idle usage; unlike a fully charged fire extinguisher system that has water in the pipes at all times. The dry-pipe system is activated at the time of the fire alarm; and water






3. Defined minimum performance measures at or above which the service delivered is considered acceptable






4. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack






5. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity






6. Advanced computer systems that can simulate human capabilities; such as analysis; based on a predetermined set of rules






7. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem






8. A system's level of resilience to seamlessly react from hardware and/or software failure






9. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it






10. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.






11. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996






12. A standardized body of data created for testing purposes. Users normally establish the data. Base case validates production application systems and tests the ongoing accurate operation of the system.






13. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba






14. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules






15. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.






16. A file format in which the file is divided into multiple subfiles and a directory is established to locate each subfile






17. Is present when a financial asset or liability is denominated in a foreign currency or is funded by borrowings in another currency






18. Requiring a great deal of computing power; processor intensive






19. A system of storing messages in a private recording medium where the called party can later retrieve the messages






20. Processes certified as supporting a security goal






21. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.






22. The act of verifying the identity of a system entity (e.g.; a user; a system; a network node) and the entity's eligibility to access computerized information. Designed to protect against fraudulent logon activity. Authentication can also refer to the






23. A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need






24. A special terminal used by computer operations personnel to control computer and systems operations functions. These terminals typically provide a high level of computer access and should be properly secured.






25. A language; which enables electronic documents that present information that can be connected together by links instead of being presented sequentially; as is the case with normal text.






26. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data






27. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C






28. A system development methodology that is organised around ''objects'' rather than ''actions;' and 'data ' rather than 'logic.' Object-oriented analysis is an assessment of a physical system to determine which objects in the real world need to be repr






29. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.






30. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code






31. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.






32. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.






33. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code






34. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.






35. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an






36. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b






37. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems






38. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)






39. Group of people responsible for a project; whose terms of reference may include the development; acquisition; implementation or maintenance of an application system. The team members may include line management; operational line staff; external contr






40. Confidentiality concerns the protection of sensitive information from unauthorized disclosure






41. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems






42. An edit check designed to ensure the data in a particular field is numeric






43. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of






44. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making






45. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.






46. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial






47. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups






48. A response; in which the system (automatically or in concert with the user) blocks or otherwise affects the progress of a detected attack. The response takes one of three forms--amending the environment; collecting more information or striking back a






49. An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)






50. An interface point between the CPU and a peripheral device