SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A group of items that is waiting to be serviced or processed
Auditability
Queue
End-user computing
Synchronous transmission
2. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.
Hacker
Half duplex
System software
FTP (file transfer protocol)
3. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications
Third-party review
Application security
Detailed IS ontrols
vulnerability
4. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Object code
Coupling
Computer-aided software engineering (CASE)
Optical scanner
5. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide
RFC (request for comments)
SYN (synchronize)
Direct reporting engagement
Data analysis
6. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.
Operational control
Database administrator (DBA)
Inheritance (objects)
Prototyping
7. A set of protocols developed by the IETF to support the secure exchange of packets
IPSec (Internet protocol security)
Scure socket layer (SSL)
Operating system
Fiber optic cable
8. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.
Detailed IS ontrols
False negative
Computationally greedy
Appearance
9. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being
Active response
Continuous auditing approach
BSP (business service provider)
Buffer
10. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch
Real-time analysis
Spanning port
world wide web (WWW)
Procedure
11. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.
DMZ (demilitarized zone)
Service provider
Bypass label processing (BLP)
Security/transaction risk
12. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.
Idle standby
Internet Engineering Task Force (IETF)
Half duplex
Repudiation
13. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d
Capacity stress testing
Control weakness
Integrated services digital network (ISDN)
Recovery testing
14. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it
Spoofing
Fail-safe
Dry-pipe fire extinguisher system
Signatures
15. A multiuser; multitasking operating system that is used widely as the master control program in workstations and especially servers
Computer server
UNIX
Security software
Inherent risk
16. A code whose representation is limited to 0 and 1
Appearance of independence
Strategic risk
Binary code
Cathode ray tube (CRT)
17. Files created specifically to record various actions occurring on the system to be monitored; such as failed login attempts; full disk drives and e-mail delivery failures
Base case
Manual journal entry
Logs/Log file
Source code
18. A journal entry entered at a computer terminal. Manual journal entries can include regular; statistical; inter-company and foreign currency entries
Manual journal entry
LDAP (Lightweight Directory Access Protocol)
Audit authority
Telecommunications
19. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently
Recovery time objective (RTO)
Base case
Systems analysis
Concurrent access
20. The process of determining what types of activities are permitted. Ordinarily; authorisation is in the context of authentication: once you have authenticated a user; he/she may be authorised to perform different types of access or activity
Encapsulation (objects)
Indexed sequential access method (ISAM)
Coaxial cable
Authorization
21. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.
Unit testing
Utility programs
Automated teller machine (ATM)
Initial program load (IPL)
22. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service
Point-of-presence (POP)
Requirements definition
Hot site
Reasonable assurance
23. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack
Business impact analysis (BIA)
HTTP (hyper text transfer protocol)
Reverse engineering
Network hop
24. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.
Private key cryptosystems
Application controls
Expert systems
Electronic funds transfer (EFT)
25. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec
Sampling risk
Man-in-the-middle attack
Technical infrastructure security
Anomaly detection
26. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy
COCO
Unit testing
Port
Audit
27. Impartial point of view which allows the IS auditor to act objectively and with fairness
Dry-pipe fire extinguisher system
Optical character recognition
Independent attitude
Offline files
28. The transmission of job control language (JCL) and batches of transactions from a remote terminal location
Modulation
Remote job entry (RJE)
Alpha
Gateway
29. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.
Reliable audit evidence
Inherent risk
Firewall
FTP (file transfer protocol)
30. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.
Computationally greedy
Edit controls
DoS (denial-of-service) attack
Information engineering
31. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements
Active recovery site (mirrored)
Recovery testing
Application software tracing and mapping
Check digit verification (self-checking digit)
32. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.
Virus
RS-232 interface
Audit program
Business-to-consumer e-commerce (B2C)
33. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame
Telnet
Arithmetic-logic unit (ALU)
Frame relay
Biometrics
34. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population
Cathode ray tube (CRT)
Optical character recognition
Audit sampling
Operating system
35. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto
Service provider
X.25 interface
Simple Object Access Protocol (SOAP)
Integrated services digital network (ISDN)
36. Using telecommunications facilities for handling and processing of computerized information
IDS (intrusion detection system)
Teleprocessing
Packet
Nonrepudiation
37. A test to check the system's ability to recover after a software or hardware failure
Recovery testing
Filtering router
Useful audit evidence
Integrated services digital network (ISDN)
38. The physical layout of how computers are linked together. Examples include ring; star and bus.
Split data systems
IT governance
Topology
Unit testing
39. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco
Modem (modulator-demodulator)
Client-server
Transaction
Quick ship
40. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes
Repository
IP (Internet protocol)
Offline files
Allocation entry
41. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;
Audit responsibility
Security management
Network hop
Object code
42. Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.
Middleware
RS-232 interface
Access path
Intrusion detection
43. Program flowcharts show the sequence of instructions in a single program or subroutine. The symbols used should be the internationally accepted standard. Program flowcharts should be updated when necessary.
Variable sampling
Half duplex
Third-party review
Program flowcharts
44. An attack capturing sensitive pieces of information; such as passwords; passing through the network
Microwave transmission
Sniffing
Multiplexor
Trusted systems
45. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.
Application programming
Business impact analysis (BIA)
Address space
Batch processing
46. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.
Online data processing
Operational control
Fail-safe
Reciprocal agreement
47. Risks that could impact the organization's ability to perform business or provide a service. They can be financial; regulatory or control oriented.
Interest rate risk
Security management
Business risk
Baseband
48. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links
Bridge
Control weakness
Data communications
PPTP (point-to-point tunneling protocol)
49. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.
Registration authority (RA)
Application maintenance review
TCP (transmission control protocol)
Worm
50. A workstation or PC on a network that does not have its own disk. Instead; it stores files on a network file server.
Diskless workstations
Proxy server
Function point analysis
Web page