Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The machine language code that is generally referred to as the object or load module






2. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.






3. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files






4. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat






5. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level






6. A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster






7. Unusual or statistically rare






8. A formal agreement with a third party to perform an IS function for an organization






9. Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the ca






10. Those controls that seek to maintain confidentiality; integrity and availability of information






11. Business events or information grouped together because they have a single or similar purpose. Typically; a transaction is applied to a calculation or event that then results in the updating of a holding or master file.






12. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.






13. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system






14. Any intentional violation of the security policy of a system






15. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer






16. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication






17. Used to enable remote access to a server computer. Commands typed are run on the remote server.






18. A program that translates programming language (source code) into machine executable instructions (object code)






19. Detection on the basis of whether the system activity matches that defined as bad






20. Computer hardware that houses the electronic circuits that control/direct all operations of the computer system






21. A testing approach that uses knowledge of a program/module's underlying implementation and code intervals to verify its expected behavior.






22. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.






23. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data






24. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.






25. A protocol and program that allows the remote identification of users logged into a system






26. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.






27. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules






28. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all






29. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun






30. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo






31. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes






32. Defined minimum performance measures at or above which the service delivered is considered acceptable






33. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file






34. A group of items that is waiting to be serviced or processed






35. The process of monitoring the events occurring in a computer system or network; detecting signs of security problems






36. A system of interconnected computers and the communications equipment used to connect them






37. A process involving the extraction of components from existing systems and restructuring these components to develop new systems or to enhance the efficiency of existing systems. Existing software systems thus can be modernized to prolong their funct






38. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.






39. The area of the central processing unit that performs mathematical and analytical operations






40. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.






41. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels






42. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim






43. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department






44. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development






45. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.






46. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.






47. A program that processes actions upon business data; such as data entry; update or query. It contrasts with systems program; such as an operating system or network control program; and with utility programs; such as copy or sort.






48. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries






49. Used in data encryption; it uses a secret key to encrypt the plaintext to the ciphertext. It also uses the same key to decrypt the ciphertext to the corresponding plaintext. In this case; the key is symmetric such that the encryption key is equivalen






50. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code