Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv
ASCII (American Standard Code for Information Interchange)
Batch control
Brouters
Web page

2. A file format in which records are organized and can be accessed; according to a preestablished key that is part of the record
Management information system (MIS)
System flowcharts
Indexed sequential file
Audit objective

3. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr
General computer controls
Data communications
Star topology
Computer sequence checking

4. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C
Object Management Group (OMG)
Brute force
Encryption
Static analysis

5. A language used to control run routines in connection with performing tasks on a computer
Antivirus software
Job control language (JCL)
Brouters
Audit

6. A test to check the system's ability to recover after a software or hardware failure
Reasonable assurance
Comparison program
Monitoring policy
Recovery testing

7. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).
Intrusion detection
L2TP (Layer 2 tunneling protocol)
Data security
Extensible Markup Language (XML)

8. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.
Hash total
Performance indicators
Packet filtering
Criteria

9. Analysis of the security state of a system or its compromise on the basis of information collected at intervals
Audit responsibility
Certificate Revocation List
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Vulnerability analysis

10. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to
Handprint scanner
Electronic cash
Rounding down
Parity check

11. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries
Wide area network (WAN)
Logon
Rounding down
Data flow

12. Unauthorized electronic exits; or doorways; out of an authorized computer program into a set of malicious instructions or programs
Data structure
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
Service provider
Trap door

13. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.
Synchronous transmission
Address space
Performance indicators
Application controls

14. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances
Interface testing
Control risk self-assessment
Due professional care
Worm

15. An eight-bit code representing 256 characters; used in most large computer systems
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Independence
Run-to-run totals
Systems analysis

16. The time it takes a system and network delay to respond. System latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.
X.25
Queue
Latency
Cross-certification

17. The information an auditor gathers in the course of performing an IS audit. Evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Run instructions
Corrective controls
Numeric check
Evidence

18. Correctness checks built into data processing systems and applied to batches of input data; particularly in the data preparation stage. There are two main forms of batch controls: 1) sequence control; which involves numbering the records in a batch c
System narratives
Circuit-switched network
Batch control
Permanent virtual circuit (PVC)

19. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.
Intranet
Symmetric key encryption
Credentialed analysis
Untrustworthy host

20. The process of converting a digital computer signal into an analog telecommunications signal
BSP (business service provider)
Parity check
Single point of failure
Modulation

21. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint
Biometrics
Optical scanner
Noise
Components (as in component-based development)

22. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od
Centralized data processing
Black box testing
Intranet
Parity check

23. The interface between the user and the system
Service level agreement (SLA)
Shell
Program evaluation and review technique (PERT)
Permanent virtual circuit (PVC)

24. A method used in the information processing facility (IPF) to determine and establish the sequence of computer job processing
Masqueraders
Echo checks
Scheduling
Reengineering

25. Those controls that seek to maintain confidentiality; integrity and availability of information
RS-232 interface
Format checking
Handprint scanner
Data security

26. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is
Continuous auditing approach
Run-to-run totals
Expert systems
IDS (intrusion detection system)

27. Controls that prevent unauthorized access from remote users that attempt to access a secured environment. These controls range from dial-back controls to remote user authentication.
Public key cryptosystem
Dial-in access controls
Modulation
Decision support systems (DSS)

28. Faking the sending address of a transmission in order to gain illegal entry into a secure system
Remote job entry (RJE)
Repudiation
Spoofing
Electronic data interchange (EDI)

29. A level of comfort short of a guarantee but considered adequate given the costs of the control and the likely benefits achieved
Application acquisition review
Asymmetric key (public key)
Reasonable assurance
Monitoring policy

30. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer
Input controls
Operator console
Editing
Repudiation

31. An individual who attempts to gain unauthorized access to a computer system
Hot site
Audit charter
Gateway
Hacker

32. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))
Alpha
Mutual takeover
Web Services Description Language (WSDL)
Gateway

33. The practice of eavesdropping on information being transmitted over telecommunications links
Wiretapping
Abend
E-mail/interpersonal messaging
Audit charter

34. Computer hardware that houses the electronic circuits that control/direct all operations of the computer system
Financial audit
Public key infrastructure
End-user computing
Central processing unit (CPU)

35. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy
Reputational risk
Virtual private network (VPN)
Service provider
Engagement letter

36. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.
Reliable audit evidence
Security software
Monitoring policy
Leased lines

37. Source lines of code are often used in deriving single-point software-size estimations.
Synchronous transmission
Source lines of code (SLOC)
Professional competence
Image processing

38. Measure of interconnectivity among software program modules' structure. Coupling depends on the interface complexity between modules. This can be defined as the point at which entry or reference is made to a module; and what data passes across the in
Coupling
Digital signature
Audit charter
Database administrator (DBA)

39. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl
Segregation/separation of duties
Address
Link editor (linkage editor)
Brute force

40. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b
Reputational risk
Electronic vaulting
Source documents
Comparison program

41. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.
Central office (CO)
Hyperlink
Audit plan
Tape management system (TMS)

42. The person responsible for maintaining a LAN and assisting end users
Logs/Log file
Twisted pairs
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
Network administrator

43. Checks that data are entered correctly
Brute force
Software
Verification
Systems analysis

44. Block-at-a-time data transmission
Range check
DDoS (distributed denial-of-service) attack
Availability
Synchronous transmission

45. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.
Web site
File
Production software
Application system

46. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.
Penetration testing
Technical infrastructure security
Parallel testing
Salami technique

47. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product
Request for proposal (RFP)
Prototyping
Rotating standby
Operational audit

48. A collection of computer programs used in the design; processing and control of all applications. The programs and processing routines that control the computer hardware; including the operating system and utility programs. Refers to the operating sy
Indexed sequential access method (ISAM)
System software
Recovery time objective (RTO)
Application software tracing and mapping

49. The proportion of known attacks detected by an intrusion detection system
Coverage
Budget formula
Demodulation
Control risk self-assessment

50. The process of monitoring the events occurring in a computer system or network; detecting signs of security problems
Star topology
Network hop
Strategic risk
Intrusion detection