Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user
Source lines of code (SLOC)
Cold site
Unit testing
Transaction

2. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates
Certificate authority (CA)
Application development review
Image processing
Security administrator

3. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system
Application implementation review
Dial-back
Password
Tuple

4. A system software tool that logs; monitors and directs computer tape usage
Tape management system (TMS)
Decryption key
Whitebox testing
Privilege

5. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.
Application maintenance review
Output analyzer
LDAP (Lightweight Directory Access Protocol)
Untrustworthy host

6. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.
Hyperlink
Signatures
Latency
FTP (file transfer protocol)

7. A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements
Degauss
Relevant audit evidence
Database
Baseband

8. Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period
Cold site
Database replication
Internet banking
Compliance testing

9. A data transmission service requiring the establishment of a circuit-switched connection before data can be transferred from source data terminal equipment (DTE) to a sink DTE. A circuit-switched data transmission service uses a connection network.
Circuit-switched network
Evidence
Coaxial cable
Fraud risk

10. The use of alphabetic characters or an alphabetic character string
Alpha
Utility software
Record
Access control

11. The boundary that defines the area of security concern and security policy coverage
Protocol converter
SYN (synchronize)
Security perimeter
Queue

12. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems
Security testing
FTP (file transfer protocol)
Synchronous transmission
Applet

13. The act of copying raw data from one place to another with little or no formatting for readability. Usually; dump refers to copying data from main memory to a display screen or a printer. Dumps are useful for diagnosing bugs. After a program fails; o
Memory dump
Hardware
Parallel testing
Tcpdump

14. Patterns indicating misuse of a system
Continuous auditing approach
Cathode ray tube (CRT)
Signatures
Continuity

15. An eight-digit/seven-bit code representing 128 characters; used in most small computers
Audit plan
Distributed data processing network
ASCII (American Standard Code for Information Interchange)
Cadbury

16. An entity that may be given responsibility for performing some of the administrative tasks necessary in the registration of subjects; such as confirming the subject's identity; validating that the subject is entitled to have the attributes requested
Performance indicators
Corporate exchange rate
Registration authority (RA)
Service bureau

17. A set of utilities that implement a particular network protocol. For instance; in Windows machines a TCP/IP stack consists of TCP/IP software; sockets software and hardware driver software.
Fscal year
Protocol stack
Performance testing
Magnetic card reader

18. Formal document which defines the IS auditor's responsibility; authority and accountability for a specific assignment
Challenge/response token
L2F (Layer 2 forwarding)
Engagement letter
Application software tracing and mapping

19. The process of monitoring the events occurring in a computer system or network; detecting signs of security problems
Telnet
Intrusion detection
Blackbox testing
Uploading

20. Simulated transactions that can be used to test processing logic; computations and controls actually programmed in computer applications. Individual programs or an entire system can be tested. This technique includes Integrated Test Facilities (ITFs)
Transaction
Value-added network (VAN)
Screening routers
Test data

21. Provide verification that all transmitted data are read and processed
Integrated services digital network (ISDN)
Public key
Run-to-run totals
Private key

22. Software used to create data to be used in the testing of computer programs
Data flow
Residual risk
Expert systems
Test generators

23. A document that confirms the client's and the IS auditor's acceptance of a review assignment
Components (as in component-based development)
Librarian
Budget hierarchy
Terms of reference

24. The ability to map a given activity or event back to the responsible party
Assembly language
COCO
Star topology
Accountability

25. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.
Digital signature
Data Encryption Standard (DES)
PPTP (point-to-point tunneling protocol)
e-commerce

26. Universal Description; Discovery and Integration
Frame relay
Master file
Teleprocessing
UDDI

27. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed
Backup
Promiscuous mode
Control risk self-assessment
Exception reports

28. English-like; user friendly; nonprocedural computer languages used to program and/or read and process computer files
Judgment sampling
Nonrepudiation
Enterprise governance
Fourth generation language (4GL)

29. Any information collection mechanism utilized by an intrusion detection system
Monitor
UDP (User Datagram Protocol)
Corporate governance
Virus

30. Programs that provide assurance that the software being audited is the correct version of the software; by providing a meaningful listing of any discrepancies between the two versions of the program
Audit trail
ICMP (internet control message protocol)
Shell
Source code compare programs

31. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))
Threat
Web Services Description Language (WSDL)
Memory dump
Registration authority (RA)

32. Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure; more responsive to the customer base and market conditions; while yielding material cost savings. To ree
Software
Business process reengineering (BPR)
Packet filtering
Web page

33. Any intentional violation of the security policy of a system
Application acquisition review
Anonymous File Transfer Protocol (FTP)
Audit evidence
Intrusion

34. Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer.
Encapsulation (objects)
Librarian
Utility software
Audit risk

35. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems
Indexed sequential file
Application software tracing and mapping
ACK (acknowledgement)
Information engineering

36. A cipher technique whereby different cryptographic keys are used to encrypt and decrypt a message (see public key cryptosystems)
Program flowcharts
Rapid application development
Materiality
Asymmetric key (public key)

37. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig
Fiber optic cable
Fail-over
SYN (synchronize)
Enterprise governance

38. A collection of related information treated as a unit. Separate fields within the record are used for processing of the information.
Record
Intranet
Check digit
Auditability

39. Programs and supporting documentation that enable and facilitate use of the computer. Software controls the operation of the hardware.
Software
Multiplexor
Datagram
Authentication

40. A system development technique that enables users and developers to reach agreement on system requirements. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphas
Intelligent terminal
Master file
Console log
Prototyping

41. Measure of interconnectivity among software program modules' structure. Coupling depends on the interface complexity between modules. This can be defined as the point at which entry or reference is made to a module; and what data passes across the in
Coupling
Audit objective
Downloading
Requirements definition

42. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.
Frame relay
Reliable audit evidence
Prototyping
Multiplexing

43. Files maintained by a system; primarily a database management system; for the purposed of reapplying changes following an error or outage recovery
Auditability
Redo logs
Firewall
Cleartext

44. Filters out electrical surges and spikes
Surge suppressor
Computationally greedy
Bypass label processing (BLP)
Operational risk

45. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the
liquidity risk
Audit charter
SMTP (Simple Mail Transport Protocol)
Credit risk

46. Way of thinking; behaving; feeling; etc.
Bus
Attitude
Multiplexor
Audit program

47. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes
Point-of-presence (POP)
Non-intrusive monitoring
Simple Object Access Protocol (SOAP)
Buffer

48. Programs that are tested and evaluated before approval into the production environment. Test programs; through a series of change control moves; migrate from the test environment to the production environment and become production programs.
Test programs
Scheduling
Sniff
Misuse detection

49. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users
Circular routing
Split DNS
Noise
Ethernet

50. A methodology that enables organisations to develop strategically important systems faster; while reducing development costs and maintaining quality by using a series of proven application development techniques; within a well-defined methodology.
Asynchronous Transfer Mode (ATM)
Rapid application development
Open systems
Coaxial cable