Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.
Trust
ISO17799
Audit expert systems
Unit testing

2. An approach to system development where the basic unit of attention is an object; which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template ca
Uploading
Object orientation
Budget organization
Administrative controls

3. Devices that perform the functions of both bridges and routers; are called brouters. Naturally; they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones; which
Logon
Brouters
Detection risk
Uploading

4. The organization providing the outsourced service
Address
Service provider
Redundancy check
Encryption

5. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management
Log
Security administrator
Handprint scanner
Interest rate risk

6. Correctness checks built into data processing systems and applied to batches of input data; particularly in the data preparation stage. There are two main forms of batch controls: 1) sequence control; which involves numbering the records in a batch c
Batch control
Bar code
Arithmetic-logic unit (ALU)
Hot site

7. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements
HTTPS (hyper text transfer protocol secure)
Virus
Fourth generation language (4GL)
Application software tracing and mapping

8. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software
Virus
Trojan horse
Network
Sniff

9. Comparing the system's performance to other equivalent systems using well defined benchmarks
Data owner
Generalized audit software
e-commerce
Performance testing

10. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.
Hyperlink
Electronic signature
Operational risk
Business-to-consumer e-commerce (B2C)

11. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme
Protocol stack
Public key
Controls (Control procedures)
Diskless workstations

12. A list of retracted certificates
Service user
Source code
Certificate Revocation List
Utility software

13. Faking the sending address of a transmission in order to gain illegal entry into a secure system
Spoofing
Sniff
Personal identification number (PIN)
SMTP (Simple Mail Transport Protocol)

14. Program flowcharts show the sequence of instructions in a single program or subroutine. The symbols used should be the internationally accepted standard. Program flowcharts should be updated when necessary.
Program flowcharts
Intranet
Systems acquisition process
Smart card

15. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to
Piggy backing
Noise
Electronic signature
Rounding down

16. An international consortium founded in 1994 of affiliates from public and private organizations involved with the Internet and the web. The W3C's primary mission is to promulgate open standards to further enhance the economic growth of Internet web s
world wide web (WWW)
ASP/MSP (application or managed service provider)
World Wide Web Consortium (W3C)
Anomaly detection

17. Analysis of the security state of a system or its compromise on the basis of information collected at intervals
RSA
Universal Description; Discovery and Integration (UDDI)
Continuity
Vulnerability analysis

18. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users
Alpha
Fscal year
Split DNS
Business process reengineering (BPR)

19. An automated detail report of computer system activity
Image processing
Console log
Diskless workstations
Initial program load (IPL)

20. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.
Shell
Credit risk
PPTP (point-to-point tunneling protocol)
Default deny policy

21. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The
Comprehensive audit
Uninterruptible power supply (UPS)
Digital certification
Remote procedure calls (RPCs)

22. The roles; scope and objectives documented in the service level agreement between management and audit
Audit responsibility
Performance indicators
Benchmark
Technical infrastructure security

23. Measure of interconnectivity among software program modules' structure. Coupling depends on the interface complexity between modules. This can be defined as the point at which entry or reference is made to a module; and what data passes across the in
Security policy
Authentication
Demodulation
Coupling

24. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it
Fail-safe
Error risk
Private key
Remote procedure calls (RPCs)

25. Standard that defines how global directories should be structured. X.500 directories are hierarchical with different levels for each category of information; such as country; state and city.
Redo logs
Continuity
X.500
Geographic disk mirroring

26. (remote authentication dial-in user service)
Computer-assisted audit technique (CAATs)
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
RADIUS
Integrity

27. A small electronic device that contains electronic memory; and possibly an embedded integrated circuit. It can be used for a number of purposes including the storage of digital certificates or digital cash; or it can be used as a token to authenticat
Detective controls
Trap door
Internal storage
Smart card

28. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas
Requirements definition
Ring topology
Combined Code on Corporate Governance
implementation life cycle review

29. An Internet standard that allows a network to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. The server; providing the NAT service; changes the source address of outgoing packets from the internal
NAT (Network Address Translation)
Service user
Vulnerabilities
Operational risk

30. Compares data to predefined reasonability limits or occurrence rates established for the data.
Broadband
Reasonableness check
Offsite storage
Executable code

31. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'
Centralized data processing
Data integrity
Integrated services digital network (ISDN)
Transaction protection

32. A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source
Audit trail
War dialler
Address space
Remote job entry (RJE)

33. A set of protocols developed by the IETF to support the secure exchange of packets
IPSec (Internet protocol security)
Spanning port
Certificate authority (CA)
Proxy server

34. The Committee on the Financial Aspects of Corporate Governance; set up in May 1991 by the UK Financial Reporting Council; the London Stock Exchange and the UK accountancy profession; was chaired by Sir Adrian Cadbury and produced a report on the subj
Offline files
Fraud risk
Rotating standby
Cadbury

35. The outward impression of being self-governing and free from conflict of interest and undue influence
business process integrity
Independent appearance
Real-time processing
World Wide Web Consortium (W3C)

36. The risk of errors occurring in the area being audited
Nonrepudiable trnasactions
Assembly language
Executable code
Error risk

37. An evaluation of any part of a project to perform maintenance on an application system (e.g.; project management; test plans; user acceptance testing procedures)
Trusted processes
Appearance of independence
Application maintenance review
Encryption

38. Applications that detect; prevent and possibly remove all known viruses from files located in a microcomputer hard drive
Application controls
Antivirus software
Data dictionary
Duplex routing

39. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).
Reengineering
Objectivity
Indexed sequential access method (ISAM)
Bandwidth

40. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.
Geographic disk mirroring
Independent appearance
Reputational risk
Useful audit evidence

41. Hardware devices; such as asynchronous and synchronous transmissions; that convert between two different types of transmission
Database management system (DBMS)
Protocol converter
Star topology
Demodulation

42. A procedure designed to ensure that no fields are missing from a record
Interface testing
Honey pot
Completeness check
Database administrator (DBA)

43. A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster
Biometric locks
Ciphertext
Hot site
Audit program

44. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.
Operational audit
Source code compare programs
Gateway
Hash total

45. Disturbances; such as static; in data transmissions that cause messages to be misinterpreted by the receiver
Noise
Abend
Machine language
Hypertext

46. Requiring a great deal of computing power; processor intensive
Control group
Port
Computationally greedy
Request for proposal (RFP)

47. A protocol for accessing a secure web server; whereby all data transferred is encrypted
Electronic funds transfer (EFT)
HTTPS (hyper text transfer protocol secure)
Password
Data Encryption Standard (DES)

48. Data unit that is routed from source to destination in a packet-switched network. A packet contains both routing information and data. Transmission control protocol/Internet protocol (TCP/IP) is such a packet-switched network.
Packet
Rootkit
browser
Ring topology

49. A computer file storage format in which one record follows another. Records can be accessed sequentially only. It is required with magnetic tape.
Integrated test facilities (ITF)
Sequential file
Real-time analysis
Auditability

50. A protocol used to transmit data securely between two end points to create a VPN
ISP (Internet service provider)
Asynchronous Transfer Mode (ATM)
Audit expert systems
PPTP (point-to-point tunneling protocol)