Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Those controls that seek to maintain confidentiality; integrity and availability of information
Data security
Access control
Point-of-presence (POP)
Cluster controller

2. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems
Risk
Information processing facility (IPF)
Switch
Database management system (DBMS)

3. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d
NAT (Network Address Translation)
Spanning port
Integrated services digital network (ISDN)
Communications controller

4. Impartial point of view which allows the IS auditor to act objectively and with fairness
Network hop
Independent attitude
Spoofing
Firewall

5. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.
False negative
Budget formula
Default deny policy
Access rights

6. Any yearly accounting period without regard to its relationship to a calendar year.
Information engineering
Fscal year
Threat
Star topology

7. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of
Audit evidence
Business impact analysis (BIA)
Application controls
Degauss

8. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission
Transaction log
Verification
ACK (acknowledgement)
Attribute sampling

9. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.
HTTP (hyper text transfer protocol)
Public key cryptosystem
Security policy
Business impact analysis (BIA)

10. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups
RADIUS
Access control
Control group
Baud rate

11. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.
Database management system (DBMS)
Audit evidence
Optical character recognition
Source documents

12. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack
False positive
Modem (modulator-demodulator)
Penetration testing
Fiber optic cable

13. The property that data meet with a priority expectation of quality and that the data can be relied upon
Components (as in component-based development)
Quick ship
Data integrity
Data owner

14. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities
Hyperlink
Encryption key
Local loop
Validity check

15. A protocol for packet-switching networks
Systems acquisition process
X.25
Computer-aided software engineering (CASE)
Integrated services digital network (ISDN)

16. A statement of the position within the organization; including lines of reporting and the rights of access
Optical scanner
Tuple
Bar case
Audit authority

17. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination
Datagram
Batch control
Standing data
Control risk self-assessment

18. Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.
Middleware
DDoS (distributed denial-of-service) attack
Man-in-the-middle attack
Source lines of code (SLOC)

19. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key
Private key
Idle standby
Repudiation
Service provider

20. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
Gateway
Blackbox testing
Fiber optic cable
Third-party review

21. An exception report is generated by a program that identifies transactions or data that appear to be incorrect. These items may be outside a predetermined range or may not conform to specified criteria.
Professional competence
Bulk data transfer
Exception reports
Transaction

22. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase
Regression testing
RADIUS
Security administrator
Asynchronous Transfer Mode (ATM)

23. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto
Signatures
Simple Object Access Protocol (SOAP)
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Appearance of independence

24. An approach to system development where the basic unit of attention is an object; which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template ca
Duplex routing
Systems analysis
Materiality
Object orientation

25. The outward impression of being self-governing and free from conflict of interest and undue influence
Bridge
Independent appearance
DNS (domain name system)
Risk assessment

26. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate
Protection domain
DoS (denial-of-service) attack
Parity check
Detection risk

27. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.
Object orientation
Hypertext
System testing
Allocation entry

28. Faking the sending address of a transmission in order to gain illegal entry into a secure system
System software
Spoofing
Biometric locks
LDAP (Lightweight Directory Access Protocol)

29. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
Computer-aided software engineering (CASE)
Point-of-sale systems (POS)
Trust
Network hop

30. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service
Relevant audit evidence
Warm-site
Application proxy
Worm

31. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr
Intelligent terminal
General computer controls
Due professional care
Middleware

32. A device that is used to authenticate a user; typically in addition to a username and password. It is usually a credit card-sized device that displays a pseudo random number that changes every few minutes.
Application controls
Salami technique
Token
Utility software

33. To configure a computer or other network device to resist attacks
Single point of failure
Source code compare programs
Run instructions
Harden

34. A set of metrics designed to measure the extent to which performance objectives are being achieved on an on-going basis. They can include service level agreements; critical success factors; customer satisfaction ratings; internal or external benchmar
Datagram
Service user
Logs/Log file
Performance indicators

35. The organization providing the outsourced service
Project sponsor
Service provider
Generalized audit software
Asymmetric key (public key)

36. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity
False negative
Edit controls
Service bureau
Token

37. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.
Interface testing
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Blackbox testing
Public key cryptosystem

38. The use of alphabetic characters or an alphabetic character string
Encryption key
Alpha
System software
Twisted pairs

39. Formal document which defines the IS auditor's responsibility; authority and accountability for a specific assignment
Engagement letter
Privilege
Harden
Internet banking

40. Disturbances; such as static; in data transmissions that cause messages to be misinterpreted by the receiver
Third-party review
Spool (simultaneous peripheral operations online)
Noise
UDDI

41. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.
Transaction protection
Data analysis
vulnerability
Service provider

42. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking
Asynchronous transmission
Electronic cash
Object Management Group (OMG)
Non-intrusive monitoring

43. The transmission of more than one signal across a physical channel
Dry-pipe fire extinguisher system
Multiplexing
Simple Object Access Protocol (SOAP)
Firewall

44. Diligence which a person would exercise under a given set of circumstances
Due care
Repository
Initial program load (IPL)
Fiber optic cable

45. The primary language used by both application programmers and end users in accessing relational databases
Performance testing
Brute force
Professional competence
Structured Query Language (SQL)

46. A data communication network that adds processing services such as error correction; data translation and/or storage to the basic function of transporting data
Internet Inter-ORB Protocol (IIOP)
War dialler
Value-added network (VAN)
Combined Code on Corporate Governance

47. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no
Idle standby
Application proxy
Combined Code on Corporate Governance
Detective controls

48. A storage facility located away from the building housing the primary information processing facility (IPF); used for storage of computer media such as offline backup data and storage files
Offsite storage
Protocol converter
Cluster controller
Judgment sampling

49. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical
Independent attitude
Virtual private network (VPN)
Computer-aided software engineering (CASE)
Database replication

50. This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer.
Nonrepudiation
Continuous auditing approach
Due care
Parity check