Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Point at which terminals are given access to a network






2. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy






3. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)






4. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis






5. An integrated set of computer programs designed to serve a particular function that has specific input; processing and output activities (e.g.; general ledger; manufacturing resource planning; human resource management)






6. A sampling technique that estimates the amount of overstatement in an account balance






7. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files






8. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the






9. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.






10. Digital information; such as cleartext; that is intelligible to the reader






11. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example






12. The transfer of service from an incapacitated primary component to its backup component






13. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and






14. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences






15. The consolidation in 1998 of the ''Cadbury;'' ''Greenbury'' and ''Hampel'' Reports. Named after the Committee Chairs; these reports were sponsored by the UK Financial Reporting Council; the London Stock Exchange; the Confederation of British Industry






16. Impartial point of view which allows the IS auditor to act objectively and with fairness






17. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.






18. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.






19. A set of protocols developed by the IETF to support the secure exchange of packets






20. A fail-over process in which there are two nodes (as in idle standby but without priority). The node that enters the cluster first owns the resource group; and the second will join as a standby node.






21. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.






22. A device that forwards packets between LAN devices or segments. LANs that use switches are called switched LANs.






23. Analysis of the security state of a system or its compromise on the basis of information collected at intervals






24. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.






25. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of






26. A telecommunications traffic controlling methodology in which a complete message is sent to a concentration point and stored until the communications path is established






27. The structure through which the objectives of an organization are set; and the means of attaining those objectives; and determines monitoring performance guidelines. Good corporate governance should provide proper incentives for board and management






28. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication






29. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems






30. The primary language used by both application programmers and end users in accessing relational databases






31. A computer program or set of programs that perform the processing of records for a specific function






32. Detection on the basis of whether the system activity matched that defined as abnormal






33. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re






34. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange






35. The logical language a computer understands






36. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'






37. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations






38. Specifies the format of packets and the addressing scheme






39. The process of converting an analog telecommunications signal into a digital computer signal






40. A communications channel over which data can be sent and received simultaneously






41. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;






42. An approach to system development where the basic unit of attention is an object; which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template ca






43. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.






44. A pair of small; insulated wires that are twisted around each other to minimize interference from other wires in the cable. This is a low-capacity transmission medium.






45. An attack capturing sensitive pieces of information; such as passwords; passing through the network






46. Records of system events generated by a specialized operating system mechanism






47. Detection on the basis of whether the system activity matches that defined as bad






48. A third party that provides organizations with a variety of Internet; and Internet-related services






49. An input device that reads characters and images that are printed or painted on a paper form into the computer.






50. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management