Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A process involving the extraction of components from existing systems and restructuring these components to develop new systems or to enhance the efficiency of existing systems. Existing software systems thus can be modernized to prolong their funct






2. A set of protocols that allow systems to communicate information about the state of services on other systems. It is used; for example; in determining whether systems are up; maximum packet sizes on links; whether a destination host/network/port is a






3. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C






4. Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period






5. A document which defines the IS audit function's responsibility; authority and accountability






6. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an






7. A third party that provides organizations with a variety of Internet; and Internet-related services






8. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for






9. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.






10. The act of transferring computerized information from one computer to another computer






11. Transactions that cannot be denied after the fact






12. Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.






13. A cipher technique whereby different cryptographic keys are used to encrypt and decrypt a message (see public key cryptosystems)






14. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical






15. The process of monitoring the events occurring in a computer system or network; detecting signs of security problems






16. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy






17. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature






18. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system






19. The act of giving the idea or impression of being or doing something






20. A protocol and program that allows the remote identification of users logged into a system






21. Integral part of an application system that is designed to identify and report specific transactions or other information based on pre-determined criteria. Identification of reportable items occurs as part of real-time processing. Reporting may be re






22. A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited; the type of work planned; the high level objectives and scope of the work; and topics such as budget; res






23. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.






24. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem






25. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim






26. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population






27. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco






28. A standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system.






29. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules






30. Criteria Of Control; published by the Canadian Institute of Chartered Accountants in 1995






31. Devices that perform the functions of both bridges and routers; are called brouters. Naturally; they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones; which






32. Analysis of the security state of a system or its compromise on the basis of information collected at intervals






33. The amount of time allowed for the recovery of a business function or resource after a disaster occurs






34. The rules outlining the way in which information is captured and interpreted






35. A program that translates programming language (source code) into machine executable instructions (object code)






36. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.






37. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code






38. System flowcharts are graphical representations of the sequence of operations in an information system or program. Information system flowcharts show how data from source documents flow through the computer to final distribution to users. Symbols use






39. The process of converting an analog telecommunications signal into a digital computer signal






40. The use of alphabetic characters or an alphabetic character string






41. The time it takes a system and network delay to respond. System latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.






42. A small electronic device that contains electronic memory; and possibly an embedded integrated circuit. It can be used for a number of purposes including the storage of digital certificates or digital cash; or it can be used as a token to authenticat






43. A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements






44. A communication network that serves several users within a specified geographic area. It is made up of servers; workstations; a network operating system and a communications link. Personal computer LANs function as distributed processing systems in w






45. Any yearly accounting period without regard to its relationship to a calendar year.






46. A language; which enables electronic documents that present information that can be connected together by links instead of being presented sequentially; as is the case with normal text.






47. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.






48. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.






49. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat






50. Patterns indicating misuse of a system