Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The objectives of management that are used as the framework for developing and implementing controls (control procedures).






2. A layer within the International Organization for Standardization (ISO)/Open Systems Interconnection (OSI) model. It is used in information transfers between users through application programs and other devices. In this layer various protocols are ne






3. Is the risk to earnings or capital arising from movements in interest rates. From an economic perspective; a bank focuses on the sensitivity of the value of its assets; liabilities and revenues to changes in interest rates. Internet banking may attra






4. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.






5. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus






6. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem






7. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea






8. Analysis that is performed on a continuous basis; with results gained in time to alter the run-time system






9. Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network; while denying access from the Internet directly to the private network.






10. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.






11. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed






12. The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction






13. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl






14. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates






15. The main memory of the computer's central processing unit






16. A group of items that is waiting to be serviced or processed






17. The use of alphabetic characters or an alphabetic character string






18. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.






19. The process of electronically inputting source documents by taking an image of the document; thereby eliminating the need for key entry






20. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems






21. In open systems architecture; circular routing is the logical path of a message in a communications network based on a series of gates at the physical network layer in the open systems interconnection (OSI) model.






22. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.






23. A financial system that establishes the means for transferring money between suppliers and users of funds; ordinarily by exchanging debits or credits between banks or financial institutions.






24. The rules by which a network operates and controls the flow and priority of transmissions






25. Software packages that sequentially dial telephone numbers; recording any numbers that answer






26. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population






27. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.






28. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is






29. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.






30. Criteria Of Control; published by the Canadian Institute of Chartered Accountants in 1995






31. A version of the Windows operating system that supports preemptive multitasking






32. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm






33. A debit or credit to a general ledger account. See also manual journal entry.






34. A cipher technique whereby different cryptographic keys are used to encrypt and decrypt a message (see public key cryptosystems)






35. A device used for combining several lower-speed channels into a higher-speed channel






36. The risk of giving an incorrect audit opinion






37. In a passive assault; intruders attempt to learn some characteristic of the data being transmitted. They may be able to read the contents of the data so the privacy of the data is violated. Alternatively; although the content of the data itself may r






38. The computer's primary working memory. Each byte of memory can be accessed randomly regardless of adjacent bytes.






39. Programs that are used to process live or actual data that were received as input into the production environment.






40. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display






41. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b






42. An international standard that defines information confidentiality; integrity and availability controls






43. To configure a computer or other network device to resist attacks






44. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The






45. Any situation or event that has the potential to harm a system






46. A printed machine-readable code that consists of parallel bars of varied width and spacing






47. A 24-hour; stand-alone mini-bank; located outside branch bank offices or in public places like shopping malls. Through ATMs; clients can make deposits; withdrawals; account inquiries and transfers. Typically; the ATM network is comprised of two spher






48. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.






49. This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer.






50. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests