SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities
Local loop
Point-of-presence (POP)
Source code
Service bureau
2. An individual or department responsible for the security and information classification of the shared data stored on a database system. This responsibility includes the design; definition and maintenance of the database.
price risk
Middleware
Protocol converter
Database administrator (DBA)
3. The actions/controls dealing with operational effectiveness; efficiency and adherence to regulations and management policies
Tuple
Administrative controls
Router
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
4. A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.
Integrated services digital network (ISDN)
External router
Black box testing
Redundancy check
5. Requiring a great deal of computing power; processor intensive
Computationally greedy
Memory dump
Data analysis
Bus
6. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o
Budget hierarchy
Open systems
Application implementation review
Network
7. A networking device that can send (route) data packets from one local area network (LAN) or wide area network (WAN) to another; based on addressing at the network layer (Layer 3) in the OSI model. Networks connected by routers can use different or si
Diskless workstations
Audit accountability
Enterprise governance
Router
8. A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited; the type of work planned; the high level objectives and scope of the work; and topics such as budget; res
Arithmetic-logic unit (ALU)
Sequential file
Audit plan
liquidity risk
9. Intentional violations of established management policy or regulatory requirements. Deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole; gross negligence or unintentional illegal acts.
Public key cryptosystem
Nonrepudiable trnasactions
Irregularities
Segregation/separation of duties
10. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo
price risk
Anonymous File Transfer Protocol (FTP)
Misuse detection
Fail-over
11. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.
Computer-aided software engineering (CASE)
Internal control
Misuse detection
Default deny policy
12. The property that data meet with a priority expectation of quality and that the data can be relied upon
Transaction
Central office (CO)
Data integrity
Database management system (DBMS)
13. A resource whose loss will result in the loss of service or production
Switch
Mapping
Application implementation review
Single point of failure
14. A computer program or set of programs that perform the processing of records for a specific function
Protocol stack
Terminal
Application
Assembly language
15. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.
Packet
Redundancy check
Electronic signature
Computer-assisted audit technique (CAATs)
16. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.
Cross-certification
General computer controls
Comparison program
Trojan horse
17. A protocol for packet-switching networks
Regression testing
Control perimeter
X.25
Polymorphism (objects)
18. A biometric device that is used to authenticate a user through palm scans
COSO
Handprint scanner
Scheduling
Virus
19. A permanent connection between hosts in a packet switched network
Cluster controller
Permanent virtual circuit (PVC)
Computer-aided software engineering (CASE)
Independent appearance
20. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files
Record; screen and report layouts
Operational risk
Independence
Logical access controls
21. The primary language used by both application programmers and end users in accessing relational databases
Integrated services digital network (ISDN)
Structured Query Language (SQL)
X.25
Run instructions
22. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme
Project sponsor
Personal identification number (PIN)
Security software
Public key
23. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.
Trojan horse
NAT (Network Address Translation)
Fraud risk
Continuity
24. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.
Terms of reference
Digital signature
Regression testing
Magnetic ink character recognition (MICR)
25. The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risk.
Electronic cash
Online data processing
Audit authority
Audit objective
26. Used to ensure that input data agree with predetermined criteria stored in a table
Table look-ups
E-mail/interpersonal messaging
Scure socket layer (SSL)
Echo checks
27. An integrated set of computer programs designed to serve a particular function that has specific input; processing and output activities (e.g.; general ledger; manufacturing resource planning; human resource management)
Intrusive monitoring
Worm
Web page
Application system
28. The level of trust with which a system object is imbued
Uploading
Taps
Random access memory (RAM)
Privilege
29. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)
Error
Exception reports
Incremental testing
Application implementation review
30. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances
Electronic vaulting
Data security
Due professional care
Bridge
31. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user
Multiplexing
Control weakness
Abend
Cold site
32. Use of the Internet as a remote delivery channel for banking services. Services include the traditional ones; such as opening an account or transferring funds to different accounts; and new banking services; such as electronic bill presentment and pa
Record; screen and report layouts
Terms of reference
Internet banking
File server
33. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.
Inheritance (objects)
Unit testing
Bridge
Smart card
34. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.
Hexadecimal
Third-party review
Protection domain
Intrusion
35. A report that identifies the elapsed time when a computer is not operating correctly because of machine failure
System software
Fourth generation language (4GL)
Certificate authority (CA)
Downtime report
36. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically
Database specifications
Dumb terminal
Rounding down
Judgment sampling
37. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Relevant audit evidence
Data analysis
Risk assessment
Credit risk
38. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'
Transaction protection
Evidence
Virtual private network (VPN)
Edit controls
39. The act or function of developing and maintaining applications programs in production
Magnetic card reader
Application programming
Systems acquisition process
Card swipes
40. A piece of information; in a digitized form; used to recover the plaintext from the corresponding ciphertext by decryption
Residual risk
Logs/Log file
Continuity
Decryption key
41. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission
Hacker
Private key cryptosystems
ACK (acknowledgement)
Database administrator (DBA)
42. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996
Internet Engineering Task Force (IETF)
COBIT
Generalized audit software
Packet
43. A communication network that serves several users within a specified geographic area. It is made up of servers; workstations; a network operating system and a communications link. Personal computer LANs function as distributed processing systems in w
Binary code
Control section
False positive
Local area network (LAN)
44. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity
Editing
Test generators
False negative
Universal Description; Discovery and Integration (UDDI)
45. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure
Tuple
Data custodian
Default password
Transaction protection
46. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac
Adjusting period
Batch control
Microwave transmission
Availability
47. A numeric value; which has been calculated mathematically; is added to data to ensure that original data have not been altered or that an incorrect; but valid match has occurred. This control is effective in detecting transposition and transcription
Compiler
Echo checks
Check digit
Digital certificate
48. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system
Terms of reference
IDS (intrusion detection system)
Output analyzer
Computer-assisted audit technique (CAATs)
49. An authentication protocol; often used by remote-access servers
Master file
Password cracker
TACACS+ (terminal access controller access control system plus)
Monitor
50. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis
Modulation
Standing data
Static analysis
business process integrity
