Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The machine language code that is generally referred to as the object or load module
Plaintext
Executable code
Split data systems
Judgment sampling

2. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.
Idle standby
Risk
Passive assault
Intelligent terminal

3. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files
Logical access controls
Data leakage
System testing
Masking

4. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat
Audit evidence
Protocol converter
Control objective
Application acquisition review

5. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level
World Wide Web Consortium (W3C)
Internal storage
Operational control
Uninterruptible power supply (UPS)

6. A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster
Logs/Log file
Network hop
Record; screen and report layouts
Hot site

7. Unusual or statistically rare
Public key infrastructure
Anomaly
Run-to-run totals
UDDI

8. A formal agreement with a third party to perform an IS function for an organization
Promiscuous mode
Security administrator
Indexed sequential access method (ISAM)
Outsourcing

9. Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the ca
Dial-back
Comprehensive audit
Assembler
Coverage

10. Those controls that seek to maintain confidentiality; integrity and availability of information
Noise
Redundancy check
Data security
Payment system

11. Business events or information grouped together because they have a single or similar purpose. Typically; a transaction is applied to a calculation or event that then results in the updating of a holding or master file.
Digital signature
Active recovery site (mirrored)
Transaction
Web page

12. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.
Optical scanner
Intranet
RADIUS
Harden

13. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system
Logoff
Database replication
RFC (request for comments)
Password

14. Any intentional violation of the security policy of a system
Database specifications
Client-server
Intrusion
Dial-in access controls

15. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer
Applet
RADIUS
Input controls
Auditability

16. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication
Reputational risk
Blackbox testing
Subject matter (Area of activity)
Man-in-the-middle attack

17. Used to enable remote access to a server computer. Commands typed are run on the remote server.
Electronic data interchange (EDI)
Credentialed analysis
Telnet
Ciphertext

18. A program that translates programming language (source code) into machine executable instructions (object code)
Log
Completeness check
Middleware
Compiler

19. Detection on the basis of whether the system activity matches that defined as bad
Range check
Misuse detection
Audit evidence
Third-party review

20. Computer hardware that houses the electronic circuits that control/direct all operations of the computer system
DNS (domain name system)
Partitioned file
Central processing unit (CPU)
Corporate governance

21. A testing approach that uses knowledge of a program/module's underlying implementation and code intervals to verify its expected behavior.
Geographic disk mirroring
Backup
Whitebox testing
Performance testing

22. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.
Untrustworthy host
Computer-aided software engineering (CASE)
Netware
Online data processing

23. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data
Duplex routing
Recovery time objective (RTO)
Utility programs
Data owner

24. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.
Half duplex
Credit risk
Attribute sampling
Record

25. A protocol and program that allows the remote identification of users logged into a system
Finger
Token ring topology
Internet Engineering Task Force (IETF)
Encryption key

26. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Logs/Log file
Piggy backing
Detection risk

27. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules
Filtering router
RFC (request for comments)
Inherent risk
L2F (Layer 2 forwarding)

28. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all
Baud rate
Honey pot
L2TP (Layer 2 tunneling protocol)
Criteria

29. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
Online data processing
Production software
Third-party review
Extended Binary-coded Decimal Interchange Code (EBCDIC)

30. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo
Client-server
Virus
Anonymous File Transfer Protocol (FTP)
Edit controls

31. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes
Executable code
Monitor
Data leakage
Whitebox testing

32. Defined minimum performance measures at or above which the service delivered is considered acceptable
Warm-site
Service level agreement (SLA)
Operational control
Internal storage

33. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file
Certificate Revocation List
Criteria
Access rights
Format checking

34. A group of items that is waiting to be serviced or processed
Transaction protection
Operating system
Queue
Hierarchical database

35. The process of monitoring the events occurring in a computer system or network; detecting signs of security problems
Software
Cluster controller
Intrusion detection
Computer-assisted audit technique (CAATs)

36. A system of interconnected computers and the communications equipment used to connect them
Intrusive monitoring
Data analysis
Network
Procedure

37. A process involving the extraction of components from existing systems and restructuring these components to develop new systems or to enhance the efficiency of existing systems. Existing software systems thus can be modernized to prolong their funct
Intrusion detection
Redundancy check
Reengineering
Passive response

38. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.
Corporate exchange rate
Frame relay
Cadbury
Data leakage

39. The area of the central processing unit that performs mathematical and analytical operations
Program evaluation and review technique (PERT)
Arithmetic-logic unit (ALU)
Rotating standby
Regression testing

40. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.
SMTP (Simple Mail Transport Protocol)
Budget formula
Coaxial cable
Digital signature

41. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels
Data communications
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Uninterruptible power supply (UPS)
Audit accountability

42. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim
ISP (Internet service provider)
Personal identification number (PIN)
Dial-in access controls
COBIT

43. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department
world wide web (WWW)
Modulation
Operational audit
Tuple

44. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development
Data communications
BSP (business service provider)
Cohesion
Source lines of code (SLOC)

45. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.
Fault tolerance
Transaction log
Active response
Electronic funds transfer (EFT)

46. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.
Non-intrusive monitoring
Control group
vulnerability
Point-of-presence (POP)

47. A program that processes actions upon business data; such as data entry; update or query. It contrasts with systems program; such as an operating system or network control program; and with utility programs; such as copy or sort.
Exposure
Application program
Detailed IS ontrols
Internal control

48. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries
Wide area network (WAN)
Comprehensive audit
Integrity
Worm

49. Used in data encryption; it uses a secret key to encrypt the plaintext to the ciphertext. It also uses the same key to decrypt the ciphertext to the corresponding plaintext. In this case; the key is symmetric such that the encryption key is equivalen
Input controls
Private key cryptosystems
Integrated services digital network (ISDN)
Integrated test facilities (ITF)

50. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code
Central processing unit (CPU)
Internal control
Error risk
Assembler