SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem
Data dictionary
Criteria
Audit evidence
Application acquisition review
2. An edit check designed to ensure the data in a particular field is numeric
Numeric check
Compensating control
Value-added network (VAN)
Real-time processing
3. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files
Professional competence
Audit authority
Logical access controls
Service provider
4. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service
Enterprise governance
FTP (file transfer protocol)
Application proxy
Regression testing
5. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.
Antivirus software
End-user computing
Interface testing
Program narratives
6. A system software tool that logs; monitors and directs computer tape usage
Degauss
Tape management system (TMS)
X.25 interface
Private key
7. The rate of transmission for telecommunication data. It is expressed in bits per second (bps).
Baud rate
Run-to-run totals
Protection domain
Hierarchical database
8. Programs that provide assurance that the software being audited is the correct version of the software; by providing a meaningful listing of any discrepancies between the two versions of the program
Source code compare programs
Internal control structure
Compliance testing
Sniffing
9. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.
Pervasive IS controls
LDAP (Lightweight Directory Access Protocol)
Exception reports
Trust
10. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system
Default password
Independence
Private key cryptosystems
Intrusive monitoring
11. A broad and wide-ranging concept of corporate governance; covering associated organizations such as global strategic alliance partners. (Source: Control Objectives for Enterprise Governance Discussion Document; published by the Information Systems Au
Business-to-consumer e-commerce (B2C)
Enterprise governance
Indexed sequential file
Threat
12. The objectives of management that are used as the framework for developing and implementing controls (control procedures).
Computer sequence checking
Abend
Redundancy check
Control objective
13. Unauthorized electronic exits; or doorways; out of an authorized computer program into a set of malicious instructions or programs
Brouters
e-commerce
Data leakage
Trap door
14. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.
ASCII (American Standard Code for Information Interchange)
Capacity stress testing
Field
Application implementation review
15. Record layouts provide information regarding the type of record; its size and the type of data contained in the record. Screen and report layouts describe what information is provided and necessary for input.
Third-party review
Record; screen and report layouts
Default password
Ring topology
16. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities
Foreign exchange risk
Computer-assisted audit technique (CAATs)
Authorization
Fraud risk
17. A version of the Windows operating system that supports preemptive multitasking
Salami technique
Cluster controller
E-mail/interpersonal messaging
Windows NT
18. A utility program that combines several separately compiled modules into one; resolving internal references between them
Access control
Link editor (linkage editor)
Strategic risk
Optical scanner
19. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.
Node
Software
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Unit testing
20. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being
Anonymity
Firmware
Buffer
Base case
21. A permanent connection between hosts in a packet switched network
Application controls
Permanent virtual circuit (PVC)
False positive
Terminal
22. A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source
Rounding down
Audit trail
Detective controls
Batch control
23. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.
Frame relay
Budget formula
Optical scanner
Parity check
24. A type of service providing an authentication and accounting system often used for dial-up and remote access security
RADIUS (remote authentication dial-in user service)
Limit check
Synchronous transmission
Integrated services digital network (ISDN)
25. These controls are designed to correct errors; omissions and unauthorized uses and intrusions; once they are detected.
Expert systems
Web Services Description Language (WSDL)
Corrective controls
Promiscuous mode
26. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is
Optical character recognition
Source code
Microwave transmission
Business-to-consumer e-commerce (B2C)
27. Records of system events generated by a specialized operating system mechanism
Simple Object Access Protocol (SOAP)
Operating system audit trails
Appearance
File layout
28. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.
Checkpoint restart procedures
Vulnerability analysis
Detective controls
Anomaly
29. A computer program or set of programs that perform the processing of records for a specific function
Hash function
Memory dump
Application
Information engineering
30. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.
Network administrator
Application security
Digital signature
Substantive testing
31. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase
Offsite storage
Regression testing
Appearance of independence
Bar case
32. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.
Feasibility study
Assembly language
Address space
Firmware
33. These controls are designed to prevent or restrict an error; omission or unauthorized intrusion.
Terminal
Recovery time objective (RTO)
Downloading
Preventive controls
34. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su
Business impact analysis (BIA)
Synchronous transmission
X.500
Salami technique
35. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for
SYN (synchronize)
Baseband
PPP (point-to-point protocol)
Encryption key
36. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system
Geographic disk mirroring
Spool (simultaneous peripheral operations online)
Private key
Rootkit
37. A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited; the type of work planned; the high level objectives and scope of the work; and topics such as budget; res
Availability
NAT (Network Address Translation)
Audit plan
Terminal
38. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level
Data integrity
Uninterruptible power supply (UPS)
Bus
Computer sequence checking
39. A computer facility that provides data processing services to clients on a continual basis
Service bureau
Management information system (MIS)
Cohesion
Bar code
40. Patterns indicating misuse of a system
Antivirus software
Signatures
Business-to-consumer e-commerce (B2C)
Network hop
41. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco
Modem (modulator-demodulator)
TACACS+ (terminal access controller access control system plus)
price risk
Technical infrastructure security
42. The consolidation in 1998 of the ''Cadbury;'' ''Greenbury'' and ''Hampel'' Reports. Named after the Committee Chairs; these reports were sponsored by the UK Financial Reporting Council; the London Stock Exchange; the Confederation of British Industry
Spoofing
Combined Code on Corporate Governance
Full duplex
Detection risk
43. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack
Audit charter
False positive
Coverage
Netware
44. Behavior adequate to meet the situations occurring during audit work (interviews; meetings; reporting; etc.). The IS auditor should be aware that appearance of independence depends upon the perceptions of others and can be influenced by improper acti
Application programming interface (API)
Prototyping
Taps
Appearance of independence
45. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial
Enterprise resource planning
Access method
Manual journal entry
Object-oriented system development
46. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal
Business-to-consumer e-commerce (B2C)
Arithmetic-logic unit (ALU)
Worm
Real-time processing
47. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.
System software
Criteria
Performance testing
HTTP (hyper text transfer protocol)
48. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o
Open systems
Broadband
Spool (simultaneous peripheral operations online)
Operational audit
49. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes
Data Encryption Standard (DES)
Hierarchical database
Filtering router
Offline files
50. The actions/controls dealing with operational effectiveness; efficiency and adherence to regulations and management policies
File server
Exposure
Polymorphism (objects)
Administrative controls
