Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the ca






2. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical






3. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances






4. The process of creating and managing duplicate versions of a database. Replication not only copies a database but also synchronizes a set of replicas so that changes made to one replica are reflected in all the others. The beauty of replication is th






5. A communication network that serves several users within a specified geographic area. It is made up of servers; workstations; a network operating system and a communications link. Personal computer LANs function as distributed processing systems in w






6. A sub-network of the Internet through which information is exchanged by text; graphics; audio and video.






7. The relationships among files in a database and among data items within each file






8. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes






9. The portion of a security policy that states the general process that will be performed to accomplish a security goal






10. A system of storing messages in a private recording medium where the called party can later retrieve the messages






11. A method of selecting a portion of a population; by means of mathematical calculations and probabilities; for the purpose of making scientifically and mathematically sound inferences regarding the characteristics of the entire population






12. Used to electronically input; read and interpret information directly from a source document; requires the source document to have specially-coded magnetic ink typeset






13. An exception report is generated by a program that identifies transactions or data that appear to be incorrect. These items may be outside a predetermined range or may not conform to specified criteria.






14. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.






15. A programmed edit or routine that detects transposition and transcription errors by calculating and checking the check digit






16. The ability of end users to design and implement their own information system utilizing computer software products






17. A named collection of related records






18. A system of interconnected computers and the communications equipment used to connect them






19. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;






20. Unusual or statistically rare






21. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems






22. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus






23. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.






24. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain






25. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems






26. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.






27. A computer file storage format in which one record follows another. Records can be accessed sequentially only. It is required with magnetic tape.






28. A networking device that can send (route) data packets from one local area network (LAN) or wide area network (WAN) to another; based on addressing at the network layer (Layer 3) in the OSI model. Networks connected by routers can use different or si






29. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it






30. Programmed checking of data validity in accordance with predetermined criteria






31. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity






32. In broadband; multiple channels are formed by dividing the transmission medium into discrete frequency segments. It generally requires the use of a modem.






33. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t






34. The actions/controls dealing with operational effectiveness; efficiency and adherence to regulations and management policies






35. A third party that provides organizations with a variety of Internet; and Internet-related services






36. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.






37. Defined minimum performance measures at or above which the service delivered is considered acceptable






38. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.






39. The information an auditor gathers in the course of performing an IS audit. Evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






40. A device that connects two similar networks together






41. The main memory of the computer's central processing unit






42. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti






43. Data unit that is routed from source to destination in a packet-switched network. A packet contains both routing information and data. Transmission control protocol/Internet protocol (TCP/IP) is such a packet-switched network.






44. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period






45. The act of giving the idea or impression of being or doing something






46. These are the requirements for establishing a database application. They include field definitions; field requirements and reporting requirements for the individual information in the database.






47. Devices that perform the functions of both bridges and routers; are called brouters. Naturally; they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones; which






48. The process of actually entering transactions into computerized or manual files. Such transactions might immediately update the master files or may result in memo posting; in which the transactions are accumulated over a period of time; then applied






49. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei






50. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.