Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu






2. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.






3. The risk that activities will include deliberate circumvention of controls with the intent to conceal the perpetuation of irregularities. The unauthorized use of assets or services and abetting or helping to conceal.






4. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer






5. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.






6. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population






7. Processes certified as supporting a security goal






8. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system






9. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba






10. The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction






11. A level of comfort short of a guarantee but considered adequate given the costs of the control and the likely benefits achieved






12. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.






13. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature






14. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity






15. Any information collection mechanism utilized by an intrusion detection system






16. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.






17. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software






18. Programmed checking of data validity in accordance with predetermined criteria






19. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.






20. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes






21. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od






22. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.






23. General controls which are designed to manage and monitor the IS environment and which; therefore; affect all IS-related activities






24. A device used for combining several lower-speed channels into a higher-speed channel






25. Measure of interconnectivity among software program modules' structure. Coupling depends on the interface complexity between modules. This can be defined as the point at which entry or reference is made to a module; and what data passes across the in






26. An automated detail report of computer system activity






27. A protocol used to transfer files over a TCP/IP network (Internet; UNIX; etc.)






28. The level to which transactions can be traced and audited through a system






29. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.






30. Unauthorized electronic exits; or doorways; out of an authorized computer program into a set of malicious instructions or programs






31. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of






32. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.






33. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for






34. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm






35. A 24-hour; stand-alone mini-bank; located outside branch bank offices or in public places like shopping malls. Through ATMs; clients can make deposits; withdrawals; account inquiries and transfers. Typically; the ATM network is comprised of two spher






36. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no






37. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management






38. A protocol for accessing a secure web server; whereby all data transferred is encrypted






39. Faking the sending address of a transmission in order to gain illegal entry into a secure system






40. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission






41. An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)






42. Checks that data are entered correctly






43. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial






44. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.






45. The rules by which a network operates and controls the flow and priority of transmissions






46. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules






47. Detects line errors by retransmitting data back to the sending device for comparison with the original transmission






48. A testing approach that uses knowledge of a program/module's underlying implementation and code intervals to verify its expected behavior.






49. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;






50. An individual using a terminal; PC or an application can access a network to send an unstructured message to another individual or group of people.