Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A method of selecting a portion of a population; by means of mathematical calculations and probabilities; for the purpose of making scientifically and mathematically sound inferences regarding the characteristics of the entire population
Statistical sampling
Misuse detection
HTTPS (hyper text transfer protocol secure)
Detailed IS ontrols

2. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research (can be alpha or numeric and usually utilizes a key field)
Sequence check
Internet Inter-ORB Protocol (IIOP)
Hash total
Penetration testing

3. A type of service providing an authentication and accounting system often used for dial-up and remote access security
Application programming
Terms of reference
RADIUS (remote authentication dial-in user service)
Remote procedure calls (RPCs)

4. The use of alphabetic characters or an alphabetic character string
HTTP (hyper text transfer protocol)
Downloading
Alpha
Fscal year

5. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and
Electronic vaulting
Data custodian
Application controls
Data leakage

6. An evaluation of any part of a project to perform maintenance on an application system (e.g.; project management; test plans; user acceptance testing procedures)
Application maintenance review
business process integrity
Performance indicators
Data custodian

7. A protocol for accessing a secure web server; whereby all data transferred is encrypted
HTTPS (hyper text transfer protocol secure)
Cryptography
Compensating control
Operator console

8. Criteria Of Control; published by the Canadian Institute of Chartered Accountants in 1995
Default deny policy
Appearance
Image processing
COCO

9. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto
Financial audit
Useful audit evidence
Continuity
Simple Object Access Protocol (SOAP)

10. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making
Extensible Markup Language (XML)
ASP/MSP (application or managed service provider)
Management information system (MIS)
Finger

11. The act of transferring computerized information from one computer to another computer
Sniffing
Symmetric key encryption
Source lines of code (SLOC)
Downloading

12. Records of system events generated by a specialized operating system mechanism
Cold site
Nonrepudiable trnasactions
Numeric check
Operating system audit trails

13. Universal Description; Discovery and Integration
UDDI
Magnetic ink character recognition (MICR)
Memory dump
Trusted processes

14. A denial-of-service (DoS) assault from multiple sources; see DoS
Audit expert systems
DDoS (distributed denial-of-service) attack
Internet Engineering Task Force (IETF)
Voice mail

15. A protocol used to transmit data securely between two end points to create a VPN
Handprint scanner
Audit authority
PPTP (point-to-point tunneling protocol)
Protocol

16. These controls are designed to correct errors; omissions and unauthorized uses and intrusions; once they are detected.
Risk assessment
Warm-site
Default password
Corrective controls

17. Also known as traditional development; it is a very procedure-focused development cycle with formal sign-off at the completion of each level.
Information processing facility (IPF)
Partitioned file
Audit objective
Waterfall development

18. Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure; more responsive to the customer base and market conditions; while yielding material cost savings. To ree
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
Due professional care
Default deny policy
Business process reengineering (BPR)

19. A fail-over process; which is basically a two-way idle standby: two servers are configured so that both can take over the other node's resource group. Both must have enough CPU power to run both applications with sufficient speed; or performance loss
Web Services Description Language (WSDL)
Mutual takeover
Application program
Useful audit evidence

20. In broadband; multiple channels are formed by dividing the transmission medium into discrete frequency segments. It generally requires the use of a modem.
Security perimeter
Data-oriented systems development
Mutual takeover
Broadband

21. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.
Anomaly
RADIUS (remote authentication dial-in user service)
Ciphertext
Port

22. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.
Decryption
Privilege
Nonrepudiation
Exception reports

23. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules
DNS (domain name system)
Bandwidth
Internet Inter-ORB Protocol (IIOP)
Asymmetric key (public key)

24. Programs that are used to process live or actual data that were received as input into the production environment.
IPSec (Internet protocol security)
Executable code
Production programs
Static analysis

25. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user
Indexed sequential file
Input controls
Cold site
Continuity

26. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules
Broadband
Filtering router
Honey pot
Corporate exchange rate

27. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi
Optical scanner
liquidity risk
Access control
Request for proposal (RFP)

28. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.
Parity check
Data leakage
Application
Bus

29. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))
Web Services Description Language (WSDL)
Batch processing
Local area network (LAN)
Journal entry

30. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups
Control group
Protocol
Substantive testing
Audit objective

31. The code used to designate the location of a specific piece of data within computer storage
Parallel simulation
Brouters
IDS (intrusion detection system)
Address

32. The process of transmitting messages in convenient pieces that can be reassembled at the destination
Packet switching
Operational control
Exposure
Object Management Group (OMG)

33. A named collection of related records
Trusted processes
File
Data integrity
Base case

34. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.
Control group
File server
Telnet
Trojan horse

35. Self-governance and freedom from conflict of interest and undue influence. The IS auditor should be free to make his/her own decisions; not influenced by the organization being audited and its people (managers and employers).
Utility programs
Independence
Symmetric key encryption
Corporate exchange rate

36. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.
Business-to-consumer e-commerce (B2C)
Intrusion detection
Audit
Split DNS

37. A sampling technique that estimates the amount of overstatement in an account balance
Rapid application development
Monetary unit sampling
System narratives
Fiber optic cable

38. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.
Normalization
Application security
Application maintenance review
Allocation entry

39. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.
Default deny policy
Backup
Distributed data processing network
Anonymous File Transfer Protocol (FTP)

40. Checks the accuracy of the results produced by a test run. There are three types of checks that an output analyzer can perform. First; if a standard set of test data and test results exists for a program; the output of a test run after program mainte
Useful audit evidence
Anomaly
Output analyzer
Corrective controls

41. Confidentiality concerns the protection of sensitive information from unauthorized disclosure
Confidentiality
Address space
DoS (denial-of-service) attack
Worm

42. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.
Gateway
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Security software
Allocation entry

43. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Switch
Object code
Downloading
Budget

44. An individual who attempts to gain unauthorized access to a computer system
HTTP (hyper text transfer protocol)
Fraud risk
RS-232 interface
Hacker

45. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an
Generalized audit software
Registration authority (RA)
Public key infrastructure
DDoS (distributed denial-of-service) attack

46. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).
L2TP (Layer 2 tunneling protocol)
DNS (domain name system)
Partitioned file
Service bureau

47. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code
Filtering router
Nonrepudiable trnasactions
Assembler
Application programming

48. A computer facility that provides data processing services to clients on a continual basis
Digital signature
Online data processing
Trap door
Service bureau

49. Data that is not encrypted. Also known as plaintext.
Materiality
Record
Test generators
Cleartext

50. A system that authentically distributes users' public keys using certificates
Administrative controls
Anomaly detection
Firewall
Public key infrastructure