Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Software packages that sequentially dial telephone numbers; recording any numbers that answer






2. Confidentiality concerns the protection of sensitive information from unauthorized disclosure






3. A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Analog signals are used in telecommunications.






4. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems






5. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action






6. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be






7. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.






8. A broad and wide-ranging concept of corporate governance; covering associated organizations such as global strategic alliance partners. (Source: Control Objectives for Enterprise Governance Discussion Document; published by the Information Systems Au






9. An attack using packets with the spoofed source Internet packet (IP) addresses. This technique exploits applications that use authentication based on IP addresses. This technique also may enable an unauthorized user to gain root access on the target






10. A computer program or set of programs that perform the processing of records for a specific function






11. These are the requirements for establishing a database application. They include field definitions; field requirements and reporting requirements for the individual information in the database.






12. The transmission of job control language (JCL) and batches of transactions from a remote terminal location






13. A response; in which the system (automatically or in concert with the user) blocks or otherwise affects the progress of a detected attack. The response takes one of three forms--amending the environment; collecting more information or striking back a






14. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul






15. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne






16. A system software tool that logs; monitors and directs computer tape usage






17. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements






18. A third party that provides organizations with a variety of Internet; and Internet-related services






19. A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.






20. A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements






21. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.






22. The act of transferring computerized information from one computer to another computer






23. A financial system that establishes the means for transferring money between suppliers and users of funds; ordinarily by exchanging debits or credits between banks or financial institutions.






24. A level of comfort short of a guarantee but considered adequate given the costs of the control and the likely benefits achieved






25. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.






26. An evaluation of any part of a project to perform maintenance on an application system (e.g.; project management; test plans; user acceptance testing procedures)






27. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.






28. Proven level of ability; often linked to qualifications issued by relevant professional bodies and compliance with their codes of practice and standards






29. Files; equipment; data and procedures available for use in the event of a failure or loss; if the originals are destroyed or out of service






30. The act or function of developing and maintaining applications programs in production






31. A deficiency in the design or operation of a control procedure. Control weaknesses can potentially result in risks relevant to the area of activity not being reduced to an acceptable level (relevant risks are those that threaten achievement of the ob






32. Identified by one central processor and databases that form a distributed processing configuration






33. The physical layout of how computers are linked together. Examples include ring; star and bus.






34. An Internet standard that allows a network to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. The server; providing the NAT service; changes the source address of outgoing packets from the internal






35. Using telecommunications facilities for handling and processing of computerized information






36. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba






37. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996






38. The quality or state of not being named or identified






39. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.






40. A protocol used to transfer files over a TCP/IP network (Internet; UNIX; etc.)






41. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files






42. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to






43. A set of protocols that allow systems to communicate information about the state of services on other systems. It is used; for example; in determining whether systems are up; maximum packet sizes on links; whether a destination host/network/port is a






44. A recovery solution provided by recovery and/or hardware vendors and includes a pre-established contract to deliver hardware resources within a specified number amount of hours after a disaster occurs. This solution usually provides organizations wit






45. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec






46. The rate of transmission for telecommunication data. It is expressed in bits per second (bps).






47. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.






48. The technique used for selecting records in a file; one at a time; for processing; retrieval or storage. The access method is related to; but distinct from; the file organization that determines how the records are stored.






49. To configure a computer or other network device to resist attacks






50. These controls are designed to correct errors; omissions and unauthorized uses and intrusions; once they are detected.