Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi






2. Business events or information grouped together because they have a single or similar purpose. Typically; a transaction is applied to a calculation or event that then results in the updating of a holding or master file.






3. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr






4. Impartial point of view which allows the IS auditor to act objectively and with fairness






5. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination






6. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.






7. Weaknesses in systems that can be exploited in ways that violate security policy






8. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period






9. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint






10. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.






11. The risk of giving an incorrect audit opinion






12. The interface between the user and the system






13. The act or function of developing and maintaining applications programs in production






14. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy






15. A program designed to detect computer viruses






16. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.






17. A storage facility located away from the building housing the primary information processing facility (IPF); used for storage of computer media such as offline backup data and storage files






18. A specially configured server; designed to attract intruders so that their actions do not affect production systems; also known as a decoy server






19. A journal entry entered at a computer terminal. Manual journal entries can include regular; statistical; inter-company and foreign currency entries






20. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file






21. To configure a computer or other network device to resist attacks






22. The ability of end users to design and implement their own information system utilizing computer software products






23. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.






24. The machine language code that is generally referred to as the object or load module






25. A piece of information; in a digitized form; used to recover the plaintext from the corresponding ciphertext by decryption






26. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the






27. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b






28. Data that is not encrypted. Also known as plaintext.






29. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function






30. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users






31. Faking the sending address of a transmission in order to gain illegal entry into a secure system






32. An individual who attempts to gain unauthorized access to a computer system






33. ATM is a high-bandwidth low-delay switching and multiplexing technology. It is a data link layer protocol. This means that it is a protocol-independent transport mechanism. ATM allows integration of real-time voice and video as well as data. ATM allo






34. Special system software features and utilities that allow the user to perform complex system maintenance. Use of these exits often permits the user to operate outside of the security access control system.






35. Provide verification that all transmitted data are read and processed






36. An approach to system development where the basic unit of attention is an object; which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template ca






37. The Committee on the Financial Aspects of Corporate Governance; set up in May 1991 by the UK Financial Reporting Council; the London Stock Exchange and the UK accountancy profession; was chaired by Sir Adrian Cadbury and produced a report on the subj






38. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.






39. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o






40. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.






41. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain






42. Programs that are tested and evaluated before approval into the production environment. Test programs; through a series of change control moves; migrate from the test environment to the production environment and become production programs.






43. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat






44. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.






45. A web-based version of the traditional phone book's yellow and white pages enabling businesses to be publicly listed in promoting greater e-commerce activities.






46. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.






47. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;






48. A program that processes actions upon business data; such as data entry; update or query. It contrasts with systems program; such as an operating system or network control program; and with utility programs; such as copy or sort.






49. Diligence which a person would exercise under a given set of circumstances






50. A series of steps to complete an audit objective







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests