Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period






2. A sampling technique that estimates the amount of overstatement in an account balance






3. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data






4. The use of alphabetic characters or an alphabetic character string






5. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an






6. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities






7. The act of transferring computerized information from one computer to another computer






8. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.






9. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame






10. Standard that defines how global directories should be structured. X.500 directories are hierarchical with different levels for each category of information; such as country; state and city.






11. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system






12. A project management technique used in the planning and control of system projects






13. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed






14. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.






15. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.






16. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack






17. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission






18. Devices that perform the functions of both bridges and routers; are called brouters. Naturally; they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones; which






19. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide






20. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer






21. Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure; more responsive to the customer base and market conditions; while yielding material cost savings. To ree






22. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig






23. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period






24. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti






25. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo






26. A telecommunications carrier's facilities in a local area in which service is provided where local service is switched to long distance






27. Used to electronically scan and input written information from a source document






28. A protocol used to transmit data securely between two end points to create a VPN






29. Detects line errors by retransmitting data back to the sending device for comparison with the original transmission






30. A system development technique that enables users and developers to reach agreement on system requirements. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphas






31. A method used in the information processing facility (IPF) to determine and establish the sequence of computer job processing






32. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator






33. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.






34. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code






35. A group of computers connected by a communications network; where the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server but it






36. The process of monitoring the events occurring in a computer system or network; detecting signs of security problems






37. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results






38. An edit check designed to ensure the data in a particular field is numeric






39. Source lines of code are often used in deriving single-point software-size estimations.






40. A program that processes actions upon business data; such as data entry; update or query. It contrasts with systems program; such as an operating system or network control program; and with utility programs; such as copy or sort.






41. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec






42. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o






43. The risk that activities will include deliberate circumvention of controls with the intent to conceal the perpetuation of irregularities. The unauthorized use of assets or services and abetting or helping to conceal.






44. A formal agreement with a third party to perform an IS function for an organization






45. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research






46. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.






47. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.






48. A type of LAN ring topology in which a frame containing a specific format; called the token; is passed from one station to the next around the ring. When a station receives the token; it is allowed to transmit. The station can send as many frames as






49. A language; which enables electronic documents that present information that can be connected together by links instead of being presented sequentially; as is the case with normal text.






50. Polymorphism refers to database structures that send the same command to different child objects that can produce different results depending on their family hierarchical tree structure.