Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The organization providing the outsourced service






2. Requiring a great deal of computing power; processor intensive






3. A protocol used to transmit data securely between two end points to create a VPN






4. Weaknesses in systems that can be exploited in ways that violate security policy






5. The primary language used by both application programmers and end users in accessing relational databases






6. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population






7. Analysis that is performed on a continuous basis; with results gained in time to alter the run-time system






8. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display






9. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba






10. The quality or state of not being named or identified






11. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service






12. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.






13. Disconnecting from the computer






14. The rules by which a network operates and controls the flow and priority of transmissions






15. The individual responsible for the safeguard and maintenance of all program and data files






16. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management






17. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.






18. The amount of time allowed for the recovery of a business function or resource after a disaster occurs






19. Used to electronically input; read and interpret information directly from a source document; requires the source document to have specially-coded magnetic ink typeset






20. A series of tests designed to ensure that the modified program interacts correctly with other system components. These test procedures typically are performed by the system maintenance staff in their development library.






21. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of






22. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules






23. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw






24. Those controls that seek to maintain confidentiality; integrity and availability of information






25. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed






26. (remote authentication dial-in user service)






27. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.






28. An interface point between the CPU and a peripheral device






29. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example






30. A device that connects two similar networks together






31. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements






32. Comparing the system's performance to other equivalent systems using well defined benchmarks






33. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system






34. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results






35. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system






36. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy






37. A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify if they actually arrive at the destination; not if






38. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator






39. The risk that an error which could occur in an audit area; and which could be material; individually or in combination with other errors; will not be prevented or detected and corrected on a timely basis by the internal control system






40. The roles; scope and objectives documented in the service level agreement between management and audit






41. The technique used for selecting records in a file; one at a time; for processing; retrieval or storage. The access method is related to; but distinct from; the file organization that determines how the records are stored.






42. Detects transmission errors by appending calculated bits onto the end of each segment of data






43. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.






44. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.






45. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers






46. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.






47. An abnormal end to a computer job; termination of a task prior to its completion because of an error condition that cannot be resolved by recovery facilities while the task is executing






48. A device used for combining several lower-speed channels into a higher-speed channel






49. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.






50. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product