Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Program flowcharts show the sequence of instructions in a single program or subroutine. The symbols used should be the internationally accepted standard. Program flowcharts should be updated when necessary.






2. An individual or department responsible for the security and information classification of the shared data stored on a database system. This responsibility includes the design; definition and maintenance of the database.






3. A utility program that combines several separately compiled modules into one; resolving internal references between them






4. A method of selecting a portion of a population; by means of mathematical calculations and probabilities; for the purpose of making scientifically and mathematically sound inferences regarding the characteristics of the entire population






5. A data communication network that adds processing services such as error correction; data translation and/or storage to the basic function of transporting data






6. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all






7. A small electronic device that contains electronic memory; and possibly an embedded integrated circuit. It can be used for a number of purposes including the storage of digital certificates or digital cash; or it can be used as a token to authenticat






8. Asoftware testing technique whereby the internal workings of the item being tested are not known by the tester. For example - in a black box test on a software design the tester only knows the inputs and what the expected outcomes should be and not h






9. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network






10. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical






11. A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also; that permits multimedia (graphics) applications on the World Wide Web






12. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)






13. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw






14. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).






15. A protocol used to transfer files over a TCP/IP network (Internet; UNIX; etc.)






16. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim






17. The elimination of redundant data






18. A resource whose loss will result in the loss of service or production






19. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.






20. Detects line errors by retransmitting data back to the sending device for comparison with the original transmission






21. Character-at-a-time transmission






22. A code whose representation is limited to 0 and 1






23. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig






24. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display






25. Interface between data terminal equipment and data communications equipment employing serial binary data interchange






26. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements






27. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions






28. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.






29. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development






30. The organization providing the outsourced service






31. The area of the system that the intrusion detection system is meant to monitor and protect






32. The level of trust with which a system object is imbued






33. A methodology that enables organisations to develop strategically important systems faster; while reducing development costs and maintaining quality by using a series of proven application development techniques; within a well-defined methodology.






34. A financial system that establishes the means for transferring money between suppliers and users of funds; ordinarily by exchanging debits or credits between banks or financial institutions.






35. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl






36. System narratives provide an overview explanation of system flowcharts; with explanation of key control points and system interfaces.






37. The boundary defining the scope of control authority for an entity. For example; if a system is within the control perimeter; the right and ability exists to control it in response to an attack.






38. An individual who attempts to gain unauthorized access to a computer system






39. A document which defines the IS audit function's responsibility; authority and accountability






40. The rules by which a network operates and controls the flow and priority of transmissions






41. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur






42. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure






43. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.






44. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.






45. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.






46. The risk associated with an event when the control is in place to reduce the effect or likelihood of that event being taken into account






47. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.






48. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities






49. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu






50. Transactions that cannot be denied after the fact