SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level
Uninterruptible power supply (UPS)
Hexadecimal
Point-of-sale systems (POS)
System exit
2. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes
Transaction log
Fourth generation language (4GL)
Discovery sampling
IT governance
3. The consolidation in 1998 of the ''Cadbury;'' ''Greenbury'' and ''Hampel'' Reports. Named after the Committee Chairs; these reports were sponsored by the UK Financial Reporting Council; the London Stock Exchange; the Confederation of British Industry
Spanning port
Packet filtering
Repudiation
Combined Code on Corporate Governance
4. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.
Top-level management
War dialler
Man-in-the-middle attack
Ciphertext
5. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw
Screening routers
Relevant audit evidence
Extensible Markup Language (XML)
Internet banking
6. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs
Executable code
Intranet
Requirements definition
Data communications
7. A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited; the type of work planned; the high level objectives and scope of the work; and topics such as budget; res
Telecommunications
Audit plan
Librarian
External router
8. The primary language used by both application programmers and end users in accessing relational databases
Structured Query Language (SQL)
Credit risk
Decryption
Remote job entry (RJE)
9. A set of protocols developed by the IETF to support the secure exchange of packets
Checkpoint restart procedures
Error
IPSec (Internet protocol security)
Firewall
10. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.
Split DNS
Client-server
System software
Corporate exchange rate
11. A code whose representation is limited to 0 and 1
TCP (transmission control protocol)
Netware
Control weakness
Binary code
12. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator
Screening routers
Unit testing
Monitoring policy
Echo checks
13. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system
Top-level management
Subject matter (Area of activity)
Plaintext
IDS (intrusion detection system)
14. A program designed to detect computer viruses
Addressing
Vaccine
Operator console
Edit controls
15. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'
Technical infrastructure security
Transaction protection
Project sponsor
Rootkit
16. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission
Objectivity
ACK (acknowledgement)
Redundancy check
Third-party review
17. A test to check the system's ability to recover after a software or hardware failure
Whitebox testing
Salami technique
Recovery testing
IPSec (Internet protocol security)
18. The outward impression of being self-governing and free from conflict of interest and undue influence
Independent appearance
Indexed sequential file
Finger
Duplex routing
19. An approach to system development where the basic unit of attention is an object; which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template ca
Terms of reference
Proxy server
Object orientation
Substantive testing
20. A protocol used to transfer files over a TCP/IP network (Internet; UNIX; etc.)
Packet switching
FTP (file transfer protocol)
browser
Security management
21. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population
Run instructions
Risk
Discovery sampling
Recovery time objective (RTO)
22. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action
Passive response
legal risk
Test data
Modem (modulator-demodulator)
23. Integral part of an application system that is designed to identify and report specific transactions or other information based on pre-determined criteria. Identification of reportable items occurs as part of real-time processing. Reporting may be re
Spoofing
Misuse detection
Embedded audit module
Biometric locks
24. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination
Indexed sequential file
Datagram
Taps
Reputational risk
25. An individual who attempts to gain unauthorized access to a computer system
Fiber optic cable
Certificate authority (CA)
Security perimeter
Hacker
26. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.
COCO
Limit check
Polymorphism (objects)
Trust
27. The person responsible for maintaining a LAN and assisting end users
Backup
Service user
Network administrator
Asynchronous Transfer Mode (ATM)
28. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload
Active recovery site (mirrored)
Data integrity
Unit testing
UNIX
29. Testing an application with large quantities of data to evaluate its performance during peak periods. It also is called volume testing.
Parallel simulation
Data leakage
Capacity stress testing
Data-oriented systems development
30. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy
Single point of failure
Audit
Circuit-switched network
Active response
31. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers
Object code
Systems acquisition process
Shell
Optical scanner
32. The current and prospective effect on earnings or capital arising from adverse business decisions; improper implementation of decisions or lack of responsiveness to industry changes.
Rulebase
Strategic risk
Sequence check
Outsourcing
33. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities
Concurrent access
Local loop
Intelligent terminal
Terms of reference
34. A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also; that permits multimedia (graphics) applications on the World Wide Web
Addressing
Brute force
ASP/MSP (application or managed service provider)
browser
35. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and
Optical scanner
Edit controls
Application controls
Pervasive IS controls
36. A series of steps to complete an audit objective
Hypertext
End-user computing
e-commerce
Audit program
37. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.
Digital certification
Continuous auditing approach
Fail-safe
Address space
38. A procedure designed to ensure that no fields are missing from a record
Completeness check
Echo checks
vulnerability
Console log
39. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re
Hardware
ISP (Internet service provider)
Proxy server
Control risk self-assessment
40. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com
Star topology
Point-of-sale systems (POS)
Redundancy check
Netware
41. A special terminal used by computer operations personnel to control computer and systems operations functions. These terminals typically provide a high level of computer access and should be properly secured.
Circuit-switched network
Nonrepudiation
Operator console
Private key cryptosystems
42. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.
Intrusive monitoring
ASCII (American Standard Code for Information Interchange)
File layout
Detection risk
43. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m
price risk
Honey pot
Rotating standby
X.25 interface
44. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.
Record
Default deny policy
Voice mail
Internal control structure
45. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.
Password
Utility programs
Optical scanner
Fault tolerance
46. Detection on the basis of whether the system activity matched that defined as abnormal
Internet banking
Application layer
Anomaly detection
Network
47. A multiuser; multitasking operating system that is used widely as the master control program in workstations and especially servers
Feasibility study
Split data systems
UNIX
Base case
48. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame
Firmware
Extensible Markup Language (XML)
Sufficient audit evidence
Frame relay
49. The amount of time allowed for the recovery of a business function or resource after a disaster occurs
Duplex routing
Strategic risk
Recovery time objective (RTO)
TACACS+ (terminal access controller access control system plus)
50. Risks that could impact the organization's ability to perform business or provide a service. They can be financial; regulatory or control oriented.
Standing data
Business risk
Limit check
Regression testing