Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. An individual using a terminal; PC or an application can access a network to send an unstructured message to another individual or group of people.
Real-time processing
E-mail/interpersonal messaging
System flowcharts
Privacy

2. A code whose representation is limited to 0 and 1
Binary code
Local loop
Structured programming
Leased lines

3. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat
E-mail/interpersonal messaging
Application acquisition review
Computer server
Bulk data transfer

4. A type of LAN architecture that utilizes a central controller to which all nodes are directly connected. All transmissions from one station to another pass through the central controller; which is responsible for managing and controlling all communic
Star topology
Netware
Confidentiality
Detective controls

5. Checks the accuracy of the results produced by a test run. There are three types of checks that an output analyzer can perform. First; if a standard set of test data and test results exists for a program; the output of a test run after program mainte
Information engineering
Output analyzer
Top-level management
Open systems

6. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b
Intrusive monitoring
Reputational risk
Intelligent terminal
Project team

7. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems
Encryption
Active response
Information engineering
Risk

8. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m
Application system
price risk
Application security
Universal Description; Discovery and Integration (UDDI)

9. Organizations that have no official physical site presence and are made up of diverse geographically dispersed or mobile employees.
Optical character recognition
Intranet
Control section
virtual organizations

10. The logical language a computer understands
Limit check
Baud rate
Machine language
Operational audit

11. A program designed to detect computer viruses
Synchronous transmission
Real-time analysis
Vaccine
Audit program

12. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances
Public key cryptosystem
Due professional care
Database administrator (DBA)
Interface testing

13. An audit designed to determine the accuracy of financial records and information
Edit controls
Private key
Financial audit
Quick ship

14. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis
Computationally greedy
Active recovery site (mirrored)
Static analysis
Exception reports

15. Analysis of the security state of a system or its compromise on the basis of information collected at intervals
Service bureau
Vulnerability analysis
Attribute sampling
Run-to-run totals

16. The organization providing the outsourced service
Service provider
Appearance
Coaxial cable
Reputational risk

17. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)
Local area network (LAN)
False positive
Application implementation review
Budget formula

18. Weaknesses in systems that can be exploited in ways that violate security policy
Hub
Vulnerabilities
Wiretapping
Application implementation review

19. Used to ensure that input data agree with predetermined criteria stored in a table
Table look-ups
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Multiplexor
ACK (acknowledgement)

20. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.
DNS (domain name system)
Uploading
Intelligent terminal
Terms of reference

21. Applications that detect; prevent and possibly remove all known viruses from files located in a microcomputer hard drive
Antivirus software
Database
General computer controls
Default deny policy

22. Detection on the basis of whether the system activity matches that defined as bad
Database
Misuse detection
Checkpoint restart procedures
Project team

23. Criteria Of Control; published by the Canadian Institute of Chartered Accountants in 1995
Preventive controls
Rapid application development
Intrusion detection
COCO

24. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes
Control Objectives for Enterprise Governance
Reliable audit evidence
Baud rate
IT governance

25. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.
Tuple
Piggy backing
UNIX
Nonrepudiable trnasactions

26. An Internet standard that allows a network to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. The server; providing the NAT service; changes the source address of outgoing packets from the internal
Redo logs
NAT (Network Address Translation)
Operational risk
Check digit verification (self-checking digit)

27. Used in data encryption; it uses an encryption key; as a public key; to encrypt the plaintext to the ciphertext. It uses the different decryption key; as a secret key; to decrypt the ciphertext to the corresponding plaintext. In contrast to a private
Reverse engineering
Source code compare programs
Public key cryptosystem
Corrective controls

28. A type of LAN ring topology in which a frame containing a specific format; called the token; is passed from one station to the next around the ring. When a station receives the token; it is allowed to transmit. The station can send as many frames as
Checkpoint restart procedures
Token ring topology
Repository
Completeness check

29. Formal document which defines the IS auditor's responsibility; authority and accountability for a specific assignment
Engagement letter
Passive assault
Voice mail
Circular routing

30. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files
Optical scanner
Logical access controls
Rapid application development
Virtual private network (VPN)

31. General controls which are designed to manage and monitor the IS environment and which; therefore; affect all IS-related activities
Audit program
War dialler
Pervasive IS controls
Downtime report

32. Digital information; such as cleartext; that is intelligible to the reader
Waterfall development
Split DNS
Plaintext
Completeness check

33. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and
Port
Segregation/separation of duties
Anomaly detection
Application controls

34. A level of comfort short of a guarantee but considered adequate given the costs of the control and the likely benefits achieved
Hacker
Reasonable assurance
Personal identification number (PIN)
Privacy

35. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.
Abend
Half duplex
Fail-over
Magnetic ink character recognition (MICR)

36. Files maintained by a system; primarily a database management system; for the purposed of reapplying changes following an error or outage recovery
Redo logs
Antivirus software
Tape management system (TMS)
Promiscuous mode

37. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.
Irregularities
Program narratives
Computer sequence checking
Monitor

38. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed
Confidentiality
Asynchronous Transfer Mode (ATM)
Operational risk
Content filtering

39. The main memory of the computer's central processing unit
Verification
Internal storage
Log
Bandwidth

40. The organization using the outsourced service
Service user
X.25 interface
FTP (file transfer protocol)
Business impact analysis (BIA)

41. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.
Application system
Distributed data processing network
Audit objective
IP (Internet protocol)

42. A special terminal used by computer operations personnel to control computer and systems operations functions. These terminals typically provide a high level of computer access and should be properly secured.
Concurrent access
Token
Handprint scanner
Operator console

43. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.
Assembly language
Public key
Leased lines
Protocol stack

44. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development
Assembly language
Compensating control
BSP (business service provider)
Application implementation review

45. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange
Audit trail
Telecommunications
Redundancy check
Application system

46. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.
Audit responsibility
Editing
System narratives
Computer sequence checking

47. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack
Logoff
Network hop
Concurrent access
DMZ (demilitarized zone)

48. A telecommunications carrier's facilities in a local area in which service is provided where local service is switched to long distance
Central office (CO)
Database specifications
Redo logs
Application software tracing and mapping

49. Faking the sending address of a transmission in order to gain illegal entry into a secure system
Modulation
Rootkit
Completeness check
Spoofing

50. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically
Field
Duplex routing
Judgment sampling
Service user