Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The roles; scope and objectives documented in the service level agreement between management and audit
Format checking
Modulation
Multiplexor
Audit responsibility

2. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su
SMTP (Simple Mail Transport Protocol)
Data Encryption Standard (DES)
E-mail/interpersonal messaging
Business impact analysis (BIA)

3. The art of designing; analyzing and attacking cryptographic schemes
Availability
Cluster controller
Cryptography
COSO

4. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).
Central processing unit (CPU)
Filtering router
Accountability
Addressing

5. A destructive computer program that spreads from computer to computer using a range of methods; including infecting floppy disks and other programs. Viruses typically attach themselves to a program and modify it so that the virus code runs when the p
Comparison program
Non-intrusive monitoring
Security software
Virus

6. Self-governance and freedom from conflict of interest and undue influence. The IS auditor should be free to make his/her own decisions; not influenced by the organization being audited and its people (managers and employers).
Independence
Test data
Production programs
Enterprise governance

7. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an
Packet switching
Generalized audit software
Hardware
Systems acquisition process

8. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems
Redo logs
Information engineering
Compiler
Latency

9. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
Third-party review
Web Services Description Language (WSDL)
Procedure
BSP (business service provider)

10. A program written in a portable; platform independent computer language; such as Java. It is usually embedded in an HTML page and then executed by a browser. Applets can only perform a restricted set of operations; thus preventing; or at least minimi
Internal control
Applet
Professional competence
browser

11. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba
Star topology
Simple fail-over
Operational risk
Decentralization

12. A system of storing messages in a private recording medium where the called party can later retrieve the messages
ASP/MSP (application or managed service provider)
Bridge
Internet packet (IP) spoofing
Voice mail

13. The router at the extreme edge of the network under control; usually connected to an ISP or other service provider; also known as border router
Circuit-switched network
External router
Recovery point objective (RPO)—
Split DNS

14. Records of system events generated by a specialized operating system mechanism
Engagement letter
Regression testing
Public key infrastructure
Operating system audit trails

15. A storage facility located away from the building housing the primary information processing facility (IPF); used for storage of computer media such as offline backup data and storage files
Offsite storage
Real-time processing
Spanning port
Certificate authority (CA)

16. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe
Sequential file
Vulnerabilities
Firmware
Cohesion

17. An individual using a terminal; PC or an application can access a network to send an unstructured message to another individual or group of people.
E-mail/interpersonal messaging
Packet switching
BSP (business service provider)
Cold site

18. The current and prospective effect on earnings or capital arising from adverse business decisions; improper implementation of decisions or lack of responsiveness to industry changes.
Attitude
Strategic risk
Log
Third-party review

19. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.
Continuous auditing approach
Credentialed analysis
world wide web (WWW)
Application implementation review

20. A device used for combining several lower-speed channels into a higher-speed channel
Multiplexor
Operational risk
Microwave transmission
Control perimeter

21. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems
Indexed sequential file
Security testing
Posting
Man-in-the-middle attack

22. The transmission of job control language (JCL) and batches of transactions from a remote terminal location
Cold site
RADIUS
Useful audit evidence
Remote job entry (RJE)

23. An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions
Full duplex
Static analysis
Detailed IS ontrols
Compensating control

24. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm
Corporate governance
Token ring topology
Scure socket layer (SSL)
Registration authority (RA)

25. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.
Addressing
Brouters
Real-time analysis
Intelligent terminal

26. A measurement of the point prior to an outage to which data are to be restored
Journal entry
Source code
Private key cryptosystems
Recovery point objective (RPO)—

27. An attack capturing sensitive pieces of information; such as passwords; passing through the network
Link editor (linkage editor)
General computer controls
RSA
Sniffing

28. A software engineering technique whereby an existing application system code can be redesigned and coded using computer-aided software engineering (CASE) technology
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Reverse engineering
Downtime report
Risk assessment

29. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.
Production software
Service bureau
Arithmetic-logic unit (ALU)
Computer-aided software engineering (CASE)

30. The risk of errors occurring in the area being audited
Public key
Error risk
Trusted processes
Bypass label processing (BLP)

31. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of
Random access memory (RAM)
Whitebox testing
Application programming interface (API)
Audit plan

32. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig
Masking
Application proxy
Control perimeter
Fiber optic cable

33. English-like; user friendly; nonprocedural computer languages used to program and/or read and process computer files
Application software tracing and mapping
Fourth generation language (4GL)
Packet filtering
Direct reporting engagement

34. Weaknesses in systems that can be exploited in ways that violate security policy
Certificate authority (CA)
Image processing
Communications controller
Vulnerabilities

35. A computer file storage format in which one record follows another. Records can be accessed sequentially only. It is required with magnetic tape.
Appearance of independence
Sequential file
ISP (Internet service provider)
Source code

36. The quality or state of not being named or identified
Anonymity
Intelligent terminal
Hot site
Logs/Log file

37. Unusual or statistically rare
Spool (simultaneous peripheral operations online)
Real-time processing
Anomaly
Application development review

38. A series of steps to complete an audit objective
Audit program
Signatures
Magnetic card reader
Fraud risk

39. A multiuser; multitasking operating system that is used widely as the master control program in workstations and especially servers
Output analyzer
UNIX
Administrative controls
Magnetic card reader

40. The machine language code that is generally referred to as the object or load module
Executable code
SMTP (Simple Mail Transport Protocol)
Arithmetic-logic unit (ALU)
Indexed sequential file

41. A type of LAN architecture that utilizes a central controller to which all nodes are directly connected. All transmissions from one station to another pass through the central controller; which is responsible for managing and controlling all communic
Object orientation
ACK (acknowledgement)
Honey pot
Star topology

42. The act of transferring computerized information from one computer to another computer
Token
Downloading
Static analysis
Master file

43. A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also; that permits multimedia (graphics) applications on the World Wide Web
Private key cryptosystems
Star topology
Surge suppressor
browser

44. Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities.
Continuous auditing approach
Source documents
Editing
Availability

45. A device for sending and receiving computerized data over transmission lines
Repudiation
Simple fail-over
Electronic data interchange (EDI)
Terminal

46. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity
Concurrent access
Reverse engineering
ICMP (internet control message protocol)
False negative

47. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Access method
Binary code
Reputational risk
Relevant audit evidence

48. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of
Audit evidence
Business process reengineering (BPR)
Virus
browser

49. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an
Untrustworthy host
Digital signature
Run instructions
Baseband

50. A group of computers connected by a communications network; where the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server but it
Application
Client-server
Structured programming
DNS (domain name system)