Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac
Voice mail
Adjusting period
FIN (final)
Data integrity

2. Any yearly accounting period without regard to its relationship to a calendar year.
ICMP (internet control message protocol)
Fscal year
Intranet
Criteria

3. Weaknesses in systems that can be exploited in ways that violate security policy
Hot site
Remote job entry (RJE)
Vulnerabilities
Symmetric key encryption

4. Devices that perform the functions of both bridges and routers; are called brouters. Naturally; they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones; which
Addressing
Database
Brouters
Useful audit evidence

5. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.
Hypertext
Anonymity
Gateway
Smart card

6. In open systems architecture; circular routing is the logical path of a message in a communications network based on a series of gates at the physical network layer in the open systems interconnection (OSI) model.
Recovery time objective (RTO)
Internet Engineering Task Force (IETF)
Latency
Circular routing

7. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity
False negative
Object Management Group (OMG)
Check digit
Sequential file

8. Programmed checking of data validity in accordance with predetermined criteria
Offsite storage
Validity check
Utility programs
Addressing

9. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack
Range check
Network hop
Reengineering
Financial audit

10. A version of the Windows operating system that supports preemptive multitasking
Passive response
Output analyzer
Wide area network (WAN)
Windows NT

11. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates
Certificate authority (CA)
Dynamic analysis
Network hop
Trusted processes

12. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas
Ring topology
Security perimeter
Batch processing
Bandwidth

13. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.
Error
Hyperlink
Teleprocessing
Fscal year

14. The act of copying raw data from one place to another with little or no formatting for readability. Usually; dump refers to copying data from main memory to a display screen or a printer. Dumps are useful for diagnosing bugs. After a program fails; o
Payment system
Real-time analysis
Real-time processing
Memory dump

15. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).
Run-to-run totals
Sniffing
L2TP (Layer 2 tunneling protocol)
Request for proposal (RFP)

16. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code
Assembler
Security management
Spanning port
System narratives

17. The Committee on the Financial Aspects of Corporate Governance; set up in May 1991 by the UK Financial Reporting Council; the London Stock Exchange and the UK accountancy profession; was chaired by Sir Adrian Cadbury and produced a report on the subj
Firmware
Cadbury
PPP (point-to-point protocol)
Private key cryptosystems

18. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d
Static analysis
Integrated services digital network (ISDN)
Sequence check
Downloading

19. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
Pervasive IS controls
Format checking
Trust
Audit trail

20. A process used to identify and evaluate risks and their potential effects
Hash function
Transaction log
Microwave transmission
Risk assessment

21. An edit check designed to ensure the data in a particular field is numeric
Biometrics
Numeric check
Downtime report
Challenge/response token

22. A list of retracted certificates
Certificate Revocation List
Operating system
Screening routers
Decentralization

23. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.
Judgment sampling
Proxy server
Internet Inter-ORB Protocol (IIOP)
Detailed IS ontrols

24. The outward impression of being self-governing and free from conflict of interest and undue influence
Real-time processing
Independent appearance
Direct reporting engagement
Source lines of code (SLOC)

25. An approach to system development where the basic unit of attention is an object; which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template ca
Fiber optic cable
X.500
Enterprise resource planning
Object orientation

26. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv
Direct reporting engagement
Downloading
Electronic data interchange (EDI)
Web page

27. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.
Taps
False positive
PPP (point-to-point protocol)
Digital certificate

28. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.
HTTPS (hyper text transfer protocol secure)
Prototyping
Batch processing
Application program

29. A sampling technique used to estimate the average or total value of a population based on a sample; a statistical model used to project a quantitative characteristic; such as a dollar amount
Logoff
Integrity
Variable sampling
Detailed IS ontrols

30. A disk access method that stores data sequentially; while also maintaining an index of key fields to all the records in the file for direct access capability
Indexed sequential access method (ISAM)
Administrative controls
Assembler
Switch

31. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).
Foreign exchange risk
Addressing
Structured Query Language (SQL)
Bus topology

32. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an
Symmetric key encryption
price risk
Control weakness
Untrustworthy host

33. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making
Management information system (MIS)
HTTPS (hyper text transfer protocol secure)
Computer server
Address space

34. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently
False negative
Audit
Concurrent access
Magnetic card reader

35. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.
Feasibility study
E-mail/interpersonal messaging
Data analysis
Distributed data processing network

36. The transfer of service from an incapacitated primary component to its backup component
Fail-over
Feasibility study
Electronic vaulting
Due care

37. A device used for combining several lower-speed channels into a higher-speed channel
Outsourcing
Symmetric key encryption
Multiplexor
Firmware

38. Error control deviations (compliance testing) or misstatements (substantive testing)
DMZ (demilitarized zone)
Bus
Job control language (JCL)
Error

39. These controls are designed to correct errors; omissions and unauthorized uses and intrusions; once they are detected.
RADIUS (remote authentication dial-in user service)
IDS (intrusion detection system)
Assembly language
Corrective controls

40. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996
Security policy
COBIT
Access path
Control weakness

41. The portion of a security policy that states the general process that will be performed to accomplish a security goal
Procedure
Personal identification number (PIN)
Subject matter (Area of activity)
Audit sampling

42. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software
Management information system (MIS)
Recovery point objective (RPO)—
Cryptography
Sniff

43. A formal agreement with a third party to perform an IS function for an organization
Vulnerabilities
Antivirus software
Outsourcing
Trojan horse

44. Hardware devices; such as asynchronous and synchronous transmissions; that convert between two different types of transmission
Protocol converter
Operational control
Detailed IS ontrols
e-commerce

45. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.
Cryptography
Reliable audit evidence
Normalization
Screening routers

46. These controls are designed to prevent or restrict an error; omission or unauthorized intrusion.
File layout
Source lines of code (SLOC)
Detailed IS ontrols
Preventive controls

47. The level to which transactions can be traced and audited through a system
ASCII (American Standard Code for Information Interchange)
Default password
Auditability
Screening routers

48. A system software tool that logs; monitors and directs computer tape usage
Uploading
System narratives
Reputational risk
Tape management system (TMS)

49. To record details of information or events in an organized record-keeping system; usually sequenced in the order they occurred
Data dictionary
Table look-ups
Security testing
Log

50. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service
Active recovery site (mirrored)
Extensible Markup Language (XML)
Remote job entry (RJE)
Point-of-presence (POP)