SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The standard e-mail protocol on the Internet
Biometrics
SMTP (Simple Mail Transport Protocol)
Digital certification
Professional competence
2. Any intentional violation of the security policy of a system
System testing
File layout
Asynchronous transmission
Intrusion
3. The rules by which a network operates and controls the flow and priority of transmissions
Protocol
Packet switching
Enterprise governance
Local loop
4. The current and prospective effect on earnings or capital arising from adverse business decisions; improper implementation of decisions or lack of responsiveness to industry changes.
Firmware
Broadband
Strategic risk
COCO
5. Analysis that is performed in real time or in continuous form
Dynamic analysis
Reputational risk
Fraud risk
Shell
6. Is the risk to earnings or capital arising from movements in interest rates. From an economic perspective; a bank focuses on the sensitivity of the value of its assets; liabilities and revenues to changes in interest rates. Internet banking may attra
Hot site
Authentication
Interest rate risk
Biometrics
7. Range checks ensure that data fall within a predetermined range (also see limit checks).
Internal penetrators
Range check
Handprint scanner
Asynchronous transmission
8. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.
Hierarchical database
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Due care
Rulebase
9. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.
Network hop
Online data processing
Certificate Revocation List
Cluster controller
10. Records of system events generated by a specialized operating system mechanism
External router
Hardware
Electronic vaulting
Operating system audit trails
11. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed
Content filtering
Service user
Voice mail
Batch processing
12. Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network; while denying access from the Internet directly to the private network.
Memory dump
Business impact analysis (BIA)
Magnetic card reader
DMZ (demilitarized zone)
13. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;
External router
Concurrent access
Fail-safe
Card swipes
14. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.
Monitoring policy
Comprehensive audit
Geographic disk mirroring
Inheritance (objects)
15. A statement of the position within the organization; including lines of reporting and the rights of access
Credit risk
Audit authority
Utility programs
Batch processing
16. Devices that perform the functions of both bridges and routers; are called brouters. Naturally; they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones; which
Combined Code on Corporate Governance
COBIT
Dynamic analysis
Brouters
17. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements
Internet packet (IP) spoofing
Systems analysis
ASCII (American Standard Code for Information Interchange)
Parallel testing
18. Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period
System narratives
Compliance testing
Application system
Program flowcharts
19. A flag set in a packet to indicate that this packet is the final data packet of the transmission
Shell
FIN (final)
Uploading
Quick ship
20. A protocol used for transmitting data between two ends of a connection
Computer-assisted audit technique (CAATs)
PPP (point-to-point protocol)
Decision support systems (DSS)
Segregation/separation of duties
21. The act of giving the idea or impression of being or doing something
Generalized audit software
Appearance
Payment system
Business-to-consumer e-commerce (B2C)
22. Risks that could impact the organization's ability to perform business or provide a service. They can be financial; regulatory or control oriented.
Idle standby
Service bureau
Machine language
Business risk
23. A program written in a portable; platform independent computer language; such as Java. It is usually embedded in an HTML page and then executed by a browser. Applets can only perform a restricted set of operations; thus preventing; or at least minimi
Open systems
Applet
Audit program
End-user computing
24. The process of converting a digital computer signal into an analog telecommunications signal
Switch
Application proxy
Posting
Modulation
25. A version of the Windows operating system that supports preemptive multitasking
Passive response
Registration authority (RA)
Initial program load (IPL)
Windows NT
26. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.
Access path
Logon
Smart card
Audit accountability
27. The level of trust with which a system object is imbued
Terms of reference
Personal identification number (PIN)
Privilege
Requirements definition
28. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user
Vulnerability analysis
Prototyping
Cold site
Audit objective
29. The risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Internet banking provides the opportunity for banks to expand their geographic range. Customers can r
Promiscuous mode
Security testing
Credit risk
Appearance of independence
30. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.
TACACS+ (terminal access controller access control system plus)
Machine language
Intelligent terminal
Sufficient audit evidence
31. An exception report is generated by a program that identifies transactions or data that appear to be incorrect. These items may be outside a predetermined range or may not conform to specified criteria.
Exception reports
Virtual private network (VPN)
Assembly language
UNIX
32. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.
Bandwidth
Protocol stack
Reliable audit evidence
System flowcharts
33. The logical language a computer understands
Audit
Machine language
Trojan horse
DDoS (distributed denial-of-service) attack
34. A private key cryptosystem published by the National Bureau of Standards (NBS); the predecessor of the US National Institute of Standards and Technology (NIST). DES has been used commonly for data encryption in the forms of software and hardware impl
Gateway
Authorization
Indexed sequential file
Data Encryption Standard (DES)
35. To record details of information or events in an organized record-keeping system; usually sequenced in the order they occurred
RADIUS (remote authentication dial-in user service)
System narratives
Check digit
Log
36. Source lines of code are often used in deriving single-point software-size estimations.
Source lines of code (SLOC)
Application controls
Assembler
Central processing unit (CPU)
37. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw
Registration authority (RA)
Extensible Markup Language (XML)
Brouters
Asymmetric key (public key)
38. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software
Promiscuous mode
Credit risk
Sniff
Rounding down
39. Those controls that seek to maintain confidentiality; integrity and availability of information
Data security
Teleprocessing
NAT (Network Address Translation)
Residual risk
40. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi
Centralized data processing
Access control
Recovery point objective (RPO)—
Adjusting period
41. In open systems architecture; circular routing is the logical path of a message in a communications network based on a series of gates at the physical network layer in the open systems interconnection (OSI) model.
Circular routing
Appearance
e-commerce
COSO
42. These controls are designed to prevent or restrict an error; omission or unauthorized intrusion.
Preventive controls
Challenge/response token
BSP (business service provider)
Split data systems
43. Record layouts provide information regarding the type of record; its size and the type of data contained in the record. Screen and report layouts describe what information is provided and necessary for input.
Record; screen and report layouts
Due care
Machine language
RADIUS
44. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm
Scure socket layer (SSL)
RADIUS (remote authentication dial-in user service)
Operational control
Procedure
45. Any yearly accounting period without regard to its relationship to a calendar year.
Fscal year
Table look-ups
Bus topology
Controls (Control procedures)
46. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function
Terminal
Concurrent access
Whitebox testing
Communications controller
47. System flowcharts are graphical representations of the sequence of operations in an information system or program. Information system flowcharts show how data from source documents flow through the computer to final distribution to users. Symbols use
Audit risk
Standing data
Accountability
System flowcharts
48. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal
Application program
ICMP (internet control message protocol)
Real-time processing
Digital signature
49. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network
Corrective controls
Node
ASP/MSP (application or managed service provider)
Logs/Log file
50. The practice of eavesdropping on information being transmitted over telecommunications links
Signatures
Local area network (LAN)
Appearance
Wiretapping