Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Weaknesses in systems that can be exploited in ways that violate security policy
System software
Requirements definition
Latency
Vulnerabilities

2. A journal entry entered at a computer terminal. Manual journal entries can include regular; statistical; inter-company and foreign currency entries
Universal Description; Discovery and Integration (UDDI)
Manual journal entry
Audit program
Normalization

3. A list of retracted certificates
Certificate Revocation List
Project team
Decentralization
Downtime report

4. A hierarchical database that is distributed across the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail servers
DNS (domain name system)
Application maintenance review
Universal Description; Discovery and Integration (UDDI)
Application controls

5. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;
RADIUS
UDP (User Datagram Protocol)
Security management
Logoff

6. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems
Control Objectives for Enterprise Governance
Reverse engineering
Residual risk
Requirements definition

7. The list of rules and/or guidance that is used to analyze event data
Rulebase
Digital signature
File server
Data leakage

8. An approach to system development where the basic unit of attention is an object; which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template ca
Numeric check
Controls (Control procedures)
Object orientation
Independent appearance

9. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint
Posting
Reliable audit evidence
Biometrics
Internet

10. A data transmission service requiring the establishment of a circuit-switched connection before data can be transferred from source data terminal equipment (DTE) to a sink DTE. A circuit-switched data transmission service uses a connection network.
BSP (business service provider)
System flowcharts
Open systems
Circuit-switched network

11. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data
Data owner
Port
Data flow
Audit expert systems

12. An eight-bit code representing 256 characters; used in most large computer systems
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Feasibility study
Uploading
Random access memory (RAM)

13. Changing data with malicious intent before or during input into the system
Synchronous transmission
Audit charter
Virtual private network (VPN)
Data diddling

14. The roles; scope and objectives documented in the service level agreement between management and audit
Reasonableness check
Budget formula
Offsite storage
Audit responsibility

15. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display
Message switching
Tcpdump
Population
Requirements definition

16. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof
Communications controller
Audit expert systems
COBIT
Console log

17. The act of connecting to the computer. It typically requires entry of a user ID and password into a computer terminal.
DNS (domain name system)
Logon
BSP (business service provider)
Database management system (DBMS)

18. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules
Packet filtering
Source code compare programs
Cryptography
Record; screen and report layouts

19. Interface between data terminal equipment and data communications equipment employing serial binary data interchange
RS-232 interface
Dynamic analysis
Anonymity
Reasonableness check

20. Disconnecting from the computer
Virus
Cryptography
Frame relay
Logoff

21. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch
Spanning port
Modulation
Control Objectives for Enterprise Governance
Address space

22. A sampling technique that estimates the amount of overstatement in an account balance
Network hop
System testing
Monetary unit sampling
Internet packet (IP) spoofing

23. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the
Confidentiality
liquidity risk
Dial-back
Cluster controller

24. Files created specifically to record various actions occurring on the system to be monitored; such as failed login attempts; full disk drives and e-mail delivery failures
Threat
Logs/Log file
Outsourcing
DNS (domain name system)

25. A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers
Broadband
Auditability
Virus
Penetration testing

26. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication
Control group
Corrective controls
Fail-over
Man-in-the-middle attack

27. A computer facility that provides data processing services to clients on a continual basis
HTTPS (hyper text transfer protocol secure)
Control group
Source documents
Service bureau

28. A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify if they actually arrive at the destination; not if
Sequence check
UDP (User Datagram Protocol)
Repository
Variable sampling

29. The objectives of management that are used as the framework for developing and implementing controls (control procedures).
Variable sampling
Control objective
Record; screen and report layouts
Data integrity

30. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users
Asynchronous Transfer Mode (ATM)
Static analysis
Point-of-sale systems (POS)
Masqueraders

31. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy
Internal control structure
Internet Inter-ORB Protocol (IIOP)
Token ring topology
RADIUS

32. The practice of eavesdropping on information being transmitted over telecommunications links
Wiretapping
Certificate authority (CA)
Operating system audit trails
Encapsulation (objects)

33. Faking the sending address of a transmission in order to gain illegal entry into a secure system
Indexed sequential file
Man-in-the-middle attack
UDP (User Datagram Protocol)
Spoofing

34. Use of the Internet as a remote delivery channel for banking services. Services include the traditional ones; such as opening an account or transferring funds to different accounts; and new banking services; such as electronic bill presentment and pa
Worm
Decryption key
Internet banking
Validity check

35. A named collection of related records
File
Application security
Arithmetic-logic unit (ALU)
Function point analysis

36. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei
Controls (Control procedures)
Due care
Bus topology
Corporate exchange rate

37. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack
Preventive controls
False positive
Digital certificate
Data communications

38. A resource whose loss will result in the loss of service or production
Promiscuous mode
Single point of failure
COBIT
Token ring topology

39. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload
Variable sampling
Audit sampling
FIN (final)
Active recovery site (mirrored)

40. The proportion of known attacks detected by an intrusion detection system
Access method
Protocol
Coverage
Optical scanner

41. A private key cryptosystem published by the National Bureau of Standards (NBS); the predecessor of the US National Institute of Standards and Technology (NIST). DES has been used commonly for data encryption in the forms of software and hardware impl
Asynchronous Transfer Mode (ATM)
Data Encryption Standard (DES)
Budget hierarchy
Baseband

42. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making
Management information system (MIS)
Multiplexing
Outsourcing
Credit risk

43. Is the risk to earnings or capital arising from movements in interest rates. From an economic perspective; a bank focuses on the sensitivity of the value of its assets; liabilities and revenues to changes in interest rates. Internet banking may attra
Downloading
Monitor
Completeness check
Interest rate risk

44. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.
Latency
Due care
Hyperlink
Utility programs

45. The interface between the user and the system
Shell
Record; screen and report layouts
Computer-assisted audit technique (CAATs)
Network administrator

46. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C
Database replication
Object Management Group (OMG)
Cleartext
Broadband

47. A deficiency in the design or operation of a control procedure. Control weaknesses can potentially result in risks relevant to the area of activity not being reduced to an acceptable level (relevant risks are those that threaten achievement of the ob
Management information system (MIS)
IPSec (Internet protocol security)
Control weakness
Attribute sampling

48. A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Analog signals are used in telecommunications.
Bridge
Log
Analog
Access method

49. Authorized users of a computer system who overstep their legitimate access rights. This category is divided into masqueraders and clandestine users.
Split DNS
Internal penetrators
Transaction
Operator console

50. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups
Control group
Substantive testing
RS-232 interface
X.25