Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The amount of time allowed for the recovery of a business function or resource after a disaster occurs






2. A computerized technique of blocking out the display of sensitive information; such as passwords; on a computer terminal or report






3. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is






4. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication






5. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea






6. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context






7. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.






8. Transactions that cannot be denied after the fact






9. A destructive computer program that spreads from computer to computer using a range of methods; including infecting floppy disks and other programs. Viruses typically attach themselves to a program and modify it so that the virus code runs when the p






10. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






11. A master control program that runs the computer and acts as a scheduler and traffic controller. It is the first program copied into the computer's memory after the computer is turned on and must reside in memory at all times. It is the software that






12. The relationships among files in a database and among data items within each file






13. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.






14. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr






15. An individual using a terminal; PC or an application can access a network to send an unstructured message to another individual or group of people.






16. The time it takes a system and network delay to respond. System latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.






17. A web-based version of the traditional phone book's yellow and white pages enabling businesses to be publicly listed in promoting greater e-commerce activities.






18. The transmission of job control language (JCL) and batches of transactions from a remote terminal location






19. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.






20. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.






21. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules






22. Record layouts provide information regarding the type of record; its size and the type of data contained in the record. Screen and report layouts describe what information is provided and necessary for input.






23. Special system software features and utilities that allow the user to perform complex system maintenance. Use of these exits often permits the user to operate outside of the security access control system.






24. The process of converting a digital computer signal into an analog telecommunications signal






25. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service






26. The ability to exercise judgement; express opinions and present recommendations with impartiality






27. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate






28. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is






29. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.






30. A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Analog signals are used in telecommunications.






31. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m






32. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically






33. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.






34. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes






35. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs






36. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.






37. The router at the extreme edge of the network under control; usually connected to an ISP or other service provider; also known as border router






38. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).






39. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.






40. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.






41. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management






42. A document that confirms the client's and the IS auditor's acceptance of a review assignment






43. Comparing the system's performance to other equivalent systems using well defined benchmarks






44. Error control deviations (compliance testing) or misstatements (substantive testing)






45. A process used to identify and evaluate risks and their potential effects






46. Controls that prevent unauthorized access from remote users that attempt to access a secured environment. These controls range from dial-back controls to remote user authentication.






47. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).






48. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical






49. The susceptibility of an audit area to error which could be material; individually or in combination with other errors; assuming that there are no related internal controls






50. The list of rules and/or guidance that is used to analyze event data