Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.






2. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.






3. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.






4. The interface between the user and the system






5. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to






6. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes






7. A file format in which the file is divided into multiple subfiles and a directory is established to locate each subfile






8. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates






9. An engagement where management does not make a written assertion about the effectiveness of their control procedures; and the IS auditor provides an opinion about subject matter directly; such as the effectiveness of the control procedures






10. A document which defines the IS audit function's responsibility; authority and accountability






11. A computerized technique of blocking out the display of sensitive information; such as passwords; on a computer terminal or report






12. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996






13. A set of communications protocols that encompasses media access; packet transport; session communications; file transfer; electronic mail; terminal emulation; remote file access and network management. TCP/IP provides the basis for the Internet.






14. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.






15. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules






16. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.






17. To configure a computer or other network device to resist attacks






18. In broadband; multiple channels are formed by dividing the transmission medium into discrete frequency segments. It generally requires the use of a modem.






19. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file






20. A master control program that runs the computer and acts as a scheduler and traffic controller. It is the first program copied into the computer's memory after the computer is turned on and must reside in memory at all times. It is the software that






21. The code used to designate the location of a specific piece of data within computer storage






22. The risk associated with an event when the control is in place to reduce the effect or likelihood of that event being taken into account






23. A standardized body of data created for testing purposes. Users normally establish the data. Base case validates production application systems and tests the ongoing accurate operation of the system.






24. A broad and wide-ranging concept of corporate governance; covering associated organizations such as global strategic alliance partners. (Source: Control Objectives for Enterprise Governance Discussion Document; published by the Information Systems Au






25. The organization providing the outsourced service






26. In open systems architecture; circular routing is the logical path of a message in a communications network based on a series of gates at the physical network layer in the open systems interconnection (OSI) model.






27. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.






28. Integral part of an application system that is designed to identify and report specific transactions or other information based on pre-determined criteria. Identification of reportable items occurs as part of real-time processing. Reporting may be re






29. A process involving the extraction of components from existing systems and restructuring these components to develop new systems or to enhance the efficiency of existing systems. Existing software systems thus can be modernized to prolong their funct






30. A communication network that serves several users within a specified geographic area. It is made up of servers; workstations; a network operating system and a communications link. Personal computer LANs function as distributed processing systems in w






31. The Committee on the Financial Aspects of Corporate Governance; set up in May 1991 by the UK Financial Reporting Council; the London Stock Exchange and the UK accountancy profession; was chaired by Sir Adrian Cadbury and produced a report on the subj






32. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.






33. A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements






34. The rate of transmission for telecommunication data. It is expressed in bits per second (bps).






35. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.






36. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display






37. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be






38. A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster






39. The router at the extreme edge of the network under control; usually connected to an ISP or other service provider; also known as border router






40. The property that data meet with a priority expectation of quality and that the data can be relied upon






41. A collection of related information treated as a unit. Separate fields within the record are used for processing of the information.






42. With respect to security; a special type of virus that does not attach itself to programs; but rather spreads via other methods such as e-mail (also see virus)






43. System flowcharts are graphical representations of the sequence of operations in an information system or program. Information system flowcharts show how data from source documents flow through the computer to final distribution to users. Symbols use






44. Identified by one central processor and databases that form a distributed processing configuration






45. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users






46. Authorized users of a computer system who overstep their legitimate access rights. This category is divided into masqueraders and clandestine users.






47. Unusual or statistically rare






48. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered






49. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.






50. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.