Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A system's level of resilience to seamlessly react from hardware and/or software failure
Public key cryptosystem
Fault tolerance
Data dictionary
Enterprise resource planning

2. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it
Proxy server
Fail-safe
Incremental testing
RFC (request for comments)

3. Used to enable remote access to a server computer. Commands typed are run on the remote server.
Irregularities
Datagram
Telnet
Variable sampling

4. A statement of the position within the organization; including lines of reporting and the rights of access
Audit authority
Piggy backing
Rulebase
Signatures

5. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking
Cross-certification
Electronic cash
Parallel testing
Data leakage

6. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.
Point-of-sale systems (POS)
Application system
Job control language (JCL)
Technical infrastructure security

7. The logical language a computer understands
Screening routers
Format checking
Machine language
Network

8. The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risk.
Management information system (MIS)
Error risk
Audit objective
Split data systems

9. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com
Data diddling
Error
Point-of-sale systems (POS)
IDS (intrusion detection system)

10. The act of copying raw data from one place to another with little or no formatting for readability. Usually; dump refers to copying data from main memory to a display screen or a printer. Dumps are useful for diagnosing bugs. After a program fails; o
Memory dump
Exposure
Hyperlink
Rotating standby

11. Character-at-a-time transmission
Image processing
Statistical sampling
Due care
Asynchronous transmission

12. Files; equipment; data and procedures available for use in the event of a failure or loss; if the originals are destroyed or out of service
Public key cryptosystem
Telecommunications
Backup
Application maintenance review

13. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack
Local area network (LAN)
Integrity
Network hop
Worm

14. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
Bus
Fscal year
Modem (modulator-demodulator)
Trust

15. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy
DDoS (distributed denial-of-service) attack
Corrective controls
Internal control structure
UDP (User Datagram Protocol)

16. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy
Trusted processes
Capacity stress testing
Permanent virtual circuit (PVC)
Audit

17. The rules by which a network operates and controls the flow and priority of transmissions
Baud rate
ASP/MSP (application or managed service provider)
Protocol
Card swipes

18. A project management technique used in the planning and control of system projects
Integrity
Active recovery site (mirrored)
Internal storage
Program evaluation and review technique (PERT)

19. Programmed checking of data validity in accordance with predetermined criteria
Validity check
Outsourcing
Asymmetric key (public key)
Rotating standby

20. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.
Default deny policy
Utility software
Unit testing
Continuous auditing approach

21. Compares data to predefined reasonability limits or occurrence rates established for the data.
Reasonableness check
Appearance
Network administrator
Half duplex

22. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim
Systems analysis
Personal identification number (PIN)
Prototyping
Service level agreement (SLA)

23. ATM is a high-bandwidth low-delay switching and multiplexing technology. It is a data link layer protocol. This means that it is a protocol-independent transport mechanism. ATM allows integration of real-time voice and video as well as data. ATM allo
Executable code
FIN (final)
Asynchronous Transfer Mode (ATM)
Spoofing

24. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context
Independence
Materiality
Security testing
Multiplexor

25. The flow of data from the input (in Internet banking; ordinarily user input at his/her desktop) to output (in Internet banking; ordinarily data in a bank's central database). Data flow includes travelling through the communication lines; routers; swi
browser
Offsite storage
Offline files
Data flow

26. The transmission of job control language (JCL) and batches of transactions from a remote terminal location
browser
Remote job entry (RJE)
Security software
Monitor

27. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b
Check digit verification (self-checking digit)
ISP (Internet service provider)
Open systems
Reputational risk

28. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.
Software
Application implementation review
liquidity risk
Web site

29. A common connection point for devices in a network; hubs commonly are used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port; it is copied to the other ports so that all segments of the LAN can see all pac
Local area network (LAN)
Mutual takeover
Hub
Accountability

30. Programs that are used to process live or actual data that were received as input into the production environment.
Independent appearance
Coverage
Production programs
Range check

31. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco
Nonrepudiation
Control section
Privacy
Modem (modulator-demodulator)

32. Auxiliary computer hardware equipment used for input; output and data storage. Examples include disk drives and printers.
Internet
Third-party review
Cold site
Peripherals

33. A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers
Editing
Penetration testing
Accountability
Comparison program

34. A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source
Operating system
Electronic cash
Applet
Audit trail

35. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is
Expert systems
Multiplexing
Trojan horse
File server

36. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries
Wide area network (WAN)
Vulnerability analysis
Netware
Decentralization

37. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates
Anomaly detection
Appearance
Attribute sampling
Certificate authority (CA)

38. Error control deviations (compliance testing) or misstatements (substantive testing)
Error
Operator console
Rounding down
RSA

39. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system
Edit controls
Record
Intrusive monitoring
Business risk

40. The person responsible for maintaining a LAN and assisting end users
Network administrator
Production programs
Token ring topology
Enterprise resource planning

41. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)
Windows NT
Buffer
Residual risk
Application implementation review

42. A manual or automated log of all updates to data files and databases
Hypertext
Transaction log
Packet
Top-level management

43. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an
Untrustworthy host
Registration authority (RA)
Universal Description; Discovery and Integration (UDDI)
Application programming

44. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec
Recovery testing
Privilege
Sampling risk
Executable code

45. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes
Local loop
Data leakage
RSA
Internet

46. System flowcharts are graphical representations of the sequence of operations in an information system or program. Information system flowcharts show how data from source documents flow through the computer to final distribution to users. Symbols use
Substantive testing
System flowcharts
Remote job entry (RJE)
Librarian

47. A type of LAN architecture that utilizes a central controller to which all nodes are directly connected. All transmissions from one station to another pass through the central controller; which is responsible for managing and controlling all communic
Ethernet
Star topology
War dialler
Application acquisition review

48. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.
Spool (simultaneous peripheral operations online)
Trusted systems
Data custodian
RFC (request for comments)

49. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl
Windows NT
Packet switching
Segregation/separation of duties
Foreign exchange risk

50. A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need
Proxy server
Feasibility study
Cross-certification
Dial-in access controls