SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer
Active recovery site (mirrored)
Peripherals
Biometrics
Input controls
2. The practice of eavesdropping on information being transmitted over telecommunications links
Wiretapping
Extensible Markup Language (XML)
Base case
Format checking
3. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).
Scure socket layer (SSL)
Mapping
L2TP (Layer 2 tunneling protocol)
Digital signature
4. The act of connecting to the computer. It typically requires entry of a user ID and password into a computer terminal.
FTP (file transfer protocol)
Logon
Digital certificate
Expert systems
5. Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure; more responsive to the customer base and market conditions; while yielding material cost savings. To ree
SMTP (Simple Mail Transport Protocol)
Business process reengineering (BPR)
Penetration testing
Application implementation review
6. The computer room and support areas
Link editor (linkage editor)
Leased lines
Information processing facility (IPF)
Logical access controls
7. An individual using a terminal; PC or an application can access a network to send an unstructured message to another individual or group of people.
E-mail/interpersonal messaging
Independence
Anomaly
Link editor (linkage editor)
8. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.
Security testing
Continuous auditing approach
Hierarchical database
Application
9. (remote authentication dial-in user service)
HTTP (hyper text transfer protocol)
TCP (transmission control protocol)
RADIUS
Harden
10. A standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system.
Generalized audit software
Base case
Hacker
Filtering router
11. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.
Data leakage
Utility software
Electronic signature
Duplex routing
12. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.
Application program
Inheritance (objects)
Range check
Edit controls
13. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.
Real-time analysis
Computer-assisted audit technique (CAATs)
NAT (Network Address Translation)
Warm-site
14. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management
Protocol
Security administrator
Fscal year
File server
15. To configure a computer or other network device to resist attacks
Public key cryptosystem
Data-oriented systems development
Harden
Authentication
16. An eight-digit/seven-bit code representing 128 characters; used in most small computers
ASCII (American Standard Code for Information Interchange)
Hacker
Security perimeter
Default password
17. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas
Ring topology
Computer sequence checking
Network
Operational risk
18. 1) Two or more networks connected by a router 2) The world's largest network using TCP/IP protocols to link government; university and commercial institutions
Internet
Image processing
Internal storage
vulnerability
19. A data recovery strategy that includes a recovery from complete backups that are physically shipped off site once a week. Specifically; logs are batched electronically several times daily; and then loaded into a tape library located at the same facil
Bulk data transfer
Waterfall development
Procedure
Dial-back
20. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea
Cross-certification
Client-server
Data diddling
Tape management system (TMS)
21. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.
Detailed IS ontrols
Data communications
Signatures
Private key cryptosystems
22. The list of rules and/or guidance that is used to analyze event data
Check digit verification (self-checking digit)
Uploading
SYN (synchronize)
Rulebase
23. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently
Arithmetic-logic unit (ALU)
Optical scanner
Data owner
Concurrent access
24. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo
Anonymous File Transfer Protocol (FTP)
Personal identification number (PIN)
X.500
Teleprocessing
25. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))
Blackbox testing
Application acquisition review
Web Services Description Language (WSDL)
Rulebase
26. A top-down technique of designing programs and systems. It makes programs more readable; more reliable and more easily maintained.
Structured programming
Business process reengineering (BPR)
Middleware
Audit responsibility
27. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements
Systems analysis
Independent appearance
Residual risk
Recovery testing
28. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences
Internet
Comparison program
Controls (Control procedures)
Electronic funds transfer (EFT)
29. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;
Format checking
Card swipes
Inherent risk
Hash total
30. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t
SMTP (Simple Mail Transport Protocol)
legal risk
Database specifications
Cathode ray tube (CRT)
31. Disconnecting from the computer
Control perimeter
Logoff
ICMP (internet control message protocol)
Echo checks
32. A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited; the type of work planned; the high level objectives and scope of the work; and topics such as budget; res
Audit plan
Operational control
ACK (acknowledgement)
Firewall
33. A program designed to detect computer viruses
Foreign exchange risk
liquidity risk
Vaccine
RSA
34. A program that translates programming language (source code) into machine executable instructions (object code)
Brute force
Application programming interface (API)
Third-party review
Compiler
35. A computer program or set of programs that perform the processing of records for a specific function
Rounding down
Data-oriented systems development
Compiler
Application
36. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system
Expert systems
False negative
IPSec (Internet protocol security)
Rootkit
37. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.
Benchmark
Integrity
Communications controller
Data-oriented systems development
38. Risks that could impact the organization's ability to perform business or provide a service. They can be financial; regulatory or control oriented.
Business risk
Embedded audit module
Node
Filtering router
39. A debit or credit to a general ledger account. See also manual journal entry.
Privacy
Abend
Journal entry
Protocol
40. An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals
Access control table
Circular routing
Service provider
Engagement letter
41. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.
Handprint scanner
Software
Application software tracing and mapping
Budget hierarchy
42. A fail-over process; which is basically a two-way idle standby: two servers are configured so that both can take over the other node's resource group. Both must have enough CPU power to run both applications with sufficient speed; or performance loss
Credentialed analysis
Application
Mutual takeover
Private key cryptosystems
43. A data transmission service requiring the establishment of a circuit-switched connection before data can be transferred from source data terminal equipment (DTE) to a sink DTE. A circuit-switched data transmission service uses a connection network.
Circuit-switched network
Finger
RFC (request for comments)
Manual journal entry
44. Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer.
Dial-back
Encapsulation (objects)
Recovery time objective (RTO)
Antivirus software
45. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi
Access control
Telnet
Leased lines
Monitoring policy
46. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.
Local area network (LAN)
Integrated test facilities (ITF)
IDS (intrusion detection system)
Project sponsor
47. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.
Reliable audit evidence
Finger
Comprehensive audit
Fraud risk
48. A piece of information; in a digitized form; used to recover the plaintext from the corresponding ciphertext by decryption
Format checking
Encryption
Structured programming
Decryption key
49. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.
Local area network (LAN)
Pervasive IS controls
Abend
Unit testing
50. The process of taking an unencrypted message (plaintext); applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)
Fraud risk
Encryption
Numeric check
Inherent risk