Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The relationships among files in a database and among data items within each file






2. A series of steps to complete an audit objective






3. Risks that could impact the organization's ability to perform business or provide a service. They can be financial; regulatory or control oriented.






4. Analysis of the security state of a system or its compromise on the basis of information collected at intervals






5. These controls are designed to correct errors; omissions and unauthorized uses and intrusions; once they are detected.






6. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy






7. A device that is used to authenticate a user; typically in addition to a username and password. It is usually a credit card-sized device that displays a pseudo random number that changes every few minutes.






8. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed






9. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.






10. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems






11. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules






12. Software packages that sequentially dial telephone numbers; recording any numbers that answer






13. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management






14. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim






15. The amount of time allowed for the recovery of a business function or resource after a disaster occurs






16. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development






17. A program that processes actions upon business data; such as data entry; update or query. It contrasts with systems program; such as an operating system or network control program; and with utility programs; such as copy or sort.






18. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac






19. An exception report is generated by a program that identifies transactions or data that appear to be incorrect. These items may be outside a predetermined range or may not conform to specified criteria.






20. An individual who attempts to gain unauthorized access to a computer system






21. Hardware devices; such as asynchronous and synchronous transmissions; that convert between two different types of transmission






22. The central database that stores and organizes data






23. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service






24. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.






25. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas






26. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example






27. A destructive computer program that spreads from computer to computer using a range of methods; including infecting floppy disks and other programs. Viruses typically attach themselves to a program and modify it so that the virus code runs when the p






28. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities






29. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).






30. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances






31. Any information collection mechanism utilized by an intrusion detection system






32. These are the requirements for establishing a database application. They include field definitions; field requirements and reporting requirements for the individual information in the database.






33. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and






34. A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source






35. A programmed edit or routine that detects transposition and transcription errors by calculating and checking the check digit






36. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.






37. Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.






38. Any intentional violation of the security policy of a system






39. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C






40. A collection of computer programs used in the design; processing and control of all applications. The programs and processing routines that control the computer hardware; including the operating system and utility programs. Refers to the operating sy






41. An edit check designed to ensure the data in a particular field is numeric






42. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.






43. An integrated set of computer programs designed to serve a particular function that has specific input; processing and output activities (e.g.; general ledger; manufacturing resource planning; human resource management)






44. Confidentiality concerns the protection of sensitive information from unauthorized disclosure






45. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.






46. Detection on the basis of whether the system activity matched that defined as abnormal






47. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm






48. Used to ensure that input data agree with predetermined criteria stored in a table






49. The boundary defining the scope of control authority for an entity. For example; if a system is within the control perimeter; the right and ability exists to control it in response to an attack.






50. A type of LAN ring topology in which a frame containing a specific format; called the token; is passed from one station to the next around the ring. When a station receives the token; it is allowed to transmit. The station can send as many frames as







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests