Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.
Audit trail
Credit risk
Non-intrusive monitoring
Web site

2. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o
Abend
Open systems
Engagement letter
Digital certificate

3. The process of determining what types of activities are permitted. Ordinarily; authorisation is in the context of authentication: once you have authenticated a user; he/she may be authorised to perform different types of access or activity
Audit sampling
Authorization
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
Financial audit

4. A resource whose loss will result in the loss of service or production
Broadband
Financial audit
Decentralization
Single point of failure

5. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.
Structured programming
Service user
Hexadecimal
Default deny policy

6. A popular network protocol and cabling scheme that uses a bus topology and CSMA/CD (carrier sense multiple access/collision detection) to prevent network failures or collisions when two devices try to access the network at the same time
Magnetic card reader
Node
Ethernet
Normalization

7. Special system software features and utilities that allow the user to perform complex system maintenance. Use of these exits often permits the user to operate outside of the security access control system.
TACACS+ (terminal access controller access control system plus)
System exit
Third-party review
Application acquisition review

8. The ability to map a given activity or event back to the responsible party
COSO
Tape management system (TMS)
Accountability
Challenge/response token

9. Comparing the system's performance to other equivalent systems using well defined benchmarks
Feasibility study
Base case
Performance testing
Masking

10. Computer hardware that houses the electronic circuits that control/direct all operations of the computer system
Baud rate
Central processing unit (CPU)
Batch control
Ring topology

11. The organization providing the outsourced service
Application
Privilege
Partitioned file
Service provider

12. To record details of information or events in an organized record-keeping system; usually sequenced in the order they occurred
Privacy
Sniff
Systems acquisition process
Log

13. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.
Residual risk
Input controls
Online data processing
Broadband

14. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)
Downloading
Service provider
Echo checks
Duplex routing

15. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio
Coaxial cable
Regression testing
Batch control
Encryption

16. An eight-digit/seven-bit code representing 128 characters; used in most small computers
Modulation
ASCII (American Standard Code for Information Interchange)
Decentralization
Bypass label processing (BLP)

17. The property that data meet with a priority expectation of quality and that the data can be relied upon
Control weakness
Bulk data transfer
Data integrity
Passive response

18. A response; in which the system (automatically or in concert with the user) blocks or otherwise affects the progress of a detected attack. The response takes one of three forms--amending the environment; collecting more information or striking back a
Audit trail
Active response
Strategic risk
Incremental testing

19. A programmed edit or routine that detects transposition and transcription errors by calculating and checking the check digit
Reasonableness check
Bridge
Application programming interface (API)
Check digit verification (self-checking digit)

20. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service
Useful audit evidence
Token
Job control language (JCL)
Point-of-presence (POP)

21. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it
Reverse engineering
Run-to-run totals
Vaccine
Fail-safe

22. A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements
Rulebase
Audit
Exception reports
Database

23. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.
Recovery point objective (RPO)—
Waterfall development
Ciphertext
Half duplex

24. A list of retracted certificates
Anonymity
Bar case
Certificate Revocation List
Batch control

25. The computer room and support areas
Information processing facility (IPF)
Value-added network (VAN)
Cryptography
Attitude

26. A data recovery strategy that takes a set of physically disparate disks and synchronously mirrors them over high performance communication lines. Any write to a disk on one side will result in a write on the other. The local write will not return unt
liquidity risk
Bridge
Geographic disk mirroring
Run instructions

27. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links
Application development review
Assembly language
Data communications
X.25 interface

28. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the
liquidity risk
Terminal
HTTPS (hyper text transfer protocol secure)
Application software tracing and mapping

29. Disconnecting from the computer
Cadbury
UNIX
Data owner
Logoff

30. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei
Bus topology
Logical access controls
Analog
Corporate governance

31. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Interface testing
BSP (business service provider)
Application acquisition review
Object code

32. A statement of the position within the organization; including lines of reporting and the rights of access
HTTPS (hyper text transfer protocol secure)
Network hop
Datagram
Audit authority

33. Way of thinking; behaving; feeling; etc.
Cleartext
Binary code
Cohesion
Attitude

34. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw
System exit
TCP (transmission control protocol)
DMZ (demilitarized zone)
Extensible Markup Language (XML)

35. In broadband; multiple channels are formed by dividing the transmission medium into discrete frequency segments. It generally requires the use of a modem.
Asynchronous transmission
Statistical sampling
Broadband
Nonrepudiation

36. The individual responsible for the safeguard and maintenance of all program and data files
Service level agreement (SLA)
Corrective controls
Librarian
Simple fail-over

37. Software used to create data to be used in the testing of computer programs
Local loop
Web site
Private key cryptosystems
Test generators

38. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and
Blackbox testing
Application controls
Completeness check
COCO

39. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature
Enterprise resource planning
Token ring topology
Console log
Biometric locks

40. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).
Spanning port
Bandwidth
Distributed data processing network
Logs/Log file

41. Faking the sending address of a transmission in order to gain illegal entry into a secure system
Windows NT
Evidence
Recovery point objective (RPO)—
Spoofing

42. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements
Fault tolerance
File
Systems analysis
Web page

43. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
Computer server
Parallel simulation
Node
Unit testing

44. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.
Detailed IS ontrols
Artificial intelligence
Protection domain
BSP (business service provider)

45. Programmed checking of data validity in accordance with predetermined criteria
Validity check
Function point analysis
Service user
Check digit verification (self-checking digit)

46. Programs that are tested and evaluated before approval into the production environment. Test programs; through a series of change control moves; migrate from the test environment to the production environment and become production programs.
Analog
Test programs
Microwave transmission
File layout

47. A group of computers connected by a communications network; where the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server but it
Client-server
False negative
Asynchronous transmission
UNIX

48. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)
Application implementation review
Run instructions
Netware
Fscal year

49. A small electronic device that contains electronic memory; and possibly an embedded integrated circuit. It can be used for a number of purposes including the storage of digital certificates or digital cash; or it can be used as a token to authenticat
Passive response
Audit trail
Smart card
Address space

50. Simulated transactions that can be used to test processing logic; computations and controls actually programmed in computer applications. Individual programs or an entire system can be tested. This technique includes Integrated Test Facilities (ITFs)
Test data
Run instructions
Signatures
L2TP (Layer 2 tunneling protocol)