Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. An evaluation of any part of a project to perform maintenance on an application system (e.g.; project management; test plans; user acceptance testing procedures)
Taps
Verification
Application maintenance review
Recovery point objective (RPO)—

2. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.
Decryption
Structured programming
Nonrepudiation
Parallel simulation

3. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
Production software
Checkpoint restart procedures
Third-party review
DDoS (distributed denial-of-service) attack

4. Error control deviations (compliance testing) or misstatements (substantive testing)
Error
Virtual private network (VPN)
Data analysis
Partitioned file

5. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o
Misuse detection
Decentralization
Open systems
Rounding down

6. The rules outlining the way in which information is captured and interpreted
Trust
Direct reporting engagement
Monitoring policy
Job control language (JCL)

7. Comparing the system's performance to other equivalent systems using well defined benchmarks
Performance testing
Personal identification number (PIN)
Scure socket layer (SSL)
Security management

8. The person responsible for maintaining a LAN and assisting end users
Network administrator
e-commerce
Degauss
Star topology

9. A 24-hour; stand-alone mini-bank; located outside branch bank offices or in public places like shopping malls. Through ATMs; clients can make deposits; withdrawals; account inquiries and transfers. Typically; the ATM network is comprised of two spher
Registration authority (RA)
Automated teller machine (ATM)
Intelligent terminal
General computer controls

10. General controls which are designed to manage and monitor the IS environment and which; therefore; affect all IS-related activities
Backup
Penetration testing
Extensible Markup Language (XML)
Pervasive IS controls

11. A program written in a portable; platform independent computer language; such as Java. It is usually embedded in an HTML page and then executed by a browser. Applets can only perform a restricted set of operations; thus preventing; or at least minimi
Control Objectives for Enterprise Governance
Telecommunications
Systems analysis
Applet

12. A list of retracted certificates
Internet
Management information system (MIS)
Certificate Revocation List
System software

13. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file
X.500
Anonymous File Transfer Protocol (FTP)
Access rights
Security policy

14. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.
Control objective
Data custodian
Warm-site
Check digit verification (self-checking digit)

15. An Internet standard that allows a network to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. The server; providing the NAT service; changes the source address of outgoing packets from the internal
NAT (Network Address Translation)
Librarian
Transaction
DNS (domain name system)

16. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)
Strategic risk
Application implementation review
Personal identification number (PIN)
Noise

17. A top-down technique of designing programs and systems. It makes programs more readable; more reliable and more easily maintained.
Authentication
RFC (request for comments)
Source code compare programs
Structured programming

18. The process of determining what types of activities are permitted. Ordinarily; authorisation is in the context of authentication: once you have authenticated a user; he/she may be authorised to perform different types of access or activity
Cryptography
Authorization
Telecommunications
Distributed data processing network

19. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.
Intrusion detection
Operational control
Transaction protection
Internet Engineering Task Force (IETF)

20. A named collection of related records
Spool (simultaneous peripheral operations online)
File
Benchmark
Internal control structure

21. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in
Password cracker
Modulation
Gateway
Sniffing

22. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack
False positive
Web site
Tcpdump
Card swipes

23. A standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system.
Hot site
Base case
HTTP (hyper text transfer protocol)
RS-232 interface

24. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Object code
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Data custodian
Duplex routing

25. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase
Due care
ASCII (American Standard Code for Information Interchange)
Regression testing
X.25 interface

26. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and
Fourth generation language (4GL)
Application controls
Embedded audit module
Teleprocessing

27. Block-at-a-time data transmission
Digital signature
Access rights
Synchronous transmission
Test generators

28. A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations
Offline files
Judgment sampling
Microwave transmission
Pervasive IS controls

29. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being
Image processing
Broadband
Corporate exchange rate
Buffer

30. Provide verification that all transmitted data are read and processed
Run-to-run totals
Audit trail
IP (Internet protocol)
Optical character recognition

31. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec
RADIUS
Protocol converter
Software
Sampling risk

32. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis
Communications controller
Static analysis
Object-oriented system development
Audit charter

33. Estimated cost and revenue amounts for a given range of periods and set of books. There can be multiple budget versions for the same set of books.
Computer-assisted audit technique (CAATs)
Telecommunications
Internet packet (IP) spoofing
Budget

34. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications
Cold site
Dial-in access controls
Application security
Encryption

35. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the
liquidity risk
Transaction
Business impact analysis (BIA)
Certificate Revocation List

36. The risk that activities will include deliberate circumvention of controls with the intent to conceal the perpetuation of irregularities. The unauthorized use of assets or services and abetting or helping to conceal.
Source documents
L2TP (Layer 2 tunneling protocol)
Encryption key
Fraud risk

37. Checks that data are entered correctly
Population
Verification
Binary code
Fail-safe

38. A document which defines the IS audit function's responsibility; authority and accountability
Audit charter
Edit controls
HTTP (hyper text transfer protocol)
Fraud risk

39. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure
Tuple
Random access memory (RAM)
Parallel simulation
Mutual takeover

40. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results
Magnetic card reader
Request for proposal (RFP)
Parallel testing
Security software

41. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users
Offline files
Masqueraders
RFC (request for comments)
Asymmetric key (public key)

42. Advanced computer systems that can simulate human capabilities; such as analysis; based on a predetermined set of rules
Audit charter
Indexed sequential access method (ISAM)
Artificial intelligence
Expert systems

43. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.
Misuse detection
Business-to-consumer e-commerce (B2C)
L2F (Layer 2 forwarding)
Rounding down

44. Asoftware testing technique whereby the internal workings of the item being tested are not known by the tester. For example - in a black box test on a software design the tester only knows the inputs and what the expected outcomes should be and not h
Access rights
Batch control
Audit plan
Blackbox testing

45. Detection on the basis of whether the system activity matched that defined as abnormal
Availability
Anomaly detection
Circuit-switched network
Data-oriented systems development

46. A device for sending and receiving computerized data over transmission lines
Anomaly
L2TP (Layer 2 tunneling protocol)
Real-time processing
Terminal

47. The act of giving the idea or impression of being or doing something
Operational risk
Appearance
Appearance of independence
Audit program

48. The ability of end users to design and implement their own information system utilizing computer software products
Internet packet (IP) spoofing
RADIUS
Tuple
End-user computing

49. Disturbances; such as static; in data transmissions that cause messages to be misinterpreted by the receiver
Direct reporting engagement
Peripherals
Noise
Internet packet (IP) spoofing

50. The organization providing the outsourced service
Multiplexor
Service provider
Logs/Log file
Transaction