Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A system development technique that enables users and developers to reach agreement on system requirements. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphas






2. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules






3. The proportion of known attacks detected by an intrusion detection system






4. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com






5. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain






6. Range checks ensure that data fall within a predetermined range (also see limit checks).






7. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software






8. A piece of information; in a digitized form; used by an encryption algorithm to convert the plaintext to the ciphertext






9. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.






10. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.






11. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba






12. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.






13. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.






14. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d






15. A test to check the system's ability to recover after a software or hardware failure






16. Organizations that have no official physical site presence and are made up of diverse geographically dispersed or mobile employees.






17. A system software tool that logs; monitors and directs computer tape usage






18. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making






19. (remote authentication dial-in user service)






20. The highest level of management in the organization; responsible for direction and control of the organization as a whole (such as director; general manager; partner; chief officer and executive manager).






21. Specifies the format of packets and the addressing scheme






22. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)






23. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems






24. The interface between the user and the system






25. An edit check designed to ensure the data in a particular field is numeric






26. Hardware devices; such as asynchronous and synchronous transmissions; that convert between two different types of transmission






27. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.






28. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications






29. The risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Internet banking provides the opportunity for banks to expand their geographic range. Customers can r






30. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio






31. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements






32. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t






33. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator






34. Confidentiality concerns the protection of sensitive information from unauthorized disclosure






35. A file format in which records are organized and can be accessed; according to a preestablished key that is part of the record






36. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.






37. A document which defines the IS audit function's responsibility; authority and accountability






38. A protocol used to transmit data securely between two end points to create a VPN






39. A technique used to recover the original plaintext from the ciphertext such that it is intelligible to the reader. The decryption is a reverse process of the encryption.






40. The ability of end users to design and implement their own information system utilizing computer software products






41. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels






42. The electronic transmission of transactions (information) between two organizations. EDI promotes a more efficient paperless environment. EDI transmissions can replace the use of standard documents; including invoices or purchase orders.






43. The time it takes a system and network delay to respond. System latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.






44. Polymorphism refers to database structures that send the same command to different child objects that can produce different results depending on their family hierarchical tree structure.






45. A document that confirms the client's and the IS auditor's acceptance of a review assignment






46. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.






47. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function






48. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.






49. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.






50. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur