SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed
Bridge
Public key cryptosystem
Application
Cathode ray tube (CRT)
2. Weaknesses in systems that can be exploited in ways that violate security policy
Coupling
Regression testing
Vulnerabilities
Application software tracing and mapping
3. A 24-hour; stand-alone mini-bank; located outside branch bank offices or in public places like shopping malls. Through ATMs; clients can make deposits; withdrawals; account inquiries and transfers. Typically; the ATM network is comprised of two spher
Transaction protection
Automated teller machine (ATM)
Substantive testing
Continuous auditing approach
4. A file format in which records are organized and can be accessed; according to a preestablished key that is part of the record
Indexed sequential file
Salami technique
Technical infrastructure security
Limit check
5. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for
Control risk self-assessment
Polymorphism (objects)
Baseband
Expert systems
6. The risk associated with an event when the control is in place to reduce the effect or likelihood of that event being taken into account
Auditability
TCP (transmission control protocol)
Residual risk
Hyperlink
7. Unauthorized electronic exits; or doorways; out of an authorized computer program into a set of malicious instructions or programs
Inheritance (objects)
Trap door
Misuse detection
Computer-aided software engineering (CASE)
8. The ability to exercise judgement; express opinions and present recommendations with impartiality
Data structure
Objectivity
Hardware
Program narratives
9. Used to electronically scan and input written information from a source document
Optical character recognition
Database specifications
War dialler
Application development review
10. An audit designed to determine the accuracy of financial records and information
Appearance
Message switching
Financial audit
Executable code
11. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.
Default deny policy
Standing data
Audit program
Intrusive monitoring
12. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.
Benchmark
Electronic signature
Circuit-switched network
RADIUS
13. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei
Bus topology
File server
Integrated test facilities (ITF)
ASCII (American Standard Code for Information Interchange)
14. Analysis that is performed in real time or in continuous form
Dynamic analysis
Cluster controller
Shell
Discovery sampling
15. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)
Judgment sampling
ASP/MSP (application or managed service provider)
Intelligent terminal
Mapping
16. An interface between data terminal equipment (DTE) and data circuit-terminating equipment (DCE) for terminals operating in the packet mode on some public data networks
Strategic risk
Scure socket layer (SSL)
Internet
X.25 interface
17. Is the risk to earnings or capital arising from movements in interest rates. From an economic perspective; a bank focuses on the sensitivity of the value of its assets; liabilities and revenues to changes in interest rates. Internet banking may attra
Interest rate risk
Standing data
File
Hyperlink
18. Programs and supporting documentation that enable and facilitate use of the computer. Software controls the operation of the hardware.
Software
UDDI
Echo checks
Masking
19. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level
Antivirus software
Uninterruptible power supply (UPS)
Corporate exchange rate
Control perimeter
20. The transmission of more than one signal across a physical channel
Multiplexing
Regression testing
Audit accountability
ACK (acknowledgement)
21. A fail-over process in which the primary node owns the resource group. The backup node runs a non-critical application (e.g.; a development or test environment) and takes over the critical resource group but not vice versa.
Performance indicators
RADIUS
DMZ (demilitarized zone)
Simple fail-over
22. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack
COSO
Project team
Modem (modulator-demodulator)
False positive
23. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy
Virtual private network (VPN)
Geographic disk mirroring
Security testing
Standing data
24. An international standard that defines information confidentiality; integrity and availability controls
Whitebox testing
ISO17799
Budget formula
Twisted pairs
25. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes
Non-intrusive monitoring
Object Management Group (OMG)
Checkpoint restart procedures
Tcpdump
26. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions
HTTP (hyper text transfer protocol)
Irregularities
Database administrator (DBA)
Population
27. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population
Discovery sampling
Service level agreement (SLA)
Binary code
Cleartext
28. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service
Request for proposal (RFP)
Field
Application proxy
Cross-certification
29. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.
Reasonable assurance
Internet Engineering Task Force (IETF)
Editing
Digital certificate
30. A telecommunications traffic controlling methodology in which a complete message is sent to a concentration point and stored until the communications path is established
Message switching
Vulnerabilities
Hypertext
Application proxy
31. The process of converting an analog telecommunications signal into a digital computer signal
Intelligent terminal
Integrated services digital network (ISDN)
Demodulation
Random access memory (RAM)
32. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an
Decryption key
Generalized audit software
Security/transaction risk
Dynamic analysis
33. Used to enable remote access to a server computer. Commands typed are run on the remote server.
Telnet
Database administrator (DBA)
Modulation
BSP (business service provider)
34. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical
Modulation
Sufficient audit evidence
DDoS (distributed denial-of-service) attack
Computer-aided software engineering (CASE)
35. A data recovery strategy that includes a recovery from complete backups that are physically shipped off site once a week. Specifically; logs are batched electronically several times daily; and then loaded into a tape library located at the same facil
Bypass label processing (BLP)
Buffer
Bulk data transfer
Protection domain
36. The roles; scope and objectives documented in the service level agreement between management and audit
Buffer
Certificate Revocation List
Audit responsibility
Smart card
37. A set of communications protocols that encompasses media access; packet transport; session communications; file transfer; electronic mail; terminal emulation; remote file access and network management. TCP/IP provides the basis for the Internet.
Peripherals
Fault tolerance
Logon
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
38. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.
Arithmetic-logic unit (ALU)
Teleprocessing
Manual journal entry
Utility programs
39. The risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Internet banking provides the opportunity for banks to expand their geographic range. Customers can r
Control perimeter
Hacker
Remote job entry (RJE)
Credit risk
40. 1) Two or more networks connected by a router 2) The world's largest network using TCP/IP protocols to link government; university and commercial institutions
Combined Code on Corporate Governance
Idle standby
Internet
liquidity risk
41. An attack capturing sensitive pieces of information; such as passwords; passing through the network
HTTP (hyper text transfer protocol)
Sniffing
Authorization
Handprint scanner
42. Confidentiality concerns the protection of sensitive information from unauthorized disclosure
Biometrics
Confidentiality
Cross-certification
Sniffing
43. The primary language used by both application programmers and end users in accessing relational databases
SMTP (Simple Mail Transport Protocol)
Structured Query Language (SQL)
UDDI
Telecommunications
44. System narratives provide an overview explanation of system flowcharts; with explanation of key control points and system interfaces.
System narratives
Controls (Control procedures)
Internet
Hyperlink
45. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem
Modem (modulator-demodulator)
Taps
Teleprocessing
Data dictionary
46. Interface between data terminal equipment and data communications equipment employing serial binary data interchange
Information engineering
RS-232 interface
FIN (final)
Integrated test facilities (ITF)
47. The risk that the IS auditor's substantive procedures will not detect an error which could be material; individually or in combination with other errors
Tuple
Passive assault
Local area network (LAN)
Detection risk
48. A programmed edit or routine that detects transposition and transcription errors by calculating and checking the check digit
Record
Bar code
Discovery sampling
Check digit verification (self-checking digit)
49. A procedure designed to ensure that no fields are missing from a record
E-mail/interpersonal messaging
Anomaly
Completeness check
Decryption
50. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv
Transaction
Misuse detection
Enterprise governance
Web page
