Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A process involving the extraction of components from existing systems and restructuring these components to develop new systems or to enhance the efficiency of existing systems. Existing software systems thus can be modernized to prolong their funct






2. Error control deviations (compliance testing) or misstatements (substantive testing)






3. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.






4. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is






5. Files maintained by a system; primarily a database management system; for the purposed of reapplying changes following an error or outage recovery






6. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.






7. Unusual or statistically rare






8. A program that translates programming language (source code) into machine executable instructions (object code)






9. Criteria Of Control; published by the Canadian Institute of Chartered Accountants in 1995






10. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product






11. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all






12. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof






13. The process of taking an unencrypted message (plaintext); applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)






14. A file of semipermanent information that is used frequently for processing data or for more than one purpose






15. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making






16. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department






17. A denial-of-service (DoS) assault from multiple sources; see DoS






18. The highest level of management in the organization; responsible for direction and control of the organization as a whole (such as director; general manager; partner; chief officer and executive manager).






19. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers






20. The standard e-mail protocol on the Internet






21. The primary language used by both application programmers and end users in accessing relational databases






22. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes






23. Used to ensure that input data agree with predetermined criteria stored in a table






24. A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Analog signals are used in telecommunications.






25. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered






26. A sampling technique used to estimate the average or total value of a population based on a sample; a statistical model used to project a quantitative characteristic; such as a dollar amount






27. A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify if they actually arrive at the destination; not if






28. A testing approach that uses knowledge of a program/module's underlying implementation and code intervals to verify its expected behavior.






29. Confidentiality concerns the protection of sensitive information from unauthorized disclosure






30. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem






31. Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.






32. These controls are designed to prevent or restrict an error; omission or unauthorized intrusion.






33. The password used to gain access when a system is first installed on a computer or network device. There is a large list published on the Internet and maintained at several locations. Failure to change these after the installation leaves the system v






34. Disturbances; such as static; in data transmissions that cause messages to be misinterpreted by the receiver






35. A program designed to detect computer viruses






36. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu






37. ATM is a high-bandwidth low-delay switching and multiplexing technology. It is a data link layer protocol. This means that it is a protocol-independent transport mechanism. ATM allows integration of real-time voice and video as well as data. ATM allo






38. Those controls that seek to maintain confidentiality; integrity and availability of information






39. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination






40. A statement of the position within the organization; including lines of reporting and the rights of access






41. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.






42. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig






43. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.






44. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t






45. An audit designed to determine the accuracy of financial records; as well as evaluate the internal controls of a function or department






46. Those policies and procedures implemented to achieve a related control objective






47. The list of rules and/or guidance that is used to analyze event data






48. The person responsible for maintaining a LAN and assisting end users






49. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.






50. Files created specifically to record various actions occurring on the system to be monitored; such as failed login attempts; full disk drives and e-mail delivery failures







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests