Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy
Redo logs
Audit
Open systems
Salami technique

2. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of
Technical infrastructure security
Application programming interface (API)
Black box testing
Bulk data transfer

3. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).
Idle standby
Independent attitude
Addressing
IPSec (Internet protocol security)

4. Any situation or event that has the potential to harm a system
Check digit
Threat
Honey pot
Inheritance (objects)

5. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne
Proxy server
Downloading
Cohesion
External router

6. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.
Trojan horse
HTTP (hyper text transfer protocol)
Multiplexor
BSP (business service provider)

7. A workstation or PC on a network that does not have its own disk. Instead; it stores files on a network file server.
Diskless workstations
System flowcharts
Application system
PPP (point-to-point protocol)

8. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions
Default password
Criteria
Population
Service bureau

9. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload
Information processing facility (IPF)
Firewall
Penetration testing
Active recovery site (mirrored)

10. Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network; while denying access from the Internet directly to the private network.
General computer controls
Concurrent access
Application software tracing and mapping
DMZ (demilitarized zone)

11. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups
liquidity risk
Control group
Master file
Top-level management

12. The transmission of more than one signal across a physical channel
DDoS (distributed denial-of-service) attack
Multiplexing
Access method
Application software tracing and mapping

13. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange
Recovery testing
Telecommunications
Netware
Criteria

14. A type of service providing an authentication and accounting system often used for dial-up and remote access security
Budget organization
NAT (Network Address Translation)
Token
RADIUS (remote authentication dial-in user service)

15. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Source documents
Relevant audit evidence
Standing data
Anomaly detection

16. The potential loss to an area due to the occurrence of an adverse event
Microwave transmission
Exposure
SYN (synchronize)
Plaintext

17. The outward impression of being self-governing and free from conflict of interest and undue influence
Authentication
Independent appearance
Polymorphism (objects)
Digital signature

18. Special system software features and utilities that allow the user to perform complex system maintenance. Use of these exits often permits the user to operate outside of the security access control system.
System exit
Access path
Scure socket layer (SSL)
Budget organization

19. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal
Independent attitude
Audit sampling
Real-time processing
Registration authority (RA)

20. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv
Telecommunications
Online data processing
Rapid application development
Web page

21. Any information collection mechanism utilized by an intrusion detection system
Statistical sampling
Criteria
Monitor
Proxy server

22. Data that is not encrypted. Also known as plaintext.
Cleartext
Integrated services digital network (ISDN)
Transaction log
Non-intrusive monitoring

23. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw
Recovery point objective (RPO)—
Population
Audit responsibility
Firewall

24. Controls over the business processes that are supported by the ERP
Downloading
Access path
business process integrity
Due professional care

25. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.
Topology
Strategic risk
Hardware
Inheritance (objects)

26. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.
Initial program load (IPL)
Budget formula
Transaction log
Editing

27. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch
Spanning port
legal risk
Business-to-consumer e-commerce (B2C)
Handprint scanner

28. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).
L2TP (Layer 2 tunneling protocol)
Data-oriented systems development
Vulnerabilities
Adjusting period

29. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.
Black box testing
Random access memory (RAM)
Format checking
Program narratives

30. Disturbances; such as static; in data transmissions that cause messages to be misinterpreted by the receiver
ISP (Internet service provider)
Open systems
Hyperlink
Noise

31. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
LDAP (Lightweight Directory Access Protocol)
Repudiation
Leased lines

32. An eight-digit/seven-bit code representing 128 characters; used in most small computers
ASCII (American Standard Code for Information Interchange)
Compliance testing
Compensating control
Active recovery site (mirrored)

33. A system of storing messages in a private recording medium where the called party can later retrieve the messages
Voice mail
X.25
Split DNS
Operational risk

34. Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer.
Web Services Description Language (WSDL)
Encapsulation (objects)
UDP (User Datagram Protocol)
Prototyping

35. A fail-over process in which there are two nodes (as in idle standby but without priority). The node that enters the cluster first owns the resource group; and the second will join as a standby node.
Application implementation review
Vulnerability analysis
virtual organizations
Rotating standby

36. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.
Sufficient audit evidence
Fourth generation language (4GL)
Transaction log
Proxy server

37. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.
Statistical sampling
Audit objective
Assembly language
Budget organization

38. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig
Single point of failure
Monetary unit sampling
Fiber optic cable
Cohesion

39. To configure a computer or other network device to resist attacks
Harden
Intelligent terminal
Application system
Random access memory (RAM)

40. Analysis that is performed on a continuous basis; with results gained in time to alter the run-time system
business process integrity
Bandwidth
Embedded audit module
Real-time analysis

41. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.
Preventive controls
Consumer
Pervasive IS controls
Fiber optic cable

42. An integrated set of computer programs designed to serve a particular function that has specific input; processing and output activities (e.g.; general ledger; manufacturing resource planning; human resource management)
Asynchronous Transfer Mode (ATM)
Population
Network hop
Application system

43. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))
Initial program load (IPL)
Web Services Description Language (WSDL)
Passive assault
Man-in-the-middle attack

44. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system
Operational audit
Fail-over
Cryptography
IDS (intrusion detection system)

45. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The
Hexadecimal
Audit accountability
Remote procedure calls (RPCs)
Application implementation review

46. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes
UDDI
IT governance
Monetary unit sampling
Warm-site

47. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack
False positive
Prototyping
Inheritance (objects)
Application software tracing and mapping

48. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes
Monitoring policy
Production software
Non-intrusive monitoring
Bandwidth

49. A collection of computer programs used in the design; processing and control of all applications. The programs and processing routines that control the computer hardware; including the operating system and utility programs. Refers to the operating sy
Judgment sampling
System software
Hierarchical database
Operator console

50. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat
Budget formula
Concurrent access
NAT (Network Address Translation)
Application acquisition review