Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed






2. Weaknesses in systems that can be exploited in ways that violate security policy






3. A 24-hour; stand-alone mini-bank; located outside branch bank offices or in public places like shopping malls. Through ATMs; clients can make deposits; withdrawals; account inquiries and transfers. Typically; the ATM network is comprised of two spher






4. A file format in which records are organized and can be accessed; according to a preestablished key that is part of the record






5. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for






6. The risk associated with an event when the control is in place to reduce the effect or likelihood of that event being taken into account






7. Unauthorized electronic exits; or doorways; out of an authorized computer program into a set of malicious instructions or programs






8. The ability to exercise judgement; express opinions and present recommendations with impartiality






9. Used to electronically scan and input written information from a source document






10. An audit designed to determine the accuracy of financial records and information






11. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.






12. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.






13. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei






14. Analysis that is performed in real time or in continuous form






15. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)






16. An interface between data terminal equipment (DTE) and data circuit-terminating equipment (DCE) for terminals operating in the packet mode on some public data networks






17. Is the risk to earnings or capital arising from movements in interest rates. From an economic perspective; a bank focuses on the sensitivity of the value of its assets; liabilities and revenues to changes in interest rates. Internet banking may attra






18. Programs and supporting documentation that enable and facilitate use of the computer. Software controls the operation of the hardware.






19. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level






20. The transmission of more than one signal across a physical channel






21. A fail-over process in which the primary node owns the resource group. The backup node runs a non-critical application (e.g.; a development or test environment) and takes over the critical resource group but not vice versa.






22. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack






23. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy






24. An international standard that defines information confidentiality; integrity and availability controls






25. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes






26. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions






27. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population






28. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service






29. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.






30. A telecommunications traffic controlling methodology in which a complete message is sent to a concentration point and stored until the communications path is established






31. The process of converting an analog telecommunications signal into a digital computer signal






32. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an






33. Used to enable remote access to a server computer. Commands typed are run on the remote server.






34. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical






35. A data recovery strategy that includes a recovery from complete backups that are physically shipped off site once a week. Specifically; logs are batched electronically several times daily; and then loaded into a tape library located at the same facil






36. The roles; scope and objectives documented in the service level agreement between management and audit






37. A set of communications protocols that encompasses media access; packet transport; session communications; file transfer; electronic mail; terminal emulation; remote file access and network management. TCP/IP provides the basis for the Internet.






38. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.






39. The risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Internet banking provides the opportunity for banks to expand their geographic range. Customers can r






40. 1) Two or more networks connected by a router 2) The world's largest network using TCP/IP protocols to link government; university and commercial institutions






41. An attack capturing sensitive pieces of information; such as passwords; passing through the network






42. Confidentiality concerns the protection of sensitive information from unauthorized disclosure






43. The primary language used by both application programmers and end users in accessing relational databases






44. System narratives provide an overview explanation of system flowcharts; with explanation of key control points and system interfaces.






45. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem






46. Interface between data terminal equipment and data communications equipment employing serial binary data interchange






47. The risk that the IS auditor's substantive procedures will not detect an error which could be material; individually or in combination with other errors






48. A programmed edit or routine that detects transposition and transcription errors by calculating and checking the check digit






49. A procedure designed to ensure that no fields are missing from a record






50. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv