Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A group of computers connected by a communications network; where the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server but it






2. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain






3. Standard that defines how global directories should be structured. X.500 directories are hierarchical with different levels for each category of information; such as country; state and city.






4. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user






5. The process of electronically inputting source documents by taking an image of the document; thereby eliminating the need for key entry






6. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b






7. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.






8. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.






9. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti






10. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code






11. Diligence which a person would exercise under a given set of circumstances






12. A statement of the position within the organization; including lines of reporting and the rights of access






13. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer






14. Provide verification that all transmitted data are read and processed






15. Range checks ensure that data fall within a predetermined range (also see limit checks).






16. Error control deviations (compliance testing) or misstatements (substantive testing)






17. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically






18. A fail-over process; which is basically a two-way idle standby: two servers are configured so that both can take over the other node's resource group. Both must have enough CPU power to run both applications with sufficient speed; or performance loss






19. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of






20. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system






21. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)






22. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.






23. The machine language code that is generally referred to as the object or load module






24. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network






25. The organization using the outsourced service






26. An interface between data terminal equipment (DTE) and data circuit-terminating equipment (DCE) for terminals operating in the packet mode on some public data networks






27. Data unit that is routed from source to destination in a packet-switched network. A packet contains both routing information and data. Transmission control protocol/Internet protocol (TCP/IP) is such a packet-switched network.






28. A telecommunications traffic controlling methodology in which a complete message is sent to a concentration point and stored until the communications path is established






29. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system






30. Faking the sending address of a transmission in order to gain illegal entry into a secure system






31. A resource whose loss will result in the loss of service or production






32. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su






33. A card reader that reads cards with a magnetizable surface on which data can be stored and retrieved






34. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.






35. Relates to the technical and physical features of the computer






36. A destructive computer program that spreads from computer to computer using a range of methods; including infecting floppy disks and other programs. Viruses typically attach themselves to a program and modify it so that the virus code runs when the p






37. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.






38. Detection on the basis of whether the system activity matched that defined as abnormal






39. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm






40. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is






41. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product






42. The proportion of known attacks detected by an intrusion detection system






43. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.






44. The act of connecting to the computer. It typically requires entry of a user ID and password into a computer terminal.






45. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.






46. The process of taking an unencrypted message (plaintext); applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)






47. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file






48. A methodology that enables organisations to develop strategically important systems faster; while reducing development costs and maintaining quality by using a series of proven application development techniques; within a well-defined methodology.






49. An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions






50. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research (can be alpha or numeric and usually utilizes a key field)