SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A device for sending and receiving computerized data over transmission lines
Tcpdump
Terminal
Monitoring policy
Direct reporting engagement
2. Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities.
Rulebase
Availability
Coverage
Baud rate
3. The electronic transmission of transactions (information) between two organizations. EDI promotes a more efficient paperless environment. EDI transmissions can replace the use of standard documents; including invoices or purchase orders.
Electronic data interchange (EDI)
Binary code
Scheduling
Internet Engineering Task Force (IETF)
4. A level of comfort short of a guarantee but considered adequate given the costs of the control and the likely benefits achieved
Biometric locks
Encryption
Variable sampling
Reasonable assurance
5. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.
ASCII (American Standard Code for Information Interchange)
Batch processing
Default password
Shell
6. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su
Business impact analysis (BIA)
Budget organization
Risk assessment
UNIX
7. An automated detail report of computer system activity
Inheritance (objects)
Internet
Operational audit
Console log
8. The ability of end users to design and implement their own information system utilizing computer software products
End-user computing
TACACS+ (terminal access controller access control system plus)
Allocation entry
Spool (simultaneous peripheral operations online)
9. The boundary defining the scope of control authority for an entity. For example; if a system is within the control perimeter; the right and ability exists to control it in response to an attack.
Control perimeter
Adjusting period
Fault tolerance
Logs/Log file
10. Files created specifically to record various actions occurring on the system to be monitored; such as failed login attempts; full disk drives and e-mail delivery failures
Credentialed analysis
Logs/Log file
Application system
Application programming
11. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.
Confidentiality
Passive response
Repudiation
IPSec (Internet protocol security)
12. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.
Ethernet
Gateway
Firmware
Bar code
13. A data recovery strategy that takes a set of physically disparate disks and synchronously mirrors them over high performance communication lines. Any write to a disk on one side will result in a write on the other. The local write will not return unt
General computer controls
Geographic disk mirroring
Extensible Markup Language (XML)
Worm
14. A protocol used for transmitting data between two ends of a connection
Router
Analog
PPP (point-to-point protocol)
Accountability
15. Intentional violations of established management policy or regulatory requirements. Deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole; gross negligence or unintentional illegal acts.
Internet Engineering Task Force (IETF)
Application software tracing and mapping
Internet Inter-ORB Protocol (IIOP)
Irregularities
16. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be
Control risk
Hash function
Packet filtering
Brute force
17. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data
Risk
Irregularities
Incremental testing
Data owner
18. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems
Analog
Due professional care
Security testing
Queue
19. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.
Editing
Sampling risk
Systems acquisition process
Subject matter (Area of activity)
20. The interface between the user and the system
Input controls
Shell
Service level agreement (SLA)
Enterprise resource planning
21. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically
Public key cryptosystem
Circuit-switched network
Wiretapping
Judgment sampling
22. A technique used to recover the original plaintext from the ciphertext such that it is intelligible to the reader. The decryption is a reverse process of the encryption.
Decryption
FIN (final)
Link editor (linkage editor)
Intrusive monitoring
23. Programs that provide assurance that the software being audited is the correct version of the software; by providing a meaningful listing of any discrepancies between the two versions of the program
Program flowcharts
Source code compare programs
Engagement letter
Data dictionary
24. An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals
Access control table
Application programming
Vulnerabilities
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
25. Identified by one central processor and databases that form a distributed processing configuration
Record
Teleprocessing
Centralized data processing
liquidity risk
26. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy
Administrative controls
Internal control structure
Coaxial cable
Operational control
27. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.
Database management system (DBMS)
Tape management system (TMS)
Salami technique
Private key
28. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)
Service user
Protocol stack
Application implementation review
Dial-back
29. Detection on the basis of whether the system activity matches that defined as bad
Unit testing
Asymmetric key (public key)
Misuse detection
Components (as in component-based development)
30. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.
Integrated test facilities (ITF)
Decision support systems (DSS)
TCP (transmission control protocol)
Reverse engineering
31. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;
Systems development life cycle (SDLC)
Image processing
Security management
Trust
32. Checks that data are entered correctly
Object Management Group (OMG)
Detection risk
Verification
Computer-aided software engineering (CASE)
33. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.
Biometric locks
Budget formula
Fscal year
HTTP (hyper text transfer protocol)
34. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed
Dial-in access controls
Systems development life cycle (SDLC)
X.25
Promiscuous mode
35. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal
Real-time processing
Simple fail-over
Central processing unit (CPU)
UDP (User Datagram Protocol)
36. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide
Data analysis
Audit objective
Star topology
Control group
37. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t
Real-time processing
Data-oriented systems development
Password cracker
legal risk
38. The risk of giving an incorrect audit opinion
Audit risk
Utility programs
Peripherals
Access rights
39. System flowcharts are graphical representations of the sequence of operations in an information system or program. Information system flowcharts show how data from source documents flow through the computer to final distribution to users. Symbols use
Consumer
Duplex routing
Operational control
System flowcharts
40. A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify if they actually arrive at the destination; not if
UDP (User Datagram Protocol)
Decision support systems (DSS)
Private key cryptosystems
COCO
41. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission
Token ring topology
ACK (acknowledgement)
Alpha
Diskless workstations
42. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.
Judgment sampling
Ciphertext
ISO17799
Accountability
43. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.
Internal control
Spool (simultaneous peripheral operations online)
Asynchronous Transfer Mode (ATM)
Vaccine
44. A file format in which records are organized and can be accessed; according to a preestablished key that is part of the record
Business process reengineering (BPR)
Indexed sequential file
Independence
Risk
45. An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)
Data diddling
PPP (point-to-point protocol)
Remote procedure calls (RPCs)
Attribute sampling
46. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain
Split data systems
Recovery testing
Protection domain
Business risk
47. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code
Open systems
Assembler
Source code compare programs
Accountability
48. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for
Arithmetic-logic unit (ALU)
Transaction log
Baseband
Hash total
49. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed
Application system
Structured programming
Comprehensive audit
Cathode ray tube (CRT)
50. A denial-of-service (DoS) assault from multiple sources; see DoS
DDoS (distributed denial-of-service) attack
Network hop
Incremental testing
Twisted pairs
