SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system
Message switching
IDS (intrusion detection system)
Audit evidence
Queue
2. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The
Remote procedure calls (RPCs)
Credit risk
Static analysis
Card swipes
3. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco
Modem (modulator-demodulator)
Data Encryption Standard (DES)
Substantive testing
Interface testing
4. Unusual or statistically rare
Ethernet
Anonymity
Rootkit
Anomaly
5. Used to enable remote access to a server computer. Commands typed are run on the remote server.
Foreign exchange risk
Object code
Telnet
Subject matter (Area of activity)
6. A fail-over process; which is basically a two-way idle standby: two servers are configured so that both can take over the other node's resource group. Both must have enough CPU power to run both applications with sufficient speed; or performance loss
Binary code
Rulebase
Single point of failure
Mutual takeover
7. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat
Bandwidth
Application acquisition review
Data-oriented systems development
Spoofing
8. Used to ensure that input data agree with predetermined criteria stored in a table
Table look-ups
Request for proposal (RFP)
Simple fail-over
IPSec (Internet protocol security)
9. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur
ASCII (American Standard Code for Information Interchange)
Communications controller
Benchmark
Audit evidence
10. A device used for combining several lower-speed channels into a higher-speed channel
Compensating control
Multiplexor
Port
price risk
11. The area of the central processing unit that performs mathematical and analytical operations
Indexed sequential access method (ISAM)
Arithmetic-logic unit (ALU)
Application software tracing and mapping
Private key cryptosystems
12. A measurement of the point prior to an outage to which data are to be restored
Recovery point objective (RPO)—
Computer server
Cathode ray tube (CRT)
Operating system
13. Processes certified as supporting a security goal
Noise
Librarian
Trusted processes
Logon
14. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population
Continuity
Security management
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Audit sampling
15. An engagement where management does not make a written assertion about the effectiveness of their control procedures; and the IS auditor provides an opinion about subject matter directly; such as the effectiveness of the control procedures
Audit accountability
Direct reporting engagement
RFC (request for comments)
LDAP (Lightweight Directory Access Protocol)
16. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com
Point-of-sale systems (POS)
Hexadecimal
Structured Query Language (SQL)
Fail-safe
17. Universal Description; Discovery and Integration
vulnerability
Transaction
RS-232 interface
UDDI
18. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication
Signatures
Parity check
Rounding down
Man-in-the-middle attack
19. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.
Run instructions
Windows NT
Network hop
ACK (acknowledgement)
20. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in
Privilege
Program flowcharts
Service bureau
Password cracker
21. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department
Incremental testing
Web page
Operational audit
Internet packet (IP) spoofing
22. The Internet standards setting organization with affiliates internationally from network industry representatives. This includes all network industry developers and researchers concerned with evolution and planned growth of the Internet.
Internet Engineering Task Force (IETF)
Business impact analysis (BIA)
Firewall
Program narratives
23. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.
Cluster controller
Cohesion
Reliable audit evidence
Modem (modulator-demodulator)
24. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.
Incremental testing
Whitebox testing
Applet
Intranet
25. A hierarchical database that is distributed across the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail servers
DNS (domain name system)
Interface testing
FIN (final)
Duplex routing
26. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem
Security software
Symmetric key encryption
Financial audit
System software
27. 1) Two or more networks connected by a router 2) The world's largest network using TCP/IP protocols to link government; university and commercial institutions
price risk
Virtual private network (VPN)
Internet
Trojan horse
28. A data recovery strategy that takes a set of physically disparate disks and synchronously mirrors them over high performance communication lines. Any write to a disk on one side will result in a write on the other. The local write will not return unt
Logoff
Manual journal entry
Geographic disk mirroring
Computationally greedy
29. A piece of information; in a digitized form; used to recover the plaintext from the corresponding ciphertext by decryption
Sniffing
Decryption key
DoS (denial-of-service) attack
Interest rate risk
30. A disk access method that stores data sequentially; while also maintaining an index of key fields to all the records in the file for direct access capability
Bridge
Indexed sequential access method (ISAM)
System flowcharts
BSP (business service provider)
31. Files; equipment; data and procedures available for use in the event of a failure or loss; if the originals are destroyed or out of service
Continuity
Backup
Audit trail
Vulnerabilities
32. The organization using the outsourced service
Embedded audit module
Transaction
Service user
Decryption key
33. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d
Idle standby
Audit trail
Integrated services digital network (ISDN)
Control Objectives for Enterprise Governance
34. The portion of a security policy that states the general process that will be performed to accomplish a security goal
Direct reporting engagement
Downtime report
liquidity risk
Procedure
35. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information
Trusted systems
Risk assessment
Trust
Administrative controls
36. English-like; user friendly; nonprocedural computer languages used to program and/or read and process computer files
Electronic funds transfer (EFT)
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Fourth generation language (4GL)
Intrusion
37. Memory chips with embedded program code that hold their content when power is turned off
Computationally greedy
Confidentiality
Firmware
Protection domain
38. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.
Idle standby
Twisted pairs
Database management system (DBMS)
Uploading
39. Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.
Transaction
Middleware
Format checking
Active response
40. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.
Vulnerability analysis
Feasibility study
Hardware
Nonrepudiation
41. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed
Audit plan
Centralized data processing
Cathode ray tube (CRT)
Table look-ups
42. Patterns indicating misuse of a system
Checkpoint restart procedures
Attitude
Quick ship
Signatures
43. Impartial point of view which allows the IS auditor to act objectively and with fairness
Database management system (DBMS)
Monitoring policy
Independent attitude
Judgment sampling
44. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase
IDS (intrusion detection system)
Reasonable assurance
Regression testing
Error
45. The quality or state of not being named or identified
Anonymity
Prototyping
Netware
Filtering router
46. A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.
Security policy
Electronic cash
Black box testing
Accountability
47. The computer room and support areas
Terms of reference
Application layer
Information processing facility (IPF)
Check digit verification (self-checking digit)
48. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.
Reasonable assurance
Consumer
Confidentiality
Assembly language
49. The process of creating and managing duplicate versions of a database. Replication not only copies a database but also synchronizes a set of replicas so that changes made to one replica are reflected in all the others. The beauty of replication is th
legal risk
Encapsulation (objects)
Hyperlink
Database replication
50. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to
Residual risk
Rounding down
Computer-aided software engineering (CASE)
Mapping