Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.
Public key infrastructure
Corporate governance
Warm-site
Network

2. Special system software features and utilities that allow the user to perform complex system maintenance. Use of these exits often permits the user to operate outside of the security access control system.
Offline files
Computationally greedy
System exit
Partitioned file

3. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.
War dialler
Authorization
Ciphertext
Electronic cash

4. An individual who attempts to gain unauthorized access to a computer system
Check digit
Hacker
Demodulation
Electronic funds transfer (EFT)

5. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems
TCP (transmission control protocol)
Taps
RADIUS (remote authentication dial-in user service)
Top-level management

6. Checks the accuracy of the results produced by a test run. There are three types of checks that an output analyzer can perform. First; if a standard set of test data and test results exists for a program; the output of a test run after program mainte
Network hop
Data-oriented systems development
Data flow
Output analyzer

7. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.
Adjusting period
Nonrepudiable trnasactions
Useful audit evidence
Validity check

8. The act of transferring computerized information from one computer to another computer
Downloading
RADIUS
Automated teller machine (ATM)
Split data systems

9. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system
Analog
Full duplex
Password
Budget

10. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy
Virtual private network (VPN)
Partitioned file
Queue
Monitoring policy

11. The standard e-mail protocol on the Internet
Business process reengineering (BPR)
SMTP (Simple Mail Transport Protocol)
implementation life cycle review
Certificate Revocation List

12. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules
Control weakness
Internet Inter-ORB Protocol (IIOP)
Sniffing
Service provider

13. A collection of related information treated as a unit. Separate fields within the record are used for processing of the information.
Administrative controls
Integrity
Default deny policy
Record

14. The organization using the outsourced service
Object-oriented system development
Circular routing
Switch
Service user

15. Disturbances; such as static; in data transmissions that cause messages to be misinterpreted by the receiver
Modulation
Noise
Packet filtering
Finger

16. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication
Integrated test facilities (ITF)
Man-in-the-middle attack
Registration authority (RA)
Modem (modulator-demodulator)

17. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.
Distributed data processing network
Electronic funds transfer (EFT)
Intelligent terminal
Electronic vaulting

18. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec
Leased lines
Administrative controls
Combined Code on Corporate Governance
Sampling risk

19. The practice of eavesdropping on information being transmitted over telecommunications links
Latency
Wiretapping
Application
Client-server

20. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.
ISO17799
Hierarchical database
Client-server
Numeric check

21. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.
Point-of-presence (POP)
Transaction log
Security software
Internet banking

22. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context
Indexed sequential access method (ISAM)
Protocol stack
Static analysis
Materiality

23. A testing technique that is used to evaluate output from one application; while the information is sent as input to another application
Interface testing
Protection domain
Active recovery site (mirrored)
Password cracker

24. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig
Fiber optic cable
Real-time processing
Router
UDDI

25. Correctness checks built into data processing systems and applied to batches of input data; particularly in the data preparation stage. There are two main forms of batch controls: 1) sequence control; which involves numbering the records in a batch c
Bar case
Circuit-switched network
Batch control
SMTP (Simple Mail Transport Protocol)

26. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action
Passive response
Internet Engineering Task Force (IETF)
Extensible Markup Language (XML)
Format checking

27. A named collection of related records
File
ACK (acknowledgement)
Handprint scanner
Concurrent access

28. Checks that data are entered correctly
Audit
Integrated services digital network (ISDN)
Verification
Modulation

29. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain
Split data systems
Audit objective
Central processing unit (CPU)
Online data processing

30. The name given to a class of algorithms that repeatedly try all possible combinations until a solution is found
Piggy backing
Brute force
Business impact analysis (BIA)
Waterfall development

31. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.
Sniff
Recovery point objective (RPO)—
Data security
Electronic funds transfer (EFT)

32. Used to enable remote access to a server computer. Commands typed are run on the remote server.
Telnet
Compliance testing
Intelligent terminal
Numeric check

33. The transmission of job control language (JCL) and batches of transactions from a remote terminal location
Remote job entry (RJE)
Enterprise resource planning
Tape management system (TMS)
Decryption

34. Computer programs provided by a computer hardware manufacturer or software vendor and used in running the system. This technique can be used to examine processing activities; to test programs; system activities and operational procedures; to evaluate
browser
Utility software
Logs/Log file
Plaintext

35. An authentication protocol; often used by remote-access servers
Monetary unit sampling
Content filtering
Nonrepudiable trnasactions
TACACS+ (terminal access controller access control system plus)

36. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.
Limit check
Performance indicators
Posting
RADIUS (remote authentication dial-in user service)

37. (remote authentication dial-in user service)
Sampling risk
Waterfall development
Population
RADIUS

38. The area of the central processing unit that performs mathematical and analytical operations
Run instructions
Arithmetic-logic unit (ALU)
Node
Default deny policy

39. A journal entry entered at a computer terminal. Manual journal entries can include regular; statistical; inter-company and foreign currency entries
Rootkit
Manual journal entry
Man-in-the-middle attack
Availability

40. A pair of small; insulated wires that are twisted around each other to minimize interference from other wires in the cable. This is a low-capacity transmission medium.
Twisted pairs
Modem (modulator-demodulator)
Challenge/response token
Business impact analysis (BIA)

41. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities
Address space
Integrity
Computer-assisted audit technique (CAATs)
Due professional care

42. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure
Token ring topology
Control weakness
Tuple
Internet packet (IP) spoofing

43. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.
Hash total
Repudiation
Bandwidth
Communications controller

44. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr
Piggy backing
RS-232 interface
General computer controls
Database administrator (DBA)

45. The computer's primary working memory. Each byte of memory can be accessed randomly regardless of adjacent bytes.
Terminal
Nonrepudiable trnasactions
Random access memory (RAM)
Engagement letter

46. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems
Offsite storage
implementation life cycle review
Information engineering
Administrative controls

47. Analysis of the security state of a system or its compromise on the basis of information collected at intervals
Vulnerability analysis
Spool (simultaneous peripheral operations online)
COCO
Bridge

48. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks
Ethernet
Transaction
Performance testing
Decision support systems (DSS)

49. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs
Systems analysis
Requirements definition
Decentralization
Abend

50. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.
Diskless workstations
Limit check
Run instructions
Audit charter