Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the






2. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.






3. A popular local area network operating system developed by the Novell Corp.






4. Detects line errors by retransmitting data back to the sending device for comparison with the original transmission






5. A programmed edit or routine that detects transposition and transcription errors by calculating and checking the check digit






6. A collection of computer programs used in the design; processing and control of all applications. The programs and processing routines that control the computer hardware; including the operating system and utility programs. Refers to the operating sy






7. Any information collection mechanism utilized by an intrusion detection system






8. Detection on the basis of whether the system activity matched that defined as abnormal






9. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.






10. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules






11. Analysis of the security state of a system or its compromise on the basis of information collected at intervals






12. A system development methodology that is organised around ''objects'' rather than ''actions;' and 'data ' rather than 'logic.' Object-oriented analysis is an assessment of a physical system to determine which objects in the real world need to be repr






13. Auxiliary computer hardware equipment used for input; output and data storage. Examples include disk drives and printers.






14. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no






15. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs






16. Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network; while denying access from the Internet directly to the private network.






17. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management






18. Impartial point of view which allows the IS auditor to act objectively and with fairness






19. 1) The set of management statements that documents an organization's philosophy of protecting its computing and information assets 2) The set of security rules enforced by the system's security features






20. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links






21. The susceptibility of an audit area to error which could be material; individually or in combination with other errors; assuming that there are no related internal controls






22. The art of designing; analyzing and attacking cryptographic schemes






23. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population






24. A file of semipermanent information that is used frequently for processing data or for more than one purpose






25. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus






26. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






27. Programs that are tested and evaluated before approval into the production environment. Test programs; through a series of change control moves; migrate from the test environment to the production environment and become production programs.






28. Polymorphism refers to database structures that send the same command to different child objects that can produce different results depending on their family hierarchical tree structure.






29. A financial system that establishes the means for transferring money between suppliers and users of funds; ordinarily by exchanging debits or credits between banks or financial institutions.






30. An international consortium founded in 1994 of affiliates from public and private organizations involved with the Internet and the web. The W3C's primary mission is to promulgate open standards to further enhance the economic growth of Internet web s






31. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;






32. The amount of time allowed for the recovery of a business function or resource after a disaster occurs






33. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information






34. The roles; scope and objectives documented in the service level agreement between management and audit






35. Any intentional violation of the security policy of a system






36. The process of actually entering transactions into computerized or manual files. Such transactions might immediately update the master files or may result in memo posting; in which the transactions are accumulated over a period of time; then applied






37. Compares data to predefined reasonability limits or occurrence rates established for the data.






38. Requiring a great deal of computing power; processor intensive






39. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.






40. English-like; user friendly; nonprocedural computer languages used to program and/or read and process computer files






41. The transmission of more than one signal across a physical channel






42. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of






43. The organization providing the outsourced service






44. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator






45. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.






46. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems






47. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.






48. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate






49. The objectives of management that are used as the framework for developing and implementing controls (control procedures).






50. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests