Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Internet banking provides the opportunity for banks to expand their geographic range. Customers can r

2. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules

3. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.

4. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.

5. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer

6. A testing technique that is used to evaluate output from one application; while the information is sent as input to another application

7. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical

8. A technique used to recover the original plaintext from the ciphertext such that it is intelligible to the reader. The decryption is a reverse process of the encryption.

9. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.

10. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem

11. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.

12. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level

13. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data

14. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto

15. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions

16. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules

17. A networking device that can send (route) data packets from one local area network (LAN) or wide area network (WAN) to another; based on addressing at the network layer (Layer 3) in the OSI model. Networks connected by routers can use different or si

18. Disturbances; such as static; in data transmissions that cause messages to be misinterpreted by the receiver

19. The act of copying raw data from one place to another with little or no formatting for readability. Usually; dump refers to copying data from main memory to a display screen or a printer. Dumps are useful for diagnosing bugs. After a program fails; o

20. Range checks ensure that data fall within a predetermined range (also see limit checks).

21. An audit designed to determine the accuracy of financial records; as well as evaluate the internal controls of a function or department

22. A collection of computer programs used in the design; processing and control of all applications. The programs and processing routines that control the computer hardware; including the operating system and utility programs. Refers to the operating sy

23. Point at which terminals are given access to a network

24. Detects line errors by retransmitting data back to the sending device for comparison with the original transmission

25. ATM is a high-bandwidth low-delay switching and multiplexing technology. It is a data link layer protocol. This means that it is a protocol-independent transport mechanism. ATM allows integration of real-time voice and video as well as data. ATM allo

26. Programs that are tested and evaluated before approval into the production environment. Test programs; through a series of change control moves; migrate from the test environment to the production environment and become production programs.

27. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department

28. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.

29. A financial system that establishes the means for transferring money between suppliers and users of funds; ordinarily by exchanging debits or credits between banks or financial institutions.

30. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes

31. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu

32. An individual who attempts to gain unauthorized access to a computer system

33. Used in data encryption; it uses a secret key to encrypt the plaintext to the ciphertext. It also uses the same key to decrypt the ciphertext to the corresponding plaintext. In this case; the key is symmetric such that the encryption key is equivalen

34. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all

35. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw

36. A private key cryptosystem published by the National Bureau of Standards (NBS); the predecessor of the US National Institute of Standards and Technology (NIST). DES has been used commonly for data encryption in the forms of software and hardware impl

37. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.

38. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.

39. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm

40. An interface between data terminal equipment (DTE) and data circuit-terminating equipment (DCE) for terminals operating in the packet mode on some public data networks

41. A data communication network that adds processing services such as error correction; data translation and/or storage to the basic function of transporting data

42. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack

43. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo

44. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.

45. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems

46. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.

47. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal

48. The area of the central processing unit that performs mathematical and analytical operations

49. Diligence which a person would exercise under a given set of circumstances

50. A method of user authentication. Challenge response authentication is carried out through use of the Challenge Handshake Authentication Protocol (CHAP). When a user tries to log into the server; the server sends the user a ''challenge;'' which is a r