Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.






2. A series of tests designed to ensure that the modified program interacts correctly with other system components. These test procedures typically are performed by the system maintenance staff in their development library.






3. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.






4. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur






5. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d






6. An eight-digit/seven-bit code representing 128 characters; used in most small computers






7. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product






8. The process of electronically inputting source documents by taking an image of the document; thereby eliminating the need for key entry






9. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities






10. A device that connects two similar networks together






11. The level of trust with which a system object is imbued






12. Analysis of the security state of a system or its compromise on the basis of information collected at intervals






13. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t






14. A data recovery strategy that takes a set of physically disparate disks and synchronously mirrors them over high performance communication lines. Any write to a disk on one side will result in a write on the other. The local write will not return unt






15. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an






16. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of






17. A popular local area network operating system developed by the Novell Corp.






18. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint






19. The consolidation in 1998 of the ''Cadbury;'' ''Greenbury'' and ''Hampel'' Reports. Named after the Committee Chairs; these reports were sponsored by the UK Financial Reporting Council; the London Stock Exchange; the Confederation of British Industry






20. A biometric device that is used to authenticate a user through palm scans






21. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information






22. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.






23. A software engineering technique whereby an existing application system code can be redesigned and coded using computer-aided software engineering (CASE) technology






24. A resource whose loss will result in the loss of service or production






25. A fail-over process; which is basically a two-way idle standby: two servers are configured so that both can take over the other node's resource group. Both must have enough CPU power to run both applications with sufficient speed; or performance loss






26. The level to which transactions can be traced and audited through a system






27. A device that is used to authenticate a user; typically in addition to a username and password. It is usually a credit card-sized device that displays a pseudo random number that changes every few minutes.






28. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links






29. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions






30. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.






31. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences






32. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.






33. Correctness checks built into data processing systems and applied to batches of input data; particularly in the data preparation stage. There are two main forms of batch controls: 1) sequence control; which involves numbering the records in a batch c






34. An exception report is generated by a program that identifies transactions or data that appear to be incorrect. These items may be outside a predetermined range or may not conform to specified criteria.






35. A recovery solution provided by recovery and/or hardware vendors and includes a pre-established contract to deliver hardware resources within a specified number amount of hours after a disaster occurs. This solution usually provides organizations wit






36. A procedure designed to ensure that no fields are missing from a record






37. The rate of transmission for telecommunication data. It is expressed in bits per second (bps).






38. Identified by one central processor and databases that form a distributed processing configuration






39. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system






40. The amount of time allowed for the recovery of a business function or resource after a disaster occurs






41. Defined minimum performance measures at or above which the service delivered is considered acceptable






42. A process involving the extraction of components from existing systems and restructuring these components to develop new systems or to enhance the efficiency of existing systems. Existing software systems thus can be modernized to prolong their funct






43. A piece of information; in a digitized form; used by an encryption algorithm to convert the plaintext to the ciphertext






44. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission






45. Polymorphism refers to database structures that send the same command to different child objects that can produce different results depending on their family hierarchical tree structure.






46. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.






47. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.






48. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch






49. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.






50. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C