Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Data that is not encrypted. Also known as plaintext.






2. An automated detail report of computer system activity






3. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba






4. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.






5. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.






6. The ability to exercise judgement; express opinions and present recommendations with impartiality






7. Filters out electrical surges and spikes






8. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.






9. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus






10. A financial system that establishes the means for transferring money between suppliers and users of funds; ordinarily by exchanging debits or credits between banks or financial institutions.






11. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements






12. Records of system events generated by a specialized operating system mechanism






13. A computer program or set of programs that perform the processing of records for a specific function






14. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com






15. The property that data meet with a priority expectation of quality and that the data can be relied upon






16. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population






17. A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster






18. A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Analog signals are used in telecommunications.






19. ATM is a high-bandwidth low-delay switching and multiplexing technology. It is a data link layer protocol. This means that it is a protocol-independent transport mechanism. ATM allows integration of real-time voice and video as well as data. ATM allo






20. The machine language code that is generally referred to as the object or load module






21. The susceptibility of an audit area to error which could be material; individually or in combination with other errors; assuming that there are no related internal controls






22. Standard that defines how global directories should be structured. X.500 directories are hierarchical with different levels for each category of information; such as country; state and city.






23. Refers to a sprinkler system that does not have water in the pipes during idle usage; unlike a fully charged fire extinguisher system that has water in the pipes at all times. The dry-pipe system is activated at the time of the fire alarm; and water






24. The person responsible for maintaining a LAN and assisting end users






25. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase






26. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.






27. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in






28. The highest level of management in the organization; responsible for direction and control of the organization as a whole (such as director; general manager; partner; chief officer and executive manager).






29. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.






30. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy






31. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed






32. The individual responsible for the safeguard and maintenance of all program and data files






33. The process of transmitting messages in convenient pieces that can be reassembled at the destination






34. A statement of the position within the organization; including lines of reporting and the rights of access






35. The computer room and support areas






36. English-like; user friendly; nonprocedural computer languages used to program and/or read and process computer files






37. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the






38. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.






39. Defined minimum performance measures at or above which the service delivered is considered acceptable






40. A printed machine-readable code that consists of parallel bars of varied width and spacing






41. Identified by one central processor and databases that form a distributed processing configuration






42. The name given to a class of algorithms that repeatedly try all possible combinations until a solution is found






43. Freedom from unauthorized intrusion






44. A permanent connection between hosts in a packet switched network






45. A code whose representation is limited to 0 and 1






46. Program flowcharts show the sequence of instructions in a single program or subroutine. The symbols used should be the internationally accepted standard. Program flowcharts should be updated when necessary.






47. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product






48. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical






49. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system






50. Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period