Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.
Detective controls
Independence
Threat
Router

2. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software
Simple Object Access Protocol (SOAP)
End-user computing
Sniff
Hacker

3. A device for sending and receiving computerized data over transmission lines
Plaintext
Terminal
Bus topology
Bar code

4. The logical language a computer understands
Machine language
Verification
FIN (final)
ICMP (internet control message protocol)

5. Transactions that cannot be denied after the fact
Brute force
DNS (domain name system)
Application programming
Nonrepudiable trnasactions

6. The quality or state of not being named or identified
Protocol
Database replication
Anonymity
Peripherals

7. A special terminal used by computer operations personnel to control computer and systems operations functions. These terminals typically provide a high level of computer access and should be properly secured.
Object Management Group (OMG)
Simple Object Access Protocol (SOAP)
Operator console
Input controls

8. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature
Packet
Useful audit evidence
Biometric locks
Anonymity

9. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
Port
Third-party review
Non-intrusive monitoring
Risk

10. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.
Data custodian
Hot site
Internet banking
Trusted processes

11. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
Computer server
Decentralization
Piggy backing
Decryption

12. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy
Sufficient audit evidence
Internal control structure
Performance testing
Bulk data transfer

13. A protocol used to transmit data securely between two end points to create a VPN
Geographic disk mirroring
Transaction
PPTP (point-to-point tunneling protocol)
Router

14. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'
Attitude
Registration authority (RA)
Program flowcharts
COSO

15. A cipher technique whereby different cryptographic keys are used to encrypt and decrypt a message (see public key cryptosystems)
Budget hierarchy
Default deny policy
Enterprise resource planning
Asymmetric key (public key)

16. Detection on the basis of whether the system activity matches that defined as bad
Data structure
Logical access controls
Audit authority
Misuse detection

17. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for
Completeness check
Authentication
Baseband
Cluster controller

18. A protocol used for transmitting data between two ends of a connection
PPP (point-to-point protocol)
Recovery testing
Hardware
Editing

19. A method of computer fraud involving a computer code that instructs the computer to slice off small amounts of money from an authorized computer transaction and reroute this amount to the perpetrator's account
Reasonable assurance
PPTP (point-to-point tunneling protocol)
Salami technique
Independent appearance

20. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco
Rapid application development
Vulnerability analysis
Modem (modulator-demodulator)
Data structure

21. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.
Data owner
Half duplex
Spool (simultaneous peripheral operations online)
Application development review

22. Detects transmission errors by appending calculated bits onto the end of each segment of data
Security software
Multiplexor
Simple fail-over
Redundancy check

23. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.
Executable code
Sufficient audit evidence
Batch processing
Digital certification

24. Processes certified as supporting a security goal
Trusted processes
Optical scanner
Filtering router
Inheritance (objects)

25. Weaknesses in systems that can be exploited in ways that violate security policy
Vulnerabilities
Point-of-sale systems (POS)
Object orientation
Auditability

26. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances
Internal storage
Due professional care
Risk
Anomaly

27. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).
Availability
Addressing
Star topology
Inheritance (objects)

28. The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction
Numeric check
Challenge/response token
Console log
Initial program load (IPL)

29. Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network; while denying access from the Internet directly to the private network.
DMZ (demilitarized zone)
Discovery sampling
Audit trail
Trust

30. The process of taking an unencrypted message (plaintext); applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)
IPSec (Internet protocol security)
Address
Encryption
Object code

31. A report that identifies the elapsed time when a computer is not operating correctly because of machine failure
Incremental testing
Downtime report
Decision support systems (DSS)
Integrated test facilities (ITF)

32. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels
Multiplexing
Audit accountability
HTTPS (hyper text transfer protocol secure)
Systems analysis

33. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od
Asymmetric key (public key)
Indexed sequential access method (ISAM)
Parity check
PPP (point-to-point protocol)

34. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.
Test programs
Error
Hyperlink
Assembler

35. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.
Database management system (DBMS)
Password
Authorization
e-commerce

36. The standard e-mail protocol on the Internet
HTTPS (hyper text transfer protocol secure)
SMTP (Simple Mail Transport Protocol)
Registration authority (RA)
UDDI

37. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.
Online data processing
Screening routers
Source lines of code (SLOC)
Assembly language

38. A broad and wide-ranging concept of corporate governance; covering associated organizations such as global strategic alliance partners. (Source: Control Objectives for Enterprise Governance Discussion Document; published by the Information Systems Au
Enterprise governance
Function point analysis
Source documents
DoS (denial-of-service) attack

39. Controls that prevent unauthorized access from remote users that attempt to access a secured environment. These controls range from dial-back controls to remote user authentication.
Switch
Dial-in access controls
Bus
Application implementation review

40. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission
Mutual takeover
Local area network (LAN)
ACK (acknowledgement)
UDDI

41. A set of protocols that allow systems to communicate information about the state of services on other systems. It is used; for example; in determining whether systems are up; maximum packet sizes on links; whether a destination host/network/port is a
ICMP (internet control message protocol)
Data flow
Bar case
Check digit

42. An entity that may be given responsibility for performing some of the administrative tasks necessary in the registration of subjects; such as confirming the subject's identity; validating that the subject is entitled to have the attributes requested
Range check
Materiality
Registration authority (RA)
legal risk

43. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period
Operator console
Application software tracing and mapping
Substantive testing
Application layer

44. The process of transmitting messages in convenient pieces that can be reassembled at the destination
Packet switching
Abend
Production programs
Password cracker

45. The art of designing; analyzing and attacking cryptographic schemes
Outsourcing
Partitioned file
Budget
Cryptography

46. 1) Two or more networks connected by a router 2) The world's largest network using TCP/IP protocols to link government; university and commercial institutions
Internet
Cathode ray tube (CRT)
Local loop
IPSec (Internet protocol security)

47. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development
BSP (business service provider)
Biometrics
IT governance
FTP (file transfer protocol)

48. A standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system.
Business-to-consumer e-commerce (B2C)
Business impact analysis (BIA)
Link editor (linkage editor)
Base case

49. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C
Asynchronous transmission
Object Management Group (OMG)
File server
Ring topology

50. A 24-hour; stand-alone mini-bank; located outside branch bank offices or in public places like shopping malls. Through ATMs; clients can make deposits; withdrawals; account inquiries and transfers. Typically; the ATM network is comprised of two spher
Address
Automated teller machine (ATM)
Internal penetrators
Sniffing