Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A device for sending and receiving computerized data over transmission lines






2. Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities.






3. The electronic transmission of transactions (information) between two organizations. EDI promotes a more efficient paperless environment. EDI transmissions can replace the use of standard documents; including invoices or purchase orders.






4. A level of comfort short of a guarantee but considered adequate given the costs of the control and the likely benefits achieved






5. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.






6. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su






7. An automated detail report of computer system activity






8. The ability of end users to design and implement their own information system utilizing computer software products






9. The boundary defining the scope of control authority for an entity. For example; if a system is within the control perimeter; the right and ability exists to control it in response to an attack.






10. Files created specifically to record various actions occurring on the system to be monitored; such as failed login attempts; full disk drives and e-mail delivery failures






11. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.






12. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.






13. A data recovery strategy that takes a set of physically disparate disks and synchronously mirrors them over high performance communication lines. Any write to a disk on one side will result in a write on the other. The local write will not return unt






14. A protocol used for transmitting data between two ends of a connection






15. Intentional violations of established management policy or regulatory requirements. Deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole; gross negligence or unintentional illegal acts.






16. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be






17. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data






18. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems






19. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.






20. The interface between the user and the system






21. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically






22. A technique used to recover the original plaintext from the ciphertext such that it is intelligible to the reader. The decryption is a reverse process of the encryption.






23. Programs that provide assurance that the software being audited is the correct version of the software; by providing a meaningful listing of any discrepancies between the two versions of the program






24. An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals






25. Identified by one central processor and databases that form a distributed processing configuration






26. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy






27. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.






28. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)






29. Detection on the basis of whether the system activity matches that defined as bad






30. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.






31. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;






32. Checks that data are entered correctly






33. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.






34. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed






35. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal






36. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide






37. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t






38. The risk of giving an incorrect audit opinion






39. System flowcharts are graphical representations of the sequence of operations in an information system or program. Information system flowcharts show how data from source documents flow through the computer to final distribution to users. Symbols use






40. A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify if they actually arrive at the destination; not if






41. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission






42. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.






43. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.






44. A file format in which records are organized and can be accessed; according to a preestablished key that is part of the record






45. An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)






46. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain






47. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code






48. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for






49. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed






50. A denial-of-service (DoS) assault from multiple sources; see DoS