Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Testing an application with large quantities of data to evaluate its performance during peak periods. It also is called volume testing.






2. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems






3. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.






4. A system that authentically distributes users' public keys using certificates






5. A top-down technique of designing programs and systems. It makes programs more readable; more reliable and more easily maintained.






6. A deficiency in the design or operation of a control procedure. Control weaknesses can potentially result in risks relevant to the area of activity not being reduced to an acceptable level (relevant risks are those that threaten achievement of the ob






7. Emergency processing agreements between two or more organizations with similar equipment or applications. Typically; participants promise to provide processing time to each other when an emergency arises.






8. A sampling technique that estimates the amount of overstatement in an account balance






9. An attack capturing sensitive pieces of information; such as passwords; passing through the network






10. This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer.






11. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy






12. Character-at-a-time transmission






13. The list of rules and/or guidance that is used to analyze event data






14. The act of giving the idea or impression of being or doing something






15. The process of transmitting messages in convenient pieces that can be reassembled at the destination






16. The area of the system that the intrusion detection system is meant to monitor and protect






17. The process of taking an unencrypted message (plaintext); applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)






18. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.






19. A system software tool that logs; monitors and directs computer tape usage






20. The act of connecting to the computer. It typically requires entry of a user ID and password into a computer terminal.






21. A file format in which the file is divided into multiple subfiles and a directory is established to locate each subfile






22. A document which defines the IS audit function's responsibility; authority and accountability






23. A layer within the International Organization for Standardization (ISO)/Open Systems Interconnection (OSI) model. It is used in information transfers between users through application programs and other devices. In this layer various protocols are ne






24. An evaluation of any part of a project to perform maintenance on an application system (e.g.; project management; test plans; user acceptance testing procedures)






25. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996






26. The property that data meet with a priority expectation of quality and that the data can be relied upon






27. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'






28. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)






29. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.






30. A type of LAN ring topology in which a frame containing a specific format; called the token; is passed from one station to the next around the ring. When a station receives the token; it is allowed to transmit. The station can send as many frames as






31. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.






32. An eight-bit code representing 256 characters; used in most large computer systems






33. Group of people responsible for a project; whose terms of reference may include the development; acquisition; implementation or maintenance of an application system. The team members may include line management; operational line staff; external contr






34. A language used to control run routines in connection with performing tasks on a computer






35. A protocol for packet-switching networks






36. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint






37. The potential loss to an area due to the occurrence of an adverse event






38. Is the risk to earnings or capital arising from movements in interest rates. From an economic perspective; a bank focuses on the sensitivity of the value of its assets; liabilities and revenues to changes in interest rates. Internet banking may attra






39. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.






40. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.






41. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw






42. Patterns indicating misuse of a system






43. Programs that provide assurance that the software being audited is the correct version of the software; by providing a meaningful listing of any discrepancies between the two versions of the program






44. Error control deviations (compliance testing) or misstatements (substantive testing)






45. A program that processes actions upon business data; such as data entry; update or query. It contrasts with systems program; such as an operating system or network control program; and with utility programs; such as copy or sort.






46. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






47. The area of the central processing unit that performs mathematical and analytical operations






48. An approach to system development where the basic unit of attention is an object; which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template ca






49. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of






50. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests