SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In open systems architecture; circular routing is the logical path of a message in a communications network based on a series of gates at the physical network layer in the open systems interconnection (OSI) model.
Split DNS
Circular routing
browser
Downtime report
2. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C
Log
System flowcharts
Audit plan
Object Management Group (OMG)
3. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.
Sufficient audit evidence
Data analysis
Privilege
Professional competence
4. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi
Access control
Data Encryption Standard (DES)
Cold site
Internet
5. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.
Frame relay
Nonrepudiation
Range check
Continuous auditing approach
6. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.
Top-level management
File layout
Foreign exchange risk
Circular routing
7. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service
Smart card
Application proxy
Central office (CO)
Access path
8. A device that is used to authenticate a user; typically in addition to a username and password. It is usually a credit card-sized device that displays a pseudo random number that changes every few minutes.
Editing
Broadband
Token
Run instructions
9. The risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Internet banking provides the opportunity for banks to expand their geographic range. Customers can r
Credit risk
Hash total
Record
Encapsulation (objects)
10. A workstation or PC on a network that does not have its own disk. Instead; it stores files on a network file server.
Console log
Diskless workstations
Population
Brute force
11. A method used in the information processing facility (IPF) to determine and establish the sequence of computer job processing
Scheduling
Audit risk
Wiretapping
Middleware
12. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature
Protection domain
Reasonableness check
Database
Biometric locks
13. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
Performance testing
Dial-in access controls
Computer server
Addressing
14. The ability to map a given activity or event back to the responsible party
Web page
Data flow
Components (as in component-based development)
Accountability
15. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to
Rounding down
Degauss
Intranet
Application layer
16. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.
Encryption
Image processing
Offsite storage
Digital certification
17. A utility program that combines several separately compiled modules into one; resolving internal references between them
Regression testing
Hacker
Link editor (linkage editor)
Access method
18. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.
Audit charter
Coverage
Field
Recovery testing
19. A destructive computer program that spreads from computer to computer using a range of methods; including infecting floppy disks and other programs. Viruses typically attach themselves to a program and modify it so that the virus code runs when the p
X.25 interface
Service user
Virus
Materiality
20. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;
Independence
IDS (intrusion detection system)
Application software tracing and mapping
Card swipes
21. Software packages that sequentially dial telephone numbers; recording any numbers that answer
War dialler
Packet switching
Certificate authority (CA)
Magnetic card reader
22. A cipher technique whereby different cryptographic keys are used to encrypt and decrypt a message (see public key cryptosystems)
Brute force
Asymmetric key (public key)
Recovery point objective (RPO)—
Intelligent terminal
23. Error control deviations (compliance testing) or misstatements (substantive testing)
Error
Control risk
Encapsulation (objects)
Logoff
24. The logical language a computer understands
Machine language
System testing
Prototyping
SYN (synchronize)
25. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.
Analog
Cathode ray tube (CRT)
Control perimeter
Ciphertext
26. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.
Substantive testing
Program flowcharts
Unit testing
Corporate governance
27. Impartial point of view which allows the IS auditor to act objectively and with fairness
Client-server
Inheritance (objects)
Service bureau
Independent attitude
28. Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the ca
Dial-back
Regression testing
Application system
Service bureau
29. A formal agreement with a third party to perform an IS function for an organization
Bridge
Downloading
Smart card
Outsourcing
30. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes
Sufficient audit evidence
IT governance
Router
Computer server
31. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries
Internal control structure
Control weakness
Wide area network (WAN)
Database management system (DBMS)
32. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur
Benchmark
Wiretapping
Fault tolerance
Criteria
33. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.
Cryptography
Encapsulation (objects)
Credentialed analysis
Microwave transmission
34. Analysis that is performed on a continuous basis; with results gained in time to alter the run-time system
Masqueraders
Real-time analysis
Sampling risk
Operating system
35. The risk associated with an event when the control is in place to reduce the effect or likelihood of that event being taken into account
Residual risk
Data security
Parity check
HTTPS (hyper text transfer protocol secure)
36. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim
Personal identification number (PIN)
Risk
e-commerce
E-mail/interpersonal messaging
37. The time it takes a system and network delay to respond. System latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.
Residual risk
X.25
Latency
Fault tolerance
38. A fail-over process in which there are two nodes (as in idle standby but without priority). The node that enters the cluster first owns the resource group; and the second will join as a standby node.
IP (Internet protocol)
Hot site
Challenge/response token
Rotating standby
39. A collection of computer programs used in the design; processing and control of all applications. The programs and processing routines that control the computer hardware; including the operating system and utility programs. Refers to the operating sy
Trusted systems
FTP (file transfer protocol)
System software
Client-server
40. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw
Firewall
Feasibility study
Editing
Logoff
41. Range checks ensure that data fall within a predetermined range (also see limit checks).
Non-intrusive monitoring
Range check
Internet Inter-ORB Protocol (IIOP)
Budget
42. The application of an edit; using a predefined field definition to a submitted information stream; a test to ensure that data conform to a predefined format
ACK (acknowledgement)
Twisted pairs
Compiler
Format checking
43. Programs that are tested and evaluated before approval into the production environment. Test programs; through a series of change control moves; migrate from the test environment to the production environment and become production programs.
Application security
Standing data
Test programs
Application software tracing and mapping
44. Changing data with malicious intent before or during input into the system
Engagement letter
Simple fail-over
Bridge
Data diddling
45. An exception report is generated by a program that identifies transactions or data that appear to be incorrect. These items may be outside a predetermined range or may not conform to specified criteria.
Sniff
Rotating standby
Exception reports
Data communications
46. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links
Shell
Data communications
Static analysis
Program flowcharts
47. Faking the sending address of a transmission in order to gain illegal entry into a secure system
Decryption
Spoofing
PPP (point-to-point protocol)
COBIT
48. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities
Computer-assisted audit technique (CAATs)
browser
Extensible Markup Language (XML)
Database replication
49. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission
Tape management system (TMS)
Piggy backing
SYN (synchronize)
Online data processing
50. The process of converting a digital computer signal into an analog telecommunications signal
Modulation
Security/transaction risk
Benchmark
Operating system