Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat






2. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems






3. The information an auditor gathers in the course of performing an IS audit. Evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






4. An individual or department responsible for the security and information classification of the shared data stored on a database system. This responsibility includes the design; definition and maintenance of the database.






5. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications






6. A document which defines the IS audit function's responsibility; authority and accountability






7. A methodology that enables organisations to develop strategically important systems faster; while reducing development costs and maintaining quality by using a series of proven application development techniques; within a well-defined methodology.






8. Applications that detect; prevent and possibly remove all known viruses from files located in a microcomputer hard drive






9. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.






10. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.






11. An eight-bit code representing 256 characters; used in most large computer systems






12. A manual or automated log of all updates to data files and databases






13. A computer facility that provides data processing services to clients on a continual basis






14. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service






15. A system software tool that logs; monitors and directs computer tape usage






16. The Internet standards setting organization with affiliates internationally from network industry representatives. This includes all network industry developers and researchers concerned with evolution and planned growth of the Internet.






17. General controls which are designed to manage and monitor the IS environment and which; therefore; affect all IS-related activities






18. A protocol for packet-switching networks






19. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.






20. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.






21. Special system software features and utilities that allow the user to perform complex system maintenance. Use of these exits often permits the user to operate outside of the security access control system.






22. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv






23. A destructive computer program that spreads from computer to computer using a range of methods; including infecting floppy disks and other programs. Viruses typically attach themselves to a program and modify it so that the virus code runs when the p






24. Analysis that is performed in real time or in continuous form






25. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.






26. A data recovery strategy that includes a recovery from complete backups that are physically shipped off site once a week. Specifically; logs are batched electronically several times daily; and then loaded into a tape library located at the same facil






27. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.






28. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.






29. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;






30. With respect to security; a special type of virus that does not attach itself to programs; but rather spreads via other methods such as e-mail (also see virus)






31. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.






32. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context






33. A top-down technique of designing programs and systems. It makes programs more readable; more reliable and more easily maintained.






34. Patterns indicating misuse of a system






35. A data communication network that adds processing services such as error correction; data translation and/or storage to the basic function of transporting data






36. The specific information subject to the IS auditor's report and related procedures which can include things such as the design or operation of internal controls and compliance with privacy practices or standards or specified laws and regulations.






37. A recovery solution provided by recovery and/or hardware vendors and includes a pre-established contract to deliver hardware resources within a specified number amount of hours after a disaster occurs. This solution usually provides organizations wit






38. Processes certified as supporting a security goal






39. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates






40. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences






41. The name given to a class of algorithms that repeatedly try all possible combinations until a solution is found






42. Unusual or statistically rare






43. In a passive assault; intruders attempt to learn some characteristic of the data being transmitted. They may be able to read the contents of the data so the privacy of the data is violated. Alternatively; although the content of the data itself may r






44. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is






45. A report that identifies the elapsed time when a computer is not operating correctly because of machine failure






46. A data transmission service requiring the establishment of a circuit-switched connection before data can be transferred from source data terminal equipment (DTE) to a sink DTE. A circuit-switched data transmission service uses a connection network.






47. An international consortium founded in 1994 of affiliates from public and private organizations involved with the Internet and the web. The W3C's primary mission is to promulgate open standards to further enhance the economic growth of Internet web s






48. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication






49. Any intentional violation of the security policy of a system






50. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec