SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements
Tcpdump
Memory dump
Asynchronous transmission
Application software tracing and mapping
2. The level of trust with which a system object is imbued
Confidentiality
Program flowcharts
Audit expert systems
Privilege
3. A standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system.
Control risk self-assessment
Continuous auditing approach
Base case
Promiscuous mode
4. Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However; the goal of component
Extensible Markup Language (XML)
Components (as in component-based development)
Central processing unit (CPU)
Simple Object Access Protocol (SOAP)
5. A set of protocols that allow systems to communicate information about the state of services on other systems. It is used; for example; in determining whether systems are up; maximum packet sizes on links; whether a destination host/network/port is a
Public key
ICMP (internet control message protocol)
Compensating control
Exception reports
6. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.
Logoff
Warm-site
Real-time analysis
Generalized audit software
7. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered
Security/transaction risk
Preventive controls
BSP (business service provider)
COSO
8. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.
File layout
Top-level management
Audit
Normalization
9. The information an auditor gathers in the course of performing an IS audit. Evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Asymmetric key (public key)
Evidence
Arithmetic-logic unit (ALU)
Rounding down
10. Group of people responsible for a project; whose terms of reference may include the development; acquisition; implementation or maintenance of an application system. The team members may include line management; operational line staff; external contr
Brute force
Content filtering
Source documents
Project team
11. Software used to create data to be used in the testing of computer programs
Test generators
Alpha
Accountability
Microwave transmission
12. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission
SYN (synchronize)
Untrustworthy host
Third-party review
FTP (file transfer protocol)
13. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development
DoS (denial-of-service) attack
business process integrity
Shell
BSP (business service provider)
14. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making
Database specifications
Management information system (MIS)
Teleprocessing
Compliance testing
15. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.
Netware
Unit testing
Baseband
Population
16. Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network; while denying access from the Internet directly to the private network.
DMZ (demilitarized zone)
Service bureau
Numeric check
HTTP (hyper text transfer protocol)
17. The boundary that defines the area of security concern and security policy coverage
Token
Web page
Security perimeter
Threat
18. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy
Virtual private network (VPN)
Database specifications
Control risk
False negative
19. An individual using a terminal; PC or an application can access a network to send an unstructured message to another individual or group of people.
Private key cryptosystems
Encryption
E-mail/interpersonal messaging
Analog
20. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product
Point-of-presence (POP)
Internal control
Hyperlink
Request for proposal (RFP)
21. Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the ca
Nonrepudiable trnasactions
Population
Anonymous File Transfer Protocol (FTP)
Dial-back
22. A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also; that permits multimedia (graphics) applications on the World Wide Web
Password cracker
Uploading
Irregularities
browser
23. The act of connecting to the computer. It typically requires entry of a user ID and password into a computer terminal.
Real-time analysis
Logon
Security administrator
COSO
24. A web-based version of the traditional phone book's yellow and white pages enabling businesses to be publicly listed in promoting greater e-commerce activities.
Universal Description; Discovery and Integration (UDDI)
Service bureau
File
Packet
25. The time it takes a system and network delay to respond. System latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.
Parallel testing
Adjusting period
Trap door
Latency
26. A program designed to detect computer viruses
Interest rate risk
Recovery testing
Circular routing
Vaccine
27. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.
Dumb terminal
Downloading
Consumer
Compiler
28. A device that is used to authenticate a user; typically in addition to a username and password. It is usually a credit card-sized device that displays a pseudo random number that changes every few minutes.
Partitioned file
Default deny policy
Password
Token
29. An attack using packets with the spoofed source Internet packet (IP) addresses. This technique exploits applications that use authentication based on IP addresses. This technique also may enable an unauthorized user to gain root access on the target
Table look-ups
Service level agreement (SLA)
Internet packet (IP) spoofing
Packet filtering
30. A document which defines the IS audit function's responsibility; authority and accountability
Data flow
Audit charter
Split DNS
Application
31. A testing technique that is used to evaluate output from one application; while the information is sent as input to another application
Data leakage
Interface testing
Test programs
Risk
32. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files
Checkpoint restart procedures
Generalized audit software
Logical access controls
legal risk
33. A system development methodology that is organised around ''objects'' rather than ''actions;' and 'data ' rather than 'logic.' Object-oriented analysis is an assessment of a physical system to determine which objects in the real world need to be repr
Object-oriented system development
Protocol converter
Third-party review
Data leakage
34. The person responsible for maintaining a LAN and assisting end users
Multiplexor
System narratives
Control Objectives for Enterprise Governance
Network administrator
35. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei
Voice mail
Fiber optic cable
Bus topology
legal risk
36. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.
Business risk
Hierarchical database
Offsite storage
Encryption
37. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
Computer server
Integrated test facilities (ITF)
Interest rate risk
Source code
38. A device that forwards packets between LAN devices or segments. LANs that use switches are called switched LANs.
Token ring topology
Security administrator
Switch
Access method
39. Auxiliary computer hardware equipment used for input; output and data storage. Examples include disk drives and printers.
Nonrepudiable trnasactions
implementation life cycle review
World Wide Web Consortium (W3C)
Peripherals
40. The boundary defining the scope of control authority for an entity. For example; if a system is within the control perimeter; the right and ability exists to control it in response to an attack.
Source documents
Control perimeter
RFC (request for comments)
Interest rate risk
41. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.
LDAP (Lightweight Directory Access Protocol)
Budget formula
Digital signature
Enterprise resource planning
42. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure
Tuple
Echo checks
Random access memory (RAM)
Local loop
43. A protocol for packet-switching networks
X.25
Internet banking
Open systems
Recovery point objective (RPO)—
44. A sampling technique that estimates the amount of overstatement in an account balance
Monetary unit sampling
Protocol
Application acquisition review
Artificial intelligence
45. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat
Control perimeter
Taps
Application acquisition review
Electronic cash
46. A file format in which the file is divided into multiple subfiles and a directory is established to locate each subfile
Partitioned file
virtual organizations
Completeness check
Batch processing
47. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.
Electronic data interchange (EDI)
Star topology
Operating system audit trails
Continuity
48. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)
DMZ (demilitarized zone)
Mapping
UNIX
Compiler
49. Patterns indicating misuse of a system
Gateway
Data diddling
Signatures
Job control language (JCL)
50. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users
Split DNS
Artificial intelligence
Protocol stack
Coaxial cable
