SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Software packages that sequentially dial telephone numbers; recording any numbers that answer
Bridge
Finger
Fail-safe
War dialler
2. Confidentiality concerns the protection of sensitive information from unauthorized disclosure
Confidentiality
Residual risk
Error risk
Twisted pairs
3. A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Analog signals are used in telecommunications.
Batch control
Analog
Service bureau
Business-to-consumer e-commerce (B2C)
4. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems
Application implementation review
Port
Information engineering
Object code
5. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action
Internet Inter-ORB Protocol (IIOP)
Embedded audit module
Passive response
Frame relay
6. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be
Financial audit
Hash function
Hot site
Geographic disk mirroring
7. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.
Token
Gateway
Decryption
Hexadecimal
8. A broad and wide-ranging concept of corporate governance; covering associated organizations such as global strategic alliance partners. (Source: Control Objectives for Enterprise Governance Discussion Document; published by the Information Systems Au
Privilege
Split data systems
Multiplexing
Enterprise governance
9. An attack using packets with the spoofed source Internet packet (IP) addresses. This technique exploits applications that use authentication based on IP addresses. This technique also may enable an unauthorized user to gain root access on the target
Internet packet (IP) spoofing
Random access memory (RAM)
Security software
vulnerability
10. A computer program or set of programs that perform the processing of records for a specific function
Combined Code on Corporate Governance
Terminal
Application
Manual journal entry
11. These are the requirements for establishing a database application. They include field definitions; field requirements and reporting requirements for the individual information in the database.
System software
Source code
Polymorphism (objects)
Database specifications
12. The transmission of job control language (JCL) and batches of transactions from a remote terminal location
X.25 interface
Project team
Online data processing
Remote job entry (RJE)
13. A response; in which the system (automatically or in concert with the user) blocks or otherwise affects the progress of a detected attack. The response takes one of three forms--amending the environment; collecting more information or striking back a
Outsourcing
Active response
Web Services Description Language (WSDL)
Incremental testing
14. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul
Computer-assisted audit technique (CAATs)
Parallel simulation
Centralized data processing
Wiretapping
15. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne
Proxy server
Decryption key
Computer server
Data owner
16. A system software tool that logs; monitors and directs computer tape usage
Tape management system (TMS)
Information engineering
Data-oriented systems development
Redundancy check
17. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements
Controls (Control procedures)
Application software tracing and mapping
Cryptography
Transaction protection
18. A third party that provides organizations with a variety of Internet; and Internet-related services
Whitebox testing
ISP (Internet service provider)
Electronic funds transfer (EFT)
Audit authority
19. A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.
Hexadecimal
Service bureau
Business impact analysis (BIA)
Black box testing
20. A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements
Criteria
Database
Variable sampling
Intrusion detection
21. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.
Cleartext
Star topology
Packet
Access path
22. The act of transferring computerized information from one computer to another computer
Single point of failure
Downloading
ASP/MSP (application or managed service provider)
Monitoring policy
23. A financial system that establishes the means for transferring money between suppliers and users of funds; ordinarily by exchanging debits or credits between banks or financial institutions.
Payment system
Integrity
Application program
System testing
24. A level of comfort short of a guarantee but considered adequate given the costs of the control and the likely benefits achieved
Firewall
Brute force
False positive
Reasonable assurance
25. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.
Budget hierarchy
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
End-user computing
Auditability
26. An evaluation of any part of a project to perform maintenance on an application system (e.g.; project management; test plans; user acceptance testing procedures)
End-user computing
Application maintenance review
Control section
Assembly language
27. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.
Data analysis
RFC (request for comments)
Third-party review
Application programming interface (API)
28. Proven level of ability; often linked to qualifications issued by relevant professional bodies and compliance with their codes of practice and standards
Professional competence
Applet
Cryptography
Hot site
29. Files; equipment; data and procedures available for use in the event of a failure or loss; if the originals are destroyed or out of service
Protocol converter
Backup
virtual organizations
Queue
30. The act or function of developing and maintaining applications programs in production
Salami technique
Handprint scanner
Smart card
Application programming
31. A deficiency in the design or operation of a control procedure. Control weaknesses can potentially result in risks relevant to the area of activity not being reduced to an acceptable level (relevant risks are those that threaten achievement of the ob
Internet Inter-ORB Protocol (IIOP)
Protection domain
Control weakness
Redundancy check
32. Identified by one central processor and databases that form a distributed processing configuration
Application programming
Centralized data processing
Circuit-switched network
Registration authority (RA)
33. The physical layout of how computers are linked together. Examples include ring; star and bus.
DMZ (demilitarized zone)
Topology
Variable sampling
Hot site
34. An Internet standard that allows a network to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. The server; providing the NAT service; changes the source address of outgoing packets from the internal
NAT (Network Address Translation)
Sniff
Trust
Hyperlink
35. Using telecommunications facilities for handling and processing of computerized information
Teleprocessing
IP (Internet protocol)
War dialler
Client-server
36. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba
Standing data
PPTP (point-to-point tunneling protocol)
Operational risk
Audit responsibility
37. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996
Quick ship
COBIT
Executable code
Access method
38. The quality or state of not being named or identified
Web site
Anonymity
Database
Service bureau
39. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.
Statistical sampling
Technical infrastructure security
Polymorphism (objects)
UDDI
40. A protocol used to transfer files over a TCP/IP network (Internet; UNIX; etc.)
Card swipes
Production software
FTP (file transfer protocol)
Rulebase
41. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files
Diskless workstations
Logical access controls
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
World Wide Web Consortium (W3C)
42. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to
Rounding down
Waterfall development
Accountability
Application programming interface (API)
43. A set of protocols that allow systems to communicate information about the state of services on other systems. It is used; for example; in determining whether systems are up; maximum packet sizes on links; whether a destination host/network/port is a
Decryption
Web Services Description Language (WSDL)
ICMP (internet control message protocol)
Protection domain
44. A recovery solution provided by recovery and/or hardware vendors and includes a pre-established contract to deliver hardware resources within a specified number amount of hours after a disaster occurs. This solution usually provides organizations wit
UDDI
Quick ship
Authentication
False positive
45. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec
Wiretapping
Sampling risk
Compensating control
Echo checks
46. The rate of transmission for telecommunication data. It is expressed in bits per second (bps).
Auditability
Baud rate
Downloading
Computer-assisted audit technique (CAATs)
47. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.
Hash total
ISO17799
DNS (domain name system)
Auditability
48. The technique used for selecting records in a file; one at a time; for processing; retrieval or storage. The access method is related to; but distinct from; the file organization that determines how the records are stored.
Access method
Hacker
Feasibility study
Appearance of independence
49. To configure a computer or other network device to resist attacks
Harden
business process integrity
Ciphertext
Spoofing
50. These controls are designed to correct errors; omissions and unauthorized uses and intrusions; once they are detected.
Parallel simulation
Binary code
Active response
Corrective controls