Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv






2. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results






3. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.






4. Programs that are used to process live or actual data that were received as input into the production environment.






5. A project management technique used in the planning and control of system projects






6. Files maintained by a system; primarily a database management system; for the purposed of reapplying changes following an error or outage recovery






7. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy






8. A system of storing messages in a private recording medium where the called party can later retrieve the messages






9. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered






10. Way of thinking; behaving; feeling; etc.






11. System narratives provide an overview explanation of system flowcharts; with explanation of key control points and system interfaces.






12. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.






13. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator






14. The structure through which the objectives of an organization are set; and the means of attaining those objectives; and determines monitoring performance guidelines. Good corporate governance should provide proper incentives for board and management






15. A top-down technique of designing programs and systems. It makes programs more readable; more reliable and more easily maintained.






16. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries






17. The outward impression of being self-governing and free from conflict of interest and undue influence






18. The risk that an error which could occur in an audit area; and which could be material; individually or in combination with other errors; will not be prevented or detected and corrected on a timely basis by the internal control system






19. A language; which enables electronic documents that present information that can be connected together by links instead of being presented sequentially; as is the case with normal text.






20. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint






21. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed






22. An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals






23. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))






24. The ability of end users to design and implement their own information system utilizing computer software products






25. An abnormal end to a computer job; termination of a task prior to its completion because of an error condition that cannot be resolved by recovery facilities while the task is executing






26. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.






27. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period






28. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems






29. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level






30. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an






31. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.






32. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis






33. Proven level of ability; often linked to qualifications issued by relevant professional bodies and compliance with their codes of practice and standards






34. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange






35. Point at which terminals are given access to a network






36. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The






37. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)






38. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.






39. A device for sending and receiving computerized data over transmission lines






40. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame






41. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department






42. Controls over the business processes that are supported by the ERP






43. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.






44. The act of transferring computerized information from one computer to another computer






45. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)






46. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently






47. A set of communications protocols that encompasses media access; packet transport; session communications; file transfer; electronic mail; terminal emulation; remote file access and network management. TCP/IP provides the basis for the Internet.






48. A piece of information; in a digitized form; used by an encryption algorithm to convert the plaintext to the ciphertext






49. A protocol for accessing a secure web server; whereby all data transferred is encrypted






50. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.