Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the






2. An international standard that defines information confidentiality; integrity and availability controls






3. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making






4. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service






5. An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)






6. Correctness checks built into data processing systems and applied to batches of input data; particularly in the data preparation stage. There are two main forms of batch controls: 1) sequence control; which involves numbering the records in a batch c






7. A system that authentically distributes users' public keys using certificates






8. The ability to exercise judgement; express opinions and present recommendations with impartiality






9. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.






10. A software engineering technique whereby an existing application system code can be redesigned and coded using computer-aided software engineering (CASE) technology






11. An audit designed to determine the accuracy of financial records and information






12. A computer facility that provides data processing services to clients on a continual basis






13. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity






14. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an






15. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase






16. This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer.






17. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.






18. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.






19. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes






20. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw






21. A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source






22. A system of storing messages in a private recording medium where the called party can later retrieve the messages






23. A piece of information; in a digitized form; used by an encryption algorithm to convert the plaintext to the ciphertext






24. A manual or automated log of all updates to data files and databases






25. A utility program that combines several separately compiled modules into one; resolving internal references between them






26. The main memory of the computer's central processing unit






27. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.






28. Behavior adequate to meet the situations occurring during audit work (interviews; meetings; reporting; etc.). The IS auditor should be aware that appearance of independence depends upon the perceptions of others and can be influenced by improper acti






29. A method of user authentication. Challenge response authentication is carried out through use of the Challenge Handshake Authentication Protocol (CHAP). When a user tries to log into the server; the server sends the user a ''challenge;'' which is a r






30. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.






31. The forms used to record data that have been captured. A source document may be a piece of paper; a turnaround document or an image displayed for online data input.






32. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).






33. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements






34. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs






35. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange






36. Business events or information grouped together because they have a single or similar purpose. Typically; a transaction is applied to a calculation or event that then results in the updating of a holding or master file.






37. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of






38. The process of creating and managing duplicate versions of a database. Replication not only copies a database but also synchronizes a set of replicas so that changes made to one replica are reflected in all the others. The beauty of replication is th






39. The computer room and support areas






40. Used to enable remote access to a server computer. Commands typed are run on the remote server.






41. The elimination of redundant data






42. Impartial point of view which allows the IS auditor to act objectively and with fairness






43. A fail-over process; which is basically a two-way idle standby: two servers are configured so that both can take over the other node's resource group. Both must have enough CPU power to run both applications with sufficient speed; or performance loss






44. The act of transferring computerized information from one computer to another computer






45. An authentication protocol; often used by remote-access servers






46. A collection of computer programs used in the design; processing and control of all applications. The programs and processing routines that control the computer hardware; including the operating system and utility programs. Refers to the operating sy






47. The process of determining what types of activities are permitted. Ordinarily; authorisation is in the context of authentication: once you have authenticated a user; he/she may be authorised to perform different types of access or activity






48. Controls that prevent unauthorized access from remote users that attempt to access a secured environment. These controls range from dial-back controls to remote user authentication.






49. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example






50. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi