Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Organizations that have no official physical site presence and are made up of diverse geographically dispersed or mobile employees.






2. Diligence which a person would exercise under a given set of circumstances






3. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.






4. The flow of data from the input (in Internet banking; ordinarily user input at his/her desktop) to output (in Internet banking; ordinarily data in a bank's central database). Data flow includes travelling through the communication lines; routers; swi






5. An automated detail report of computer system activity






6. The technique used for selecting records in a file; one at a time; for processing; retrieval or storage. The access method is related to; but distinct from; the file organization that determines how the records are stored.






7. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.






8. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange






9. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions






10. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.






11. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all






12. An individual who attempts to gain unauthorized access to a computer system






13. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code






14. The process of converting an analog telecommunications signal into a digital computer signal






15. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file






16. Devices that perform the functions of both bridges and routers; are called brouters. Naturally; they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones; which






17. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements






18. The code used to designate the location of a specific piece of data within computer storage






19. Programs and supporting documentation that enable and facilitate use of the computer. Software controls the operation of the hardware.






20. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.






21. The password used to gain access when a system is first installed on a computer or network device. There is a large list published on the Internet and maintained at several locations. Failure to change these after the installation leaves the system v






22. A protocol used for transmitting data between two ends of a connection






23. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw






24. A destructive computer program that spreads from computer to computer using a range of methods; including infecting floppy disks and other programs. Viruses typically attach themselves to a program and modify it so that the virus code runs when the p






25. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei






26. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and






27. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.






28. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.






29. Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer.






30. Digital information; such as cleartext; that is intelligible to the reader






31. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.






32. Analysis that is performed in real time or in continuous form






33. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes






34. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.






35. A named collection of related records






36. The act or function of developing and maintaining applications programs in production






37. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe






38. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.






39. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data






40. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo






41. An engagement where management does not make a written assertion about the effectiveness of their control procedures; and the IS auditor provides an opinion about subject matter directly; such as the effectiveness of the control procedures






42. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.






43. A layer within the International Organization for Standardization (ISO)/Open Systems Interconnection (OSI) model. It is used in information transfers between users through application programs and other devices. In this layer various protocols are ne






44. Business events or information grouped together because they have a single or similar purpose. Typically; a transaction is applied to a calculation or event that then results in the updating of a holding or master file.






45. An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions






46. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of






47. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.






48. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research






49. A telecommunications traffic controlling methodology in which a complete message is sent to a concentration point and stored until the communications path is established






50. Defined minimum performance measures at or above which the service delivered is considered acceptable