SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A method of user authentication. Challenge response authentication is carried out through use of the Challenge Handshake Authentication Protocol (CHAP). When a user tries to log into the server; the server sends the user a ''challenge;'' which is a r
Audit sampling
Budget hierarchy
Access control table
Challenge/response token
2. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).
Record; screen and report layouts
Independent attitude
Compiler
Bandwidth
3. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint
legal risk
Biometrics
Payment system
Master file
4. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function
Console log
Trap door
Cohesion
Communications controller
5. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim
Database management system (DBMS)
Personal identification number (PIN)
Biometric locks
Datagram
6. A deficiency in the design or operation of a control procedure. Control weaknesses can potentially result in risks relevant to the area of activity not being reduced to an acceptable level (relevant risks are those that threaten achievement of the ob
Data owner
System narratives
False negative
Control weakness
7. The interface between the user and the system
Shell
Misuse detection
Test generators
Mapping
8. Group of people responsible for a project; whose terms of reference may include the development; acquisition; implementation or maintenance of an application system. The team members may include line management; operational line staff; external contr
Project team
Integrity
Transaction protection
Input controls
9. Detects line errors by retransmitting data back to the sending device for comparison with the original transmission
Echo checks
Cryptography
Audit trail
Corporate exchange rate
10. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.
Brute force
Service level agreement (SLA)
PPP (point-to-point protocol)
Bypass label processing (BLP)
11. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe
Teleprocessing
Integrity
Validity check
Cohesion
12. A list of retracted certificates
Engagement letter
Certificate Revocation List
Waterfall development
Trust
13. The router at the extreme edge of the network under control; usually connected to an ISP or other service provider; also known as border router
External router
TACACS+ (terminal access controller access control system plus)
Application
Default deny policy
14. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking
Central processing unit (CPU)
Asymmetric key (public key)
Tape management system (TMS)
Electronic cash
15. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically
Numeric check
File layout
Librarian
Judgment sampling
16. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof
Audit evidence
Dial-in access controls
Attribute sampling
Audit expert systems
17. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.
Information engineering
Random access memory (RAM)
ASCII (American Standard Code for Information Interchange)
Limit check
18. A set of communications protocols that encompasses media access; packet transport; session communications; file transfer; electronic mail; terminal emulation; remote file access and network management. TCP/IP provides the basis for the Internet.
Random access memory (RAM)
Backup
Third-party review
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
19. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems
price risk
Journal entry
Base case
Security testing
20. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the
Due professional care
liquidity risk
Rulebase
Systems acquisition process
21. Analysis that is performed in real time or in continuous form
Dynamic analysis
Rapid application development
Budget
Substantive testing
22. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.
Risk
Transaction protection
Anonymous File Transfer Protocol (FTP)
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
23. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers
Systems acquisition process
Detective controls
Utility programs
Business risk
24. A popular local area network operating system developed by the Novell Corp.
Netware
Service provider
Telecommunications
Run instructions
25. A document which defines the IS audit function's responsibility; authority and accountability
Control objective
Audit charter
Log
Audit responsibility
26. Programmed checking of data validity in accordance with predetermined criteria
Budget organization
Validity check
Operating system
Remote job entry (RJE)
27. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.
Statistical sampling
Uploading
Format checking
Netware
28. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.
Circular routing
Variable sampling
Standing data
Record
29. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to
Polymorphism (objects)
Quick ship
Rounding down
Embedded audit module
30. A private key cryptosystem published by the National Bureau of Standards (NBS); the predecessor of the US National Institute of Standards and Technology (NIST). DES has been used commonly for data encryption in the forms of software and hardware impl
Cluster controller
Data Encryption Standard (DES)
Internal control structure
Project team
31. A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations
Gateway
Application software tracing and mapping
Intranet
Microwave transmission
32. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries
Substantive testing
Password
Wide area network (WAN)
Fourth generation language (4GL)
33. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.
Operator console
Partitioned file
Credentialed analysis
Cleartext
34. A third party that provides organizations with a variety of Internet; and Internet-related services
ISP (Internet service provider)
Address
Field
Man-in-the-middle attack
35. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)
Untrustworthy host
Duplex routing
Warm-site
Assembly language
36. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication
Project team
Netware
RADIUS (remote authentication dial-in user service)
Man-in-the-middle attack
37. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange
Telecommunications
Automated teller machine (ATM)
Idle standby
Man-in-the-middle attack
38. A device that forwards packets between LAN devices or segments. LANs that use switches are called switched LANs.
Program narratives
Hardware
Switch
Data custodian
39. A debit or credit to a general ledger account. See also manual journal entry.
Audit risk
Internet packet (IP) spoofing
Cluster controller
Journal entry
40. The portion of a security policy that states the general process that will be performed to accomplish a security goal
Executable code
Authentication
Card swipes
Procedure
41. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.
TACACS+ (terminal access controller access control system plus)
Digital certificate
Split DNS
liquidity risk
42. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.
Application
Service user
Consumer
Web Services Description Language (WSDL)
43. A protocol used for transmitting data between two ends of a connection
PPP (point-to-point protocol)
Utility software
Antivirus software
End-user computing
44. Analysis that is performed on a continuous basis; with results gained in time to alter the run-time system
Internal storage
Waterfall development
Asymmetric key (public key)
Real-time analysis
45. A small electronic device that contains electronic memory; and possibly an embedded integrated circuit. It can be used for a number of purposes including the storage of digital certificates or digital cash; or it can be used as a token to authenticat
Trusted systems
Smart card
Database administrator (DBA)
External router
46. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea
Professional competence
Benchmark
FIN (final)
Cross-certification
47. The potential loss to an area due to the occurrence of an adverse event
Application system
Exposure
Evidence
Token
48. Memory chips with embedded program code that hold their content when power is turned off
Inherent risk
Security policy
Firmware
Outsourcing
49. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
Computer server
Budget hierarchy
Database replication
Central office (CO)
50. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules
L2TP (Layer 2 tunneling protocol)
Internet Inter-ORB Protocol (IIOP)
Logoff
Vulnerability analysis