SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed
Base case
Budget formula
Content filtering
ACK (acknowledgement)
2. A telecommunications traffic controlling methodology in which a complete message is sent to a concentration point and stored until the communications path is established
Protocol
Criteria
Message switching
L2TP (Layer 2 tunneling protocol)
3. Those controls that seek to maintain confidentiality; integrity and availability of information
Local area network (LAN)
Offline files
Data security
Operational control
4. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.
X.500
Distributed data processing network
Budget
X.25
5. Diligence which a person would exercise under a given set of circumstances
Due care
Untrustworthy host
Reliable audit evidence
Availability
6. The process of converting an analog telecommunications signal into a digital computer signal
Bandwidth
Demodulation
Uploading
Management information system (MIS)
7. Filters out electrical surges and spikes
Tape management system (TMS)
Communications controller
Database management system (DBMS)
Surge suppressor
8. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission
ACK (acknowledgement)
Security perimeter
Modulation
Run-to-run totals
9. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service
Bypass label processing (BLP)
Application proxy
Audit objective
Synchronous transmission
10. A piece of information; in a digitized form; used by an encryption algorithm to convert the plaintext to the ciphertext
Recovery testing
Encryption key
Uninterruptible power supply (UPS)
Cluster controller
11. An interface between data terminal equipment (DTE) and data circuit-terminating equipment (DCE) for terminals operating in the packet mode on some public data networks
Internal control
Audit risk
X.25 interface
Repudiation
12. The quality or state of not being named or identified
Extensible Markup Language (XML)
Anonymity
Reengineering
Application software tracing and mapping
13. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.
Operating system
Fraud risk
Editing
Static analysis
14. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements
Management information system (MIS)
Optical character recognition
Auditability
Application software tracing and mapping
15. A recovery solution provided by recovery and/or hardware vendors and includes a pre-established contract to deliver hardware resources within a specified number amount of hours after a disaster occurs. This solution usually provides organizations wit
Quick ship
Application system
Bridge
Credit risk
16. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.
Population
Distributed data processing network
Spool (simultaneous peripheral operations online)
Journal entry
17. With respect to security; a special type of virus that does not attach itself to programs; but rather spreads via other methods such as e-mail (also see virus)
System flowcharts
Function point analysis
Decryption
Worm
18. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered
Security/transaction risk
Credit risk
Application layer
Electronic vaulting
19. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Service user
File
Top-level management
Object code
20. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba
Incremental testing
Operational risk
Plaintext
Bridge
21. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem
Data dictionary
Input controls
Multiplexing
IT governance
22. A program designed to detect computer viruses
Vaccine
Appearance of independence
Bypass label processing (BLP)
Security policy
23. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.
Single point of failure
Independence
DoS (denial-of-service) attack
Utility programs
24. Programs that are tested and evaluated before approval into the production environment. Test programs; through a series of change control moves; migrate from the test environment to the production environment and become production programs.
Mutual takeover
Firewall
Computer sequence checking
Test programs
25. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))
Internal penetrators
Windows NT
Web Services Description Language (WSDL)
General computer controls
26. A sampling technique used to estimate the average or total value of a population based on a sample; a statistical model used to project a quantitative characteristic; such as a dollar amount
Audit program
Variable sampling
Application programming
Circular routing
27. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
Certificate Revocation List
Simple Object Access Protocol (SOAP)
Waterfall development
28. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be
Hash function
DMZ (demilitarized zone)
Control weakness
Magnetic ink character recognition (MICR)
29. Checks that data are entered correctly
Benchmark
Finger
Job control language (JCL)
Verification
30. A measurement of the point prior to an outage to which data are to be restored
General computer controls
Centralized data processing
L2TP (Layer 2 tunneling protocol)
Recovery point objective (RPO)—
31. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.
Irregularities
X.25
Hexadecimal
Leased lines
32. Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the ca
Point-of-sale systems (POS)
Dial-back
RADIUS (remote authentication dial-in user service)
Subject matter (Area of activity)
33. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide
Vulnerabilities
Data analysis
Numeric check
Split data systems
34. Changing data with malicious intent before or during input into the system
Star topology
Business-to-consumer e-commerce (B2C)
Network administrator
Data diddling
35. A named collection of related records
File
Compiler
Parallel testing
Asynchronous Transfer Mode (ATM)
36. The organization using the outsourced service
Service user
Operating system audit trails
Risk assessment
Residual risk
37. A system that authentically distributes users' public keys using certificates
Misuse detection
Public key infrastructure
Digital certification
Intelligent terminal
38. In broadband; multiple channels are formed by dividing the transmission medium into discrete frequency segments. It generally requires the use of a modem.
Application implementation review
Fiber optic cable
Broadband
Internet Inter-ORB Protocol (IIOP)
39. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules
Internet Inter-ORB Protocol (IIOP)
World Wide Web Consortium (W3C)
Program evaluation and review technique (PERT)
Asynchronous transmission
40. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul
Integrity
Parallel simulation
Twisted pairs
Object orientation
41. Compares data to predefined reasonability limits or occurrence rates established for the data.
Token ring topology
Reasonableness check
Audit objective
Initial program load (IPL)
42. Is present when a financial asset or liability is denominated in a foreign currency or is funded by borrowings in another currency
Access control table
Private key
Foreign exchange risk
General computer controls
43. The technique used for selecting records in a file; one at a time; for processing; retrieval or storage. The access method is related to; but distinct from; the file organization that determines how the records are stored.
Access method
Transaction log
Computer-assisted audit technique (CAATs)
Reputational risk
44. The central database that stores and organizes data
Data communications
Frame relay
DMZ (demilitarized zone)
Repository
45. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context
Computer-aided software engineering (CASE)
Salami technique
Materiality
Vulnerability analysis
46. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.
Security administrator
Web site
System testing
Generalized audit software
47. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig
Fiber optic cable
Internal storage
Run-to-run totals
Monetary unit sampling
48. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs
Requirements definition
Redo logs
Web site
Interface testing
49. A communications channel over which data can be sent and received simultaneously
Spoofing
Logical access controls
Multiplexor
Full duplex
50. A debit or credit to a general ledger account. See also manual journal entry.
SMTP (Simple Mail Transport Protocol)
Dial-in access controls
Journal entry
Permanent virtual circuit (PVC)