SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Interface between data terminal equipment and data communications equipment employing serial binary data interchange
RS-232 interface
Cross-certification
Application programming
Computer-assisted audit technique (CAATs)
2. The outward impression of being self-governing and free from conflict of interest and undue influence
Privilege
Independent appearance
Online data processing
Allocation entry
3. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.
Coverage
Piggy backing
DDoS (distributed denial-of-service) attack
Fraud risk
4. A programmed edit or routine that detects transposition and transcription errors by calculating and checking the check digit
Population
Check digit verification (self-checking digit)
Real-time analysis
Application programming interface (API)
5. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate
Internal control structure
Topology
DoS (denial-of-service) attack
Indexed sequential file
6. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul
Computer-aided software engineering (CASE)
Comprehensive audit
Parallel simulation
Passive assault
7. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.
COBIT
Segregation/separation of duties
Integrity
Limit check
8. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management
Systems acquisition process
Security administrator
Utility software
Application programming interface (API)
9. Defined minimum performance measures at or above which the service delivered is considered acceptable
ICMP (internet control message protocol)
Range check
Business impact analysis (BIA)
Service level agreement (SLA)
10. An evaluation of any part of a project to perform maintenance on an application system (e.g.; project management; test plans; user acceptance testing procedures)
Application maintenance review
Audit plan
Object-oriented system development
Telecommunications
11. Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However; the goal of component
Components (as in component-based development)
Preventive controls
Attitude
Idle standby
12. A common connection point for devices in a network; hubs commonly are used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port; it is copied to the other ports so that all segments of the LAN can see all pac
Control section
Data-oriented systems development
Hub
Non-intrusive monitoring
13. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed
General computer controls
Cathode ray tube (CRT)
Third-party review
Coverage
14. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;
Signatures
Card swipes
Certificate Revocation List
Virus
15. Software packages that sequentially dial telephone numbers; recording any numbers that answer
War dialler
Noise
Content filtering
Monetary unit sampling
16. Files; equipment; data and procedures available for use in the event of a failure or loss; if the originals are destroyed or out of service
Digital certification
Whitebox testing
Backup
Encryption key
17. Way of thinking; behaving; feeling; etc.
Criteria
Sniffing
Personal identification number (PIN)
Attitude
18. Freedom from unauthorized intrusion
Generalized audit software
Application layer
Queue
Privacy
19. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch
Record
e-commerce
Pervasive IS controls
Spanning port
20. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator
Adjusting period
Optical scanner
Input controls
Screening routers
21. The use of alphabetic characters or an alphabetic character string
Reengineering
Combined Code on Corporate Governance
Alpha
Third-party review
22. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack
Segregation/separation of duties
Polymorphism (objects)
Scure socket layer (SSL)
Network hop
23. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data
Job control language (JCL)
Subject matter (Area of activity)
Data owner
Business process reengineering (BPR)
24. A telecommunications carrier's facilities in a local area in which service is provided where local service is switched to long distance
Central office (CO)
Teleprocessing
Random access memory (RAM)
Preventive controls
25. The boundary that defines the area of security concern and security policy coverage
Protection domain
Program flowcharts
Security perimeter
Random access memory (RAM)
26. Use of the Internet as a remote delivery channel for banking services. Services include the traditional ones; such as opening an account or transferring funds to different accounts; and new banking services; such as electronic bill presentment and pa
Protocol
Systems development life cycle (SDLC)
Capacity stress testing
Internet banking
27. A web-based version of the traditional phone book's yellow and white pages enabling businesses to be publicly listed in promoting greater e-commerce activities.
Audit trail
Baud rate
Data security
Universal Description; Discovery and Integration (UDDI)
28. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe
Demodulation
Optical scanner
Latency
Cohesion
29. The process of converting an analog telecommunications signal into a digital computer signal
Dry-pipe fire extinguisher system
Audit authority
Business impact analysis (BIA)
Demodulation
30. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population
Middleware
Audit sampling
Logical access controls
Normalization
31. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint
Reasonableness check
Biometrics
Black box testing
Continuity
32. The risk of errors occurring in the area being audited
Coaxial cable
Population
Error risk
Leased lines
33. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.
Intelligent terminal
Program narratives
Regression testing
Ethernet
34. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.
Voice mail
Digital certification
RSA
Check digit verification (self-checking digit)
35. The risk of giving an incorrect audit opinion
Initial program load (IPL)
Verification
Piggy backing
Audit risk
36. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm
Monitor
Combined Code on Corporate Governance
Systems development life cycle (SDLC)
Netware
37. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances
Due professional care
Spool (simultaneous peripheral operations online)
Data custodian
Electronic cash
38. Detects line errors by retransmitting data back to the sending device for comparison with the original transmission
Echo checks
Intrusive monitoring
Binary code
Intranet
39. A set of metrics designed to measure the extent to which performance objectives are being achieved on an on-going basis. They can include service level agreements; critical success factors; customer satisfaction ratings; internal or external benchmar
Finger
Fraud risk
Internal penetrators
Performance indicators
40. Analysis that is performed in real time or in continuous form
Dynamic analysis
Source code
Control group
COBIT
41. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.
Data-oriented systems development
X.25 interface
Data diddling
Rulebase
42. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re
Direct reporting engagement
Smart card
Fail-over
Control risk self-assessment
43. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development
Foreign exchange risk
Remote procedure calls (RPCs)
Content filtering
BSP (business service provider)
44. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
Token
Abend
Computer-assisted audit technique (CAATs)
Trust
45. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.
Application programming interface (API)
LDAP (Lightweight Directory Access Protocol)
Program evaluation and review technique (PERT)
Logon
46. A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source
Control Objectives for Enterprise Governance
Offsite storage
Capacity stress testing
Audit trail
47. The amount of time allowed for the recovery of a business function or resource after a disaster occurs
Access method
Recovery time objective (RTO)
ACK (acknowledgement)
Data analysis
48. Advanced computer systems that can simulate human capabilities; such as analysis; based on a predetermined set of rules
Redundancy check
Artificial intelligence
Ethernet
Decryption
49. The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction
Access control
Central processing unit (CPU)
Initial program load (IPL)
Object-oriented system development
50. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr
Check digit verification (self-checking digit)
Quick ship
Geographic disk mirroring
General computer controls