SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.
Cathode ray tube (CRT)
Benchmark
Hexadecimal
Service bureau
2. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.
Application programming
RADIUS (remote authentication dial-in user service)
Encryption
Consumer
3. Considered for acquisition the person responsible for high-level decisions; such as changes to the scope and/or budget of the project; and whether or not to implement
Quick ship
Project sponsor
Variable sampling
Demodulation
4. The process of converting an analog telecommunications signal into a digital computer signal
Application acquisition review
Materiality
Demodulation
Audit trail
5. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances
Independent appearance
Magnetic ink character recognition (MICR)
Due professional care
Tcpdump
6. A flag set in a packet to indicate that this packet is the final data packet of the transmission
Web page
FIN (final)
Cleartext
Rotating standby
7. Specifies the format of packets and the addressing scheme
RS-232 interface
Electronic cash
IP (Internet protocol)
Fscal year
8. A method used in the information processing facility (IPF) to determine and establish the sequence of computer job processing
FTP (file transfer protocol)
Concurrent access
Scheduling
Binary code
9. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem
Logs/Log file
Data dictionary
Security software
False positive
10. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules
Central processing unit (CPU)
Internet Inter-ORB Protocol (IIOP)
Audit program
Security software
11. Programs that are used to process live or actual data that were received as input into the production environment.
Network hop
Piggy backing
Limit check
Production programs
12. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).
Application controls
Enterprise resource planning
Redundancy check
Addressing
13. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.
Asynchronous Transfer Mode (ATM)
Honey pot
Optical scanner
Address space
14. A deficiency in the design or operation of a control procedure. Control weaknesses can potentially result in risks relevant to the area of activity not being reduced to an acceptable level (relevant risks are those that threaten achievement of the ob
Data-oriented systems development
X.500
Operational control
Control weakness
15. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in
ACK (acknowledgement)
Half duplex
Password cracker
Combined Code on Corporate Governance
16. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.
e-commerce
Useful audit evidence
Authentication
Detailed IS ontrols
17. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.
Credit risk
Tape management system (TMS)
Intrusion
Trojan horse
18. A storage facility located away from the building housing the primary information processing facility (IPF); used for storage of computer media such as offline backup data and storage files
Internet Engineering Task Force (IETF)
Audit
Offsite storage
Centralized data processing
19. Auxiliary computer hardware equipment used for input; output and data storage. Examples include disk drives and printers.
Surge suppressor
Anonymity
Electronic data interchange (EDI)
Peripherals
20. The standard e-mail protocol on the Internet
Encryption
SMTP (Simple Mail Transport Protocol)
Reasonable assurance
TACACS+ (terminal access controller access control system plus)
21. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of
Degauss
Certificate Revocation List
Automated teller machine (ATM)
Warm-site
22. The act of giving the idea or impression of being or doing something
COCO
Encryption key
Payment system
Appearance
23. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac
Repudiation
Central office (CO)
Adjusting period
Queue
24. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making
Management information system (MIS)
Application maintenance review
Administrative controls
Partitioned file
25. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;
Dry-pipe fire extinguisher system
Star topology
Penetration testing
Security management
26. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.
Telnet
System flowcharts
Hyperlink
Operational audit
27. Behavior adequate to meet the situations occurring during audit work (interviews; meetings; reporting; etc.). The IS auditor should be aware that appearance of independence depends upon the perceptions of others and can be influenced by improper acti
Appearance of independence
Piggy backing
Data integrity
Internal control structure
28. The proportion of known attacks detected by an intrusion detection system
Coverage
Waterfall development
Leased lines
Adjusting period
29. The application of an edit; using a predefined field definition to a submitted information stream; a test to ensure that data conform to a predefined format
Independence
File server
Reengineering
Format checking
30. The quality or state of not being named or identified
X.25 interface
Arithmetic-logic unit (ALU)
Electronic signature
Anonymity
31. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer
UNIX
Operating system audit trails
Control section
Optical character recognition
32. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations
Untrustworthy host
Microwave transmission
Surge suppressor
Integrity
33. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.
Security policy
Access path
End-user computing
Control risk
34. The current and prospective effect on earnings or capital arising from adverse business decisions; improper implementation of decisions or lack of responsiveness to industry changes.
Strategic risk
Engagement letter
Vaccine
Public key
35. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission
Worm
Digital certificate
SYN (synchronize)
Check digit verification (self-checking digit)
36. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'
COSO
Bus
Object code
Outsourcing
37. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.
Unit testing
Port
Production software
Diskless workstations
38. The act of verifying the identity of a system entity (e.g.; a user; a system; a network node) and the entity's eligibility to access computerized information. Designed to protect against fraudulent logon activity. Authentication can also refer to the
Mapping
Authentication
Batch processing
Control risk
39. The password used to gain access when a system is first installed on a computer or network device. There is a large list published on the Internet and maintained at several locations. Failure to change these after the installation leaves the system v
Reverse engineering
Vaccine
Sampling risk
Default password
40. A method of computer fraud involving a computer code that instructs the computer to slice off small amounts of money from an authorized computer transaction and reroute this amount to the perpetrator's account
Internal control
Salami technique
Hyperlink
Information processing facility (IPF)
41. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od
RADIUS
HTTPS (hyper text transfer protocol secure)
Parity check
Netware
42. An edit check designed to ensure the data in a particular field is numeric
Function point analysis
Numeric check
Passive assault
Unit testing
43. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti
Protocol converter
Electronic vaulting
Exposure
Ethernet
44. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.
Network
Standing data
Adjusting period
Software
45. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data
Criteria
Data owner
Public key cryptosystem
Router
46. A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need
Network hop
Decentralization
Feasibility study
Combined Code on Corporate Governance
47. The process of converting a digital computer signal into an analog telecommunications signal
Asynchronous transmission
Modulation
Compensating control
Checkpoint restart procedures
48. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes
Cold site
Private key
Data leakage
X.500
49. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network
ASP/MSP (application or managed service provider)
Format checking
Challenge/response token
Intranet
50. Formal document which defines the IS auditor's responsibility; authority and accountability for a specific assignment
Reasonableness check
Addressing
Logoff
Engagement letter