Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.
Program narratives
DNS (domain name system)
Biometrics
Regression testing

2. Deliberately testing only the value-added functionality of a software component
Monitor
Leased lines
Incremental testing
Automated teller machine (ATM)

3. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences
Audit risk
Internal control
FIN (final)
Comparison program

4. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator
Screening routers
Network
Link editor (linkage editor)
System exit

5. A master control program that runs the computer and acts as a scheduler and traffic controller. It is the first program copied into the computer's memory after the computer is turned on and must reside in memory at all times. It is the software that
Due care
Operating system
Continuous auditing approach
Intelligent terminal

6. Character-at-a-time transmission
Split data systems
Asynchronous transmission
Operating system audit trails
Modulation

7. In broadband; multiple channels are formed by dividing the transmission medium into discrete frequency segments. It generally requires the use of a modem.
ACK (acknowledgement)
Biometric locks
Database replication
Broadband

8. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur
Benchmark
Transaction protection
Data analysis
TACACS+ (terminal access controller access control system plus)

9. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d
Integrated services digital network (ISDN)
PPTP (point-to-point tunneling protocol)
Hot site
Internet Inter-ORB Protocol (IIOP)

10. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme
Trust
Audit authority
Public key
Hexadecimal

11. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal
RSA
Real-time processing
Security software
Security/transaction risk

12. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.
System narratives
Audit program
Cryptography
Trojan horse

13. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed
Firmware
File layout
Content filtering
System software

14. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes
Access path
Control risk
Offline files
Symmetric key encryption

15. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.
Remote job entry (RJE)
Exception reports
Confidentiality
Nonrepudiation

16. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure
Permanent virtual circuit (PVC)
Database
Tuple
Business process reengineering (BPR)

17. A type of service providing an authentication and accounting system often used for dial-up and remote access security
Application implementation review
RADIUS (remote authentication dial-in user service)
Default password
Embedded audit module

18. Filters out electrical surges and spikes
Active response
Logon
Hub
Surge suppressor

19. A device used for combining several lower-speed channels into a higher-speed channel
Journal entry
Multiplexor
Virus
Harden

20. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.
Dry-pipe fire extinguisher system
Online data processing
Brouters
TCP (transmission control protocol)

21. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.
Field
COCO
Synchronous transmission
UDP (User Datagram Protocol)

22. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be
RFC (request for comments)
Security administrator
Synchronous transmission
Hash function

23. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission
ACK (acknowledgement)
Packet filtering
Certificate authority (CA)
Web site

24. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed
Internet banking
Binary code
Cathode ray tube (CRT)
FTP (file transfer protocol)

25. The transmission of job control language (JCL) and batches of transactions from a remote terminal location
Remote job entry (RJE)
Masking
Range check
liquidity risk

26. The roles; scope and objectives documented in the service level agreement between management and audit
Control group
Batch control
Automated teller machine (ATM)
Audit responsibility

27. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period
Substantive testing
Control perimeter
Recovery testing
Buffer

28. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.
Electronic data interchange (EDI)
Non-intrusive monitoring
Ciphertext
Downtime report

29. A fail-over process in which the primary node owns the resource group. The backup node runs a non-critical application (e.g.; a development or test environment) and takes over the critical resource group but not vice versa.
Password cracker
Bus topology
Simple fail-over
Computer server

30. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas
Record; screen and report layouts
Data owner
Ring topology
Dynamic analysis

31. System flowcharts are graphical representations of the sequence of operations in an information system or program. Information system flowcharts show how data from source documents flow through the computer to final distribution to users. Symbols use
Data dictionary
Run-to-run totals
Reengineering
System flowcharts

32. Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period
Data security
Topology
Compliance testing
Application development review

33. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display
Third-party review
Tcpdump
Procedure
Partitioned file

34. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The
Modem (modulator-demodulator)
Public key cryptosystem
Remote procedure calls (RPCs)
Application proxy

35. A version of the Windows operating system that supports preemptive multitasking
Operational control
Prototyping
Windows NT
Direct reporting engagement

36. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)
Budget organization
Internet Engineering Task Force (IETF)
Duplex routing
Public key cryptosystem

37. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.
ICMP (internet control message protocol)
Intelligent terminal
Application programming interface (API)
Personal identification number (PIN)

38. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com
Wiretapping
ISO17799
Point-of-sale systems (POS)
File layout

39. The outward impression of being self-governing and free from conflict of interest and undue influence
Operational control
Private key cryptosystems
Independent appearance
Authentication

40. A code whose representation is limited to 0 and 1
Initial program load (IPL)
Digital certification
Symmetric key encryption
Binary code

41. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.
Cluster controller
Latency
Password
Parity check

42. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).
Hub
Black box testing
L2TP (Layer 2 tunneling protocol)
Backup

43. A data recovery strategy that includes a recovery from complete backups that are physically shipped off site once a week. Specifically; logs are batched electronically several times daily; and then loaded into a tape library located at the same facil
Sniff
Spoofing
Bulk data transfer
Components (as in component-based development)

44. The elimination of redundant data
Token ring topology
Attribute sampling
Normalization
Benchmark

45. An interface point between the CPU and a peripheral device
Port
Dry-pipe fire extinguisher system
Strategic risk
System testing

46. Point at which terminals are given access to a network
Accountability
Journal entry
Node
Exception reports

47. A file format in which the file is divided into multiple subfiles and a directory is established to locate each subfile
Prototyping
Application programming interface (API)
Partitioned file
Audit

48. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to
Rounding down
Blackbox testing
Masqueraders
Local area network (LAN)

49. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem
Coverage
Due professional care
Symmetric key encryption
RSA

50. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission
Logoff
Professional competence
SYN (synchronize)
Third-party review