Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is






2. The ability to map a given activity or event back to the responsible party






3. Proven level of ability; often linked to qualifications issued by relevant professional bodies and compliance with their codes of practice and standards






4. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.






5. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.






6. A tunnelling protocol developed by Cisco Systems to support the creation of VPNs






7. These controls are designed to prevent or restrict an error; omission or unauthorized intrusion.






8. The risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Internet banking provides the opportunity for banks to expand their geographic range. Customers can r






9. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes






10. The level to which transactions can be traced and audited through a system






11. An eight-digit/seven-bit code representing 128 characters; used in most small computers






12. Is present when a financial asset or liability is denominated in a foreign currency or is funded by borrowings in another currency






13. Changing data with malicious intent before or during input into the system






14. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm






15. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data






16. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently






17. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development






18. The application of an edit; using a predefined field definition to a submitted information stream; a test to ensure that data conform to a predefined format






19. Refers to a sprinkler system that does not have water in the pipes during idle usage; unlike a fully charged fire extinguisher system that has water in the pipes at all times. The dry-pipe system is activated at the time of the fire alarm; and water






20. Range checks ensure that data fall within a predetermined range (also see limit checks).






21. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates






22. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code






23. Character-at-a-time transmission






24. Relates to the technical and physical features of the computer






25. Used in data encryption; it uses a secret key to encrypt the plaintext to the ciphertext. It also uses the same key to decrypt the ciphertext to the corresponding plaintext. In this case; the key is symmetric such that the encryption key is equivalen






26. To record details of information or events in an organized record-keeping system; usually sequenced in the order they occurred






27. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in






28. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d






29. An abnormal end to a computer job; termination of a task prior to its completion because of an error condition that cannot be resolved by recovery facilities while the task is executing






30. A named collection of related records






31. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications






32. Considered for acquisition the person responsible for high-level decisions; such as changes to the scope and/or budget of the project; and whether or not to implement






33. Specifies the format of packets and the addressing scheme






34. Is the risk to earnings or capital arising from movements in interest rates. From an economic perspective; a bank focuses on the sensitivity of the value of its assets; liabilities and revenues to changes in interest rates. Internet banking may attra






35. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period






36. Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However; the goal of component






37. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy






38. A language; which enables electronic documents that present information that can be connected together by links instead of being presented sequentially; as is the case with normal text.






39. The act of giving the idea or impression of being or doing something






40. Source lines of code are often used in deriving single-point software-size estimations.






41. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.






42. A system development methodology that is organised around ''objects'' rather than ''actions;' and 'data ' rather than 'logic.' Object-oriented analysis is an assessment of a physical system to determine which objects in the real world need to be repr






43. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups






44. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re






45. Error control deviations (compliance testing) or misstatements (substantive testing)






46. A device that forwards packets between LAN devices or segments. LANs that use switches are called switched LANs.






47. The structure through which the objectives of an organization are set; and the means of attaining those objectives; and determines monitoring performance guidelines. Good corporate governance should provide proper incentives for board and management






48. An automated detail report of computer system activity






49. Any information collection mechanism utilized by an intrusion detection system






50. A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need