SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination
Data-oriented systems development
Datagram
Signatures
Audit expert systems
2. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)
Mapping
Master file
UDP (User Datagram Protocol)
Service provider
3. A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify if they actually arrive at the destination; not if
legal risk
Control objective
Geographic disk mirroring
UDP (User Datagram Protocol)
4. The act or function of developing and maintaining applications programs in production
Application programming
Point-of-sale systems (POS)
Transaction
Card swipes
5. The act of giving the idea or impression of being or doing something
Business process reengineering (BPR)
Monitoring policy
Anonymous File Transfer Protocol (FTP)
Appearance
6. Specifies the format of packets and the addressing scheme
Recovery testing
IP (Internet protocol)
Proxy server
Production programs
7. A top-down technique of designing programs and systems. It makes programs more readable; more reliable and more easily maintained.
Password
Structured programming
Default deny policy
Audit expert systems
8. The transmission of job control language (JCL) and batches of transactions from a remote terminal location
Utility software
FTP (file transfer protocol)
Remote job entry (RJE)
Fourth generation language (4GL)
9. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission
SYN (synchronize)
Private key
ACK (acknowledgement)
Hypertext
10. The act of transferring computerized information from one computer to another computer
Comparison program
Utility software
Downloading
Penetration testing
11. A testing technique that is used to evaluate output from one application; while the information is sent as input to another application
Interface testing
Surge suppressor
Handprint scanner
Executable code
12. The process of electronically inputting source documents by taking an image of the document; thereby eliminating the need for key entry
Application programming interface (API)
Image processing
Monitor
Challenge/response token
13. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m
Edit controls
Statistical sampling
Object-oriented system development
price risk
14. Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure; more responsive to the customer base and market conditions; while yielding material cost savings. To ree
Business process reengineering (BPR)
Packet switching
Budget formula
Protocol stack
15. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti
Electronic vaulting
Bar code
Private key cryptosystems
Whitebox testing
16. The organization providing the outsourced service
X.25
Service provider
Duplex routing
Performance indicators
17. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
Mutual takeover
Telnet
Trust
e-commerce
18. Programs that provide assurance that the software being audited is the correct version of the software; by providing a meaningful listing of any discrepancies between the two versions of the program
Virus
Source code compare programs
Privilege
Application software tracing and mapping
19. A set of protocols that allow systems to communicate information about the state of services on other systems. It is used; for example; in determining whether systems are up; maximum packet sizes on links; whether a destination host/network/port is a
Terminal
Symmetric key encryption
Polymorphism (objects)
ICMP (internet control message protocol)
20. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes
Gateway
Data leakage
Untrustworthy host
Worm
21. A report that identifies the elapsed time when a computer is not operating correctly because of machine failure
Vulnerabilities
Token
Downtime report
Trusted processes
22. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.
Allocation entry
Baud rate
Extensible Markup Language (XML)
Half duplex
23. Interface between data terminal equipment and data communications equipment employing serial binary data interchange
Antivirus software
Request for proposal (RFP)
RS-232 interface
Computer-aided software engineering (CASE)
24. The level of trust with which a system object is imbued
IT governance
Machine language
Privilege
Certificate authority (CA)
25. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems
Foreign exchange risk
Virtual private network (VPN)
Risk
Application software tracing and mapping
26. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.
Internal control structure
Consumer
Program flowcharts
business process integrity
27. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.
Standing data
Source documents
Objectivity
Bar case
28. Software packages that sequentially dial telephone numbers; recording any numbers that answer
Project team
Anomaly detection
Log
War dialler
29. With respect to security; a special type of virus that does not attach itself to programs; but rather spreads via other methods such as e-mail (also see virus)
browser
Packet
Worm
Cohesion
30. The standard e-mail protocol on the Internet
SMTP (Simple Mail Transport Protocol)
Parallel simulation
Security/transaction risk
Protocol stack
31. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.
Audit accountability
Data custodian
Database management system (DBMS)
Generalized audit software
32. A common connection point for devices in a network; hubs commonly are used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port; it is copied to the other ports so that all segments of the LAN can see all pac
Trusted systems
PPP (point-to-point protocol)
Cold site
Hub
33. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal
Simple Object Access Protocol (SOAP)
LDAP (Lightweight Directory Access Protocol)
Operational risk
Real-time processing
34. Programmed checking of data validity in accordance with predetermined criteria
Validity check
Logoff
Operating system audit trails
ICMP (internet control message protocol)
35. An eight-digit/seven-bit code representing 128 characters; used in most small computers
Public key cryptosystem
Hexadecimal
Test generators
ASCII (American Standard Code for Information Interchange)
36. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.
Bridge
Allocation entry
Biometric locks
Protection domain
37. The quality or state of not being named or identified
Anonymity
Proxy server
Hypertext
Control risk self-assessment
38. A language used to control run routines in connection with performing tasks on a computer
Job control language (JCL)
Control group
Production software
Computationally greedy
39. A type of service providing an authentication and accounting system often used for dial-up and remote access security
Middleware
Availability
RADIUS (remote authentication dial-in user service)
Address
40. The risk associated with an event when the control is in place to reduce the effect or likelihood of that event being taken into account
Residual risk
Intranet
Data dictionary
Appearance of independence
41. The area of the system that the intrusion detection system is meant to monitor and protect
Consumer
Latency
Protection domain
Assembler
42. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.
Nonrepudiation
Leased lines
Cathode ray tube (CRT)
Audit risk
43. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus
e-commerce
Plaintext
Repository
Simple Object Access Protocol (SOAP)
44. A process used to identify and evaluate risks and their potential effects
Capacity stress testing
Risk assessment
Editing
Universal Description; Discovery and Integration (UDDI)
45. Detects line errors by retransmitting data back to the sending device for comparison with the original transmission
Transaction
L2TP (Layer 2 tunneling protocol)
Dynamic analysis
Echo checks
46. Authorized users of a computer system who overstep their legitimate access rights. This category is divided into masqueraders and clandestine users.
Frame relay
Untrustworthy host
Internal penetrators
Discovery sampling
47. Detection on the basis of whether the system activity matched that defined as abnormal
Compensating control
world wide web (WWW)
Anomaly detection
Whitebox testing
48. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.
Base case
DoS (denial-of-service) attack
File layout
Alpha
49. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.
RADIUS
Handprint scanner
Encryption key
Digital certificate
50. The process of transmitting messages in convenient pieces that can be reassembled at the destination
Record; screen and report layouts
Source code
Packet switching
Remote procedure calls (RPCs)
