SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Data that is not encrypted. Also known as plaintext.
Cleartext
Utility programs
Password
Dynamic analysis
2. An automated detail report of computer system activity
Console log
Bar case
Vulnerability analysis
Web site
3. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba
Systems development life cycle (SDLC)
Operational risk
Inheritance (objects)
Analog
4. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.
Program narratives
Risk assessment
Continuity
Shell
5. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.
Budget formula
Machine language
Software
Cohesion
6. The ability to exercise judgement; express opinions and present recommendations with impartiality
Magnetic ink character recognition (MICR)
Idle standby
Objectivity
Foreign exchange risk
7. Filters out electrical surges and spikes
Nonrepudiable trnasactions
Logs/Log file
Client-server
Surge suppressor
8. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.
Warm-site
Source documents
System testing
Anomaly
9. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus
Nonrepudiation
Objectivity
Recovery time objective (RTO)
e-commerce
10. A financial system that establishes the means for transferring money between suppliers and users of funds; ordinarily by exchanging debits or credits between banks or financial institutions.
Useful audit evidence
Payment system
Integrated test facilities (ITF)
Data communications
11. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements
Due care
Application software tracing and mapping
Decryption
Idle standby
12. Records of system events generated by a specialized operating system mechanism
Detection risk
Decentralization
Data flow
Operating system audit trails
13. A computer program or set of programs that perform the processing of records for a specific function
Numeric check
Application
Access control table
Terms of reference
14. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com
Point-of-sale systems (POS)
Object Management Group (OMG)
Security software
Application acquisition review
15. The property that data meet with a priority expectation of quality and that the data can be relied upon
Datagram
Access path
Fscal year
Data integrity
16. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population
Foreign exchange risk
Discovery sampling
Salami technique
Artificial intelligence
17. A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster
Hot site
Cohesion
Sequential file
Client-server
18. A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Analog signals are used in telecommunications.
Registration authority (RA)
ACK (acknowledgement)
Analog
Application programming
19. ATM is a high-bandwidth low-delay switching and multiplexing technology. It is a data link layer protocol. This means that it is a protocol-independent transport mechanism. ATM allows integration of real-time voice and video as well as data. ATM allo
Data analysis
L2TP (Layer 2 tunneling protocol)
Message switching
Asynchronous Transfer Mode (ATM)
20. The machine language code that is generally referred to as the object or load module
Hub
Electronic data interchange (EDI)
Base case
Executable code
21. The susceptibility of an audit area to error which could be material; individually or in combination with other errors; assuming that there are no related internal controls
Fault tolerance
Inherent risk
Abend
Protocol converter
22. Standard that defines how global directories should be structured. X.500 directories are hierarchical with different levels for each category of information; such as country; state and city.
Systems development life cycle (SDLC)
Reasonable assurance
X.500
Tcpdump
23. Refers to a sprinkler system that does not have water in the pipes during idle usage; unlike a fully charged fire extinguisher system that has water in the pipes at all times. The dry-pipe system is activated at the time of the fire alarm; and water
Dry-pipe fire extinguisher system
Business impact analysis (BIA)
Limit check
UDP (User Datagram Protocol)
24. The person responsible for maintaining a LAN and assisting end users
Web site
System flowcharts
Masqueraders
Network administrator
25. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase
Regression testing
Decentralization
Modulation
Voice mail
26. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.
HTTPS (hyper text transfer protocol secure)
Batch processing
Limit check
IPSec (Internet protocol security)
27. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in
Access control
Password cracker
Budget hierarchy
Check digit verification (self-checking digit)
28. The highest level of management in the organization; responsible for direction and control of the organization as a whole (such as director; general manager; partner; chief officer and executive manager).
Reengineering
LDAP (Lightweight Directory Access Protocol)
Anomaly
Top-level management
29. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.
Production software
Worm
Hub
Open systems
30. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy
Audit
Decryption key
Online data processing
Bandwidth
31. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed
Cathode ray tube (CRT)
Console log
Attribute sampling
Control Objectives for Enterprise Governance
32. The individual responsible for the safeguard and maintenance of all program and data files
Static analysis
Dumb terminal
Librarian
Hacker
33. The process of transmitting messages in convenient pieces that can be reassembled at the destination
Corrective controls
Project team
Tuple
Packet switching
34. A statement of the position within the organization; including lines of reporting and the rights of access
Application programming
Audit authority
File server
Interface testing
35. The computer room and support areas
Information processing facility (IPF)
Cleartext
Log
Anomaly
36. English-like; user friendly; nonprocedural computer languages used to program and/or read and process computer files
Fourth generation language (4GL)
Fault tolerance
Plaintext
Access method
37. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the
Internal control
Audit accountability
Database management system (DBMS)
liquidity risk
38. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.
Intranet
Tuple
Service provider
Statistical sampling
39. Defined minimum performance measures at or above which the service delivered is considered acceptable
Service level agreement (SLA)
Handprint scanner
Initial program load (IPL)
System testing
40. A printed machine-readable code that consists of parallel bars of varied width and spacing
Independent appearance
Corrective controls
Bar code
Salami technique
41. Identified by one central processor and databases that form a distributed processing configuration
Direct reporting engagement
Privacy
Centralized data processing
Detective controls
42. The name given to a class of algorithms that repeatedly try all possible combinations until a solution is found
Brute force
Batch control
Hypertext
Subject matter (Area of activity)
43. Freedom from unauthorized intrusion
Public key cryptosystem
Coaxial cable
Trusted processes
Privacy
44. A permanent connection between hosts in a packet switched network
Centralized data processing
Permanent virtual circuit (PVC)
Audit responsibility
Firmware
45. A code whose representation is limited to 0 and 1
Binary code
Modulation
Service level agreement (SLA)
Interface testing
46. Program flowcharts show the sequence of instructions in a single program or subroutine. The symbols used should be the internationally accepted standard. Program flowcharts should be updated when necessary.
Harden
Audit authority
Program flowcharts
Firmware
47. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product
Request for proposal (RFP)
Base case
Anonymous File Transfer Protocol (FTP)
Content filtering
48. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical
Data dictionary
Output analyzer
Computer-aided software engineering (CASE)
Memory dump
49. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system
Credit risk
Man-in-the-middle attack
Password
Recovery time objective (RTO)
50. Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period
System narratives
Logs/Log file
Database
Compliance testing
