Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level






2. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes






3. The consolidation in 1998 of the ''Cadbury;'' ''Greenbury'' and ''Hampel'' Reports. Named after the Committee Chairs; these reports were sponsored by the UK Financial Reporting Council; the London Stock Exchange; the Confederation of British Industry






4. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.






5. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw






6. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs






7. A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited; the type of work planned; the high level objectives and scope of the work; and topics such as budget; res






8. The primary language used by both application programmers and end users in accessing relational databases






9. A set of protocols developed by the IETF to support the secure exchange of packets






10. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.






11. A code whose representation is limited to 0 and 1






12. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator






13. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system






14. A program designed to detect computer viruses






15. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'






16. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission






17. A test to check the system's ability to recover after a software or hardware failure






18. The outward impression of being self-governing and free from conflict of interest and undue influence






19. An approach to system development where the basic unit of attention is an object; which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template ca






20. A protocol used to transfer files over a TCP/IP network (Internet; UNIX; etc.)






21. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population






22. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action






23. Integral part of an application system that is designed to identify and report specific transactions or other information based on pre-determined criteria. Identification of reportable items occurs as part of real-time processing. Reporting may be re






24. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination






25. An individual who attempts to gain unauthorized access to a computer system






26. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.






27. The person responsible for maintaining a LAN and assisting end users






28. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload






29. Testing an application with large quantities of data to evaluate its performance during peak periods. It also is called volume testing.






30. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy






31. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers






32. The current and prospective effect on earnings or capital arising from adverse business decisions; improper implementation of decisions or lack of responsiveness to industry changes.






33. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities






34. A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also; that permits multimedia (graphics) applications on the World Wide Web






35. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and






36. A series of steps to complete an audit objective






37. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.






38. A procedure designed to ensure that no fields are missing from a record






39. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re






40. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com






41. A special terminal used by computer operations personnel to control computer and systems operations functions. These terminals typically provide a high level of computer access and should be properly secured.






42. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.






43. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m






44. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.






45. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.






46. Detection on the basis of whether the system activity matched that defined as abnormal






47. A multiuser; multitasking operating system that is used widely as the master control program in workstations and especially servers






48. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame






49. The amount of time allowed for the recovery of a business function or resource after a disaster occurs






50. Risks that could impact the organization's ability to perform business or provide a service. They can be financial; regulatory or control oriented.