Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An international standard that defines information confidentiality; integrity and availability controls






2. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system






3. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an






4. The process of determining what types of activities are permitted. Ordinarily; authorisation is in the context of authentication: once you have authenticated a user; he/she may be authorised to perform different types of access or activity






5. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being






6. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.






7. Emergency processing agreements between two or more organizations with similar equipment or applications. Typically; participants promise to provide processing time to each other when an emergency arises.






8. A data recovery strategy that takes a set of physically disparate disks and synchronously mirrors them over high performance communication lines. Any write to a disk on one side will result in a write on the other. The local write will not return unt






9. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions






10. Range checks ensure that data fall within a predetermined range (also see limit checks).






11. The boundary that defines the area of security concern and security policy coverage






12. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame






13. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain






14. The rate of transmission for telecommunication data. It is expressed in bits per second (bps).






15. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.






16. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates






17. A standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system.






18. The process of electronically inputting source documents by taking an image of the document; thereby eliminating the need for key entry






19. An input device that reads characters and images that are printed or painted on a paper form into the computer.






20. Authorized users of a computer system who overstep their legitimate access rights. This category is divided into masqueraders and clandestine users.






21. A system software tool that logs; monitors and directs computer tape usage






22. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical






23. A computerized technique of blocking out the display of sensitive information; such as passwords; on a computer terminal or report






24. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management






25. To configure a computer or other network device to resist attacks






26. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.






27. Special system software features and utilities that allow the user to perform complex system maintenance. Use of these exits often permits the user to operate outside of the security access control system.






28. English-like; user friendly; nonprocedural computer languages used to program and/or read and process computer files






29. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis






30. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes






31. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.






32. A special terminal used by computer operations personnel to control computer and systems operations functions. These terminals typically provide a high level of computer access and should be properly secured.






33. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems






34. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne






35. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.






36. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population






37. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination






38. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.






39. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.






40. An audit designed to determine the accuracy of financial records and information






41. Data unit that is routed from source to destination in a packet-switched network. A packet contains both routing information and data. Transmission control protocol/Internet protocol (TCP/IP) is such a packet-switched network.






42. A set of metrics designed to measure the extent to which performance objectives are being achieved on an on-going basis. They can include service level agreements; critical success factors; customer satisfaction ratings; internal or external benchmar






43. Unusual or statistically rare






44. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.






45. Risks that could impact the organization's ability to perform business or provide a service. They can be financial; regulatory or control oriented.






46. An audit designed to determine the accuracy of financial records; as well as evaluate the internal controls of a function or department






47. The level of trust with which a system object is imbued






48. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.






49. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example






50. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests