Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.






2. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.






3. A data recovery strategy that includes a recovery from complete backups that are physically shipped off site once a week. Specifically; logs are batched electronically several times daily; and then loaded into a tape library located at the same facil






4. The act of copying raw data from one place to another with little or no formatting for readability. Usually; dump refers to copying data from main memory to a display screen or a printer. Dumps are useful for diagnosing bugs. After a program fails; o






5. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being






6. A popular local area network operating system developed by the Novell Corp.






7. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi






8. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.






9. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.






10. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code






11. The router at the extreme edge of the network under control; usually connected to an ISP or other service provider; also known as border router






12. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.






13. A disk access method that stores data sequentially; while also maintaining an index of key fields to all the records in the file for direct access capability






14. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.






15. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.






16. The boundary defining the scope of control authority for an entity. For example; if a system is within the control perimeter; the right and ability exists to control it in response to an attack.






17. To record details of information or events in an organized record-keeping system; usually sequenced in the order they occurred






18. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service






19. An entity that may be given responsibility for performing some of the administrative tasks necessary in the registration of subjects; such as confirming the subject's identity; validating that the subject is entitled to have the attributes requested






20. A project management technique used in the planning and control of system projects






21. The process of transmitting messages in convenient pieces that can be reassembled at the destination






22. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users






23. A resource whose loss will result in the loss of service or production






24. A tunnelling protocol developed by Cisco Systems to support the creation of VPNs






25. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an






26. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed






27. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.






28. An audit designed to determine the accuracy of financial records; as well as evaluate the internal controls of a function or department






29. Identified by one central processor and databases that form a distributed processing configuration






30. The outward impression of being self-governing and free from conflict of interest and undue influence






31. Unauthorized electronic exits; or doorways; out of an authorized computer program into a set of malicious instructions or programs






32. The quality or state of not being named or identified






33. A sub-network of the Internet through which information is exchanged by text; graphics; audio and video.






34. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems






35. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities






36. Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network; while denying access from the Internet directly to the private network.






37. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.






38. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o






39. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun






40. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.






41. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy






42. Software used to create data to be used in the testing of computer programs






43. Unusual or statistically rare






44. An international consortium founded in 1994 of affiliates from public and private organizations involved with the Internet and the web. The W3C's primary mission is to promulgate open standards to further enhance the economic growth of Internet web s






45. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'






46. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements






47. The ability of end users to design and implement their own information system utilizing computer software products






48. A document which defines the IS audit function's responsibility; authority and accountability






49. The information an auditor gathers in the course of performing an IS audit. Evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






50. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests