Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An international consortium founded in 1994 of affiliates from public and private organizations involved with the Internet and the web. The W3C's primary mission is to promulgate open standards to further enhance the economic growth of Internet web s






2. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems






3. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.






4. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame






5. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.






6. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac






7. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo






8. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.






9. The transfer of service from an incapacitated primary component to its backup component






10. The process of determining what types of activities are permitted. Ordinarily; authorisation is in the context of authentication: once you have authenticated a user; he/she may be authorised to perform different types of access or activity






11. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.






12. The potential loss to an area due to the occurrence of an adverse event






13. Transactions that cannot be denied after the fact






14. An edit check designed to ensure the data in a particular field is numeric






15. A destructive computer program that spreads from computer to computer using a range of methods; including infecting floppy disks and other programs. Viruses typically attach themselves to a program and modify it so that the virus code runs when the p






16. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack






17. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem






18. The rate of transmission for telecommunication data. It is expressed in bits per second (bps).






19. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems






20. Unusual or statistically rare






21. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.






22. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm






23. Used to enable remote access to a server computer. Commands typed are run on the remote server.






24. A device that forwards packets between LAN devices or segments. LANs that use switches are called switched LANs.






25. A series of tests designed to ensure that the modified program interacts correctly with other system components. These test procedures typically are performed by the system maintenance staff in their development library.






26. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy






27. The elimination of redundant data






28. The consolidation in 1998 of the ''Cadbury;'' ''Greenbury'' and ''Hampel'' Reports. Named after the Committee Chairs; these reports were sponsored by the UK Financial Reporting Council; the London Stock Exchange; the Confederation of British Industry






29. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.






30. A set of protocols developed by the IETF to support the secure exchange of packets






31. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.






32. A set of communications protocols that encompasses media access; packet transport; session communications; file transfer; electronic mail; terminal emulation; remote file access and network management. TCP/IP provides the basis for the Internet.






33. A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements






34. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network






35. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.






36. A process used to identify and evaluate risks and their potential effects






37. The area of the system that the intrusion detection system is meant to monitor and protect






38. The ability to exercise judgement; express opinions and present recommendations with impartiality






39. The rules outlining the way in which information is captured and interpreted






40. Files created specifically to record various actions occurring on the system to be monitored; such as failed login attempts; full disk drives and e-mail delivery failures






41. A protocol used for transmitting data between two ends of a connection






42. Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the ca






43. Confidentiality concerns the protection of sensitive information from unauthorized disclosure






44. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.






45. The structure through which the objectives of an organization are set; and the means of attaining those objectives; and determines monitoring performance guidelines. Good corporate governance should provide proper incentives for board and management






46. The boundary that defines the area of security concern and security policy coverage






47. A communications channel over which data can be sent and received simultaneously






48. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate






49. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population






50. The forms used to record data that have been captured. A source document may be a piece of paper; a turnaround document or an image displayed for online data input.