SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination
Privacy
Test data
Datagram
Information engineering
2. A programmed edit or routine that detects transposition and transcription errors by calculating and checking the check digit
Security software
Check digit verification (self-checking digit)
Abend
Relevant audit evidence
3. Unauthorized electronic exits; or doorways; out of an authorized computer program into a set of malicious instructions or programs
Application development review
Public key infrastructure
Trap door
Whitebox testing
4. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem
Tcpdump
Signatures
Circuit-switched network
Symmetric key encryption
5. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.
Personal identification number (PIN)
Misuse detection
Concurrent access
Run instructions
6. Diligence which a person would exercise under a given set of circumstances
Preventive controls
Due care
Sampling risk
Data owner
7. A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify if they actually arrive at the destination; not if
Structured programming
UDP (User Datagram Protocol)
Technical infrastructure security
Log
8. The transmission of more than one signal across a physical channel
Audit
Communications controller
Multiplexing
IPSec (Internet protocol security)
9. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.
Operational control
Point-of-presence (POP)
Components (as in component-based development)
Administrative controls
10. A list of retracted certificates
Input controls
Certificate Revocation List
Personal identification number (PIN)
Hash total
11. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances
Salami technique
Corporate governance
Due professional care
Multiplexor
12. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes
Security administrator
Preventive controls
Corrective controls
Non-intrusive monitoring
13. A specially configured server; designed to attract intruders so that their actions do not affect production systems; also known as a decoy server
Tape management system (TMS)
Honey pot
DMZ (demilitarized zone)
Reverse engineering
14. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications
Intelligent terminal
Reputational risk
Application security
Access rights
15. A response; in which the system (automatically or in concert with the user) blocks or otherwise affects the progress of a detected attack. The response takes one of three forms--amending the environment; collecting more information or striking back a
Central office (CO)
Reciprocal agreement
Active response
Production software
16. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the
Performance testing
liquidity risk
Integrated test facilities (ITF)
Active response
17. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.
Data-oriented systems development
Residual risk
Database specifications
False positive
18. Patterns indicating misuse of a system
Output analyzer
Master file
Signatures
Monitoring policy
19. A flag set in a packet to indicate that this packet is the final data packet of the transmission
Geographic disk mirroring
Systems acquisition process
Ethernet
FIN (final)
20. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;
Security management
Third-party review
Posting
Alpha
21. The risk of giving an incorrect audit opinion
Demodulation
Reciprocal agreement
Sniffing
Audit risk
22. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.
Independence
Passive response
Utility programs
Recovery time objective (RTO)
23. A fail-over process in which the primary node owns the resource group. The backup node runs a non-critical application (e.g.; a development or test environment) and takes over the critical resource group but not vice versa.
Security/transaction risk
Test data
Systems development life cycle (SDLC)
Simple fail-over
24. An entity that may be given responsibility for performing some of the administrative tasks necessary in the registration of subjects; such as confirming the subject's identity; validating that the subject is entitled to have the attributes requested
Magnetic ink character recognition (MICR)
System testing
Test programs
Registration authority (RA)
25. Is the risk to earnings or capital arising from movements in interest rates. From an economic perspective; a bank focuses on the sensitivity of the value of its assets; liabilities and revenues to changes in interest rates. Internet banking may attra
Interest rate risk
Fail-over
Digital certificate
Electronic signature
26. The physical layout of how computers are linked together. Examples include ring; star and bus.
Continuous auditing approach
Risk
Passive assault
Topology
27. A recovery solution provided by recovery and/or hardware vendors and includes a pre-established contract to deliver hardware resources within a specified number amount of hours after a disaster occurs. This solution usually provides organizations wit
Tuple
Quick ship
Web Services Description Language (WSDL)
Firewall
28. The process of monitoring the events occurring in a computer system or network; detecting signs of security problems
Budget hierarchy
Intrusion detection
PPTP (point-to-point tunneling protocol)
Table look-ups
29. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne
Financial audit
IT governance
Proxy server
Repudiation
30. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system
ASCII (American Standard Code for Information Interchange)
Compensating control
Decision support systems (DSS)
Rootkit
31. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.
Memory dump
Data custodian
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Geographic disk mirroring
32. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems
Information engineering
Telecommunications
Star topology
Audit accountability
33. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.
Distributed data processing network
Non-intrusive monitoring
IT governance
Audit trail
34. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed
Fiber optic cable
TACACS+ (terminal access controller access control system plus)
Promiscuous mode
Transaction protection
35. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.
Security administrator
Function point analysis
Subject matter (Area of activity)
Cathode ray tube (CRT)
36. ATM is a high-bandwidth low-delay switching and multiplexing technology. It is a data link layer protocol. This means that it is a protocol-independent transport mechanism. ATM allows integration of real-time voice and video as well as data. ATM allo
Default password
Asynchronous Transfer Mode (ATM)
Budget organization
Firmware
37. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.
Registration authority (RA)
Population
Dumb terminal
Fourth generation language (4GL)
38. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to
E-mail/interpersonal messaging
Rounding down
Modem (modulator-demodulator)
Filtering router
39. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate
Comparison program
Bypass label processing (BLP)
DoS (denial-of-service) attack
Compensating control
40. Those policies and procedures implemented to achieve a related control objective
Controls (Control procedures)
Communications controller
Application security
Enterprise resource planning
41. A system software tool that logs; monitors and directs computer tape usage
Split data systems
Engagement letter
Cathode ray tube (CRT)
Tape management system (TMS)
42. A system of storing messages in a private recording medium where the called party can later retrieve the messages
Access path
Certificate authority (CA)
Dynamic analysis
Voice mail
43. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level
Uninterruptible power supply (UPS)
Intrusion detection
FTP (file transfer protocol)
Request for proposal (RFP)
44. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.
Trusted systems
Trusted processes
Limit check
Electronic data interchange (EDI)
45. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an
External router
Transaction log
Warm-site
Untrustworthy host
46. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers
Security testing
Systems acquisition process
Open systems
Scure socket layer (SSL)
47. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.
RSA
Data flow
Bridge
Nonrepudiation
48. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems
Masqueraders
Security software
Verification
Risk
49. A protocol used to transfer files over a TCP/IP network (Internet; UNIX; etc.)
Telecommunications
Finger
Audit evidence
FTP (file transfer protocol)
50. Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer.
Wide area network (WAN)
Encapsulation (objects)
Shell
Audit objective
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests