Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management
implementation life cycle review
Reasonableness check
Risk assessment
Management information system (MIS)

2. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch
Point-of-sale systems (POS)
Production software
Spanning port
Data flow

3. A popular local area network operating system developed by the Novell Corp.
Piggy backing
Netware
Point-of-presence (POP)
Gateway

4. The proportion of known attacks detected by an intrusion detection system
Computationally greedy
Static analysis
Coverage
Black box testing

5. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto
Due care
Addressing
Simple Object Access Protocol (SOAP)
Objectivity

6. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus
Gateway
Echo checks
e-commerce
Public key cryptosystem

7. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.
Dumb terminal
Peripherals
Passive assault
Communications controller

8. (remote authentication dial-in user service)
Screening routers
Control risk
RADIUS
Trust

9. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer
Control section
Audit accountability
Database specifications
Object orientation

10. Authorized users of a computer system who overstep their legitimate access rights. This category is divided into masqueraders and clandestine users.
Function point analysis
Accountability
Internal penetrators
Reputational risk

11. The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risk.
e-commerce
Access method
Data Encryption Standard (DES)
Audit objective

12. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig
Discovery sampling
Fiber optic cable
Check digit
World Wide Web Consortium (W3C)

13. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.
Nonrepudiation
Procedure
Bulk data transfer
Local loop

14. Programs that provide assurance that the software being audited is the correct version of the software; by providing a meaningful listing of any discrepancies between the two versions of the program
Requirements definition
Source code compare programs
Request for proposal (RFP)
Tuple

15. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.
Hacker
Bus topology
Integrated test facilities (ITF)
Audit sampling

16. Testing an application with large quantities of data to evaluate its performance during peak periods. It also is called volume testing.
Record
Capacity stress testing
Protocol converter
Point-of-presence (POP)

17. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul
Diskless workstations
Dial-in access controls
Private key cryptosystems
Parallel simulation

18. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems
Digital certificate
Machine language
Security testing
Idle standby

19. A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations
Microwave transmission
Assembler
Circular routing
Enterprise governance

20. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.
Bypass label processing (BLP)
Tcpdump
Combined Code on Corporate Governance
TCP (transmission control protocol)

21. The process of electronically inputting source documents by taking an image of the document; thereby eliminating the need for key entry
Digital certification
Open systems
Image processing
Database administrator (DBA)

22. A storage facility located away from the building housing the primary information processing facility (IPF); used for storage of computer media such as offline backup data and storage files
Edit controls
Data structure
Recovery time objective (RTO)
Offsite storage

23. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.
Audit evidence
File layout
Verification
Firmware

24. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently
Authorization
Job control language (JCL)
Record
Concurrent access

25. An eight-bit code representing 256 characters; used in most large computer systems
Database replication
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Star topology
Structured Query Language (SQL)

26. Disconnecting from the computer
Passive assault
Electronic funds transfer (EFT)
Signatures
Logoff

27. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.
Spool (simultaneous peripheral operations online)
Gateway
Initial program load (IPL)
Logical access controls

28. The transmission of more than one signal across a physical channel
Exposure
Computer server
Benchmark
Multiplexing

29. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.
Control risk self-assessment
Permanent virtual circuit (PVC)
Electronic signature
Latency

30. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re
Logoff
Control risk self-assessment
TACACS+ (terminal access controller access control system plus)
Object Management Group (OMG)

31. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.
RFC (request for comments)
Reputational risk
Librarian
Active response

32. A master control program that runs the computer and acts as a scheduler and traffic controller. It is the first program copied into the computer's memory after the computer is turned on and must reside in memory at all times. It is the software that
Sniffing
Operating system
browser
Operational risk

33. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio
Object-oriented system development
Geographic disk mirroring
Coaxial cable
legal risk

34. The relationships among files in a database and among data items within each file
Simple fail-over
Registration authority (RA)
Internal penetrators
Data structure

35. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it
Fail-safe
Internal control structure
FTP (file transfer protocol)
business process integrity

36. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.
Firmware
Program narratives
Bypass label processing (BLP)
Operating system audit trails

37. An individual who attempts to gain unauthorized access to a computer system
Independent appearance
HTTP (hyper text transfer protocol)
Hypertext
Hacker

38. These controls are designed to prevent or restrict an error; omission or unauthorized intrusion.
Audit objective
Rootkit
Cathode ray tube (CRT)
Preventive controls

39. General controls which are designed to manage and monitor the IS environment and which; therefore; affect all IS-related activities
PPTP (point-to-point tunneling protocol)
Pervasive IS controls
Redo logs
Real-time processing

40. An authentication protocol; often used by remote-access servers
TACACS+ (terminal access controller access control system plus)
Format checking
Latency
IDS (intrusion detection system)

41. The portion of a security policy that states the general process that will be performed to accomplish a security goal
Wide area network (WAN)
Procedure
Addressing
Analog

42. Devices that perform the functions of both bridges and routers; are called brouters. Naturally; they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones; which
War dialler
Brouters
Message switching
RFC (request for comments)

43. A list of retracted certificates
Control group
Access method
Unit testing
Certificate Revocation List

44. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system
Active recovery site (mirrored)
HTTPS (hyper text transfer protocol secure)
Attitude
Rootkit

45. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
Third-party review
Wiretapping
Components (as in component-based development)
HTTPS (hyper text transfer protocol secure)

46. Used to ensure that input data agree with predetermined criteria stored in a table
Table look-ups
War dialler
Optical character recognition
Edit controls

47. Any yearly accounting period without regard to its relationship to a calendar year.
Half duplex
Accountability
Fscal year
Digital certification

48. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes
Detailed IS ontrols
Structured Query Language (SQL)
Offline files
Application

49. The process of creating and managing duplicate versions of a database. Replication not only copies a database but also synchronizes a set of replicas so that changes made to one replica are reflected in all the others. The beauty of replication is th
Console log
Logical access controls
Database replication
Operational audit

50. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example
Reverse engineering
Checkpoint restart procedures
Audit authority
Performance indicators