Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su






2. The art of designing; analyzing and attacking cryptographic schemes






3. A procedure designed to ensure that no fields are missing from a record






4. Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure; more responsive to the customer base and market conditions; while yielding material cost savings. To ree






5. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.






6. A system development methodology that is organised around ''objects'' rather than ''actions;' and 'data ' rather than 'logic.' Object-oriented analysis is an assessment of a physical system to determine which objects in the real world need to be repr






7. A networking device that can send (route) data packets from one local area network (LAN) or wide area network (WAN) to another; based on addressing at the network layer (Layer 3) in the OSI model. Networks connected by routers can use different or si






8. A file of semipermanent information that is used frequently for processing data or for more than one purpose






9. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed






10. A low-level computer programming language which uses symbolic code and produces machine instructions






11. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea






12. Weaknesses in systems that can be exploited in ways that violate security policy






13. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action






14. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.






15. To record details of information or events in an organized record-keeping system; usually sequenced in the order they occurred






16. An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)






17. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi






18. The person responsible for maintaining a LAN and assisting end users






19. The central database that stores and organizes data






20. A protocol for packet-switching networks






21. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).






22. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996






23. A common connection point for devices in a network; hubs commonly are used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port; it is copied to the other ports so that all segments of the LAN can see all pac






24. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.






25. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.






26. Computer hardware that houses the electronic circuits that control/direct all operations of the computer system






27. The time it takes a system and network delay to respond. System latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.






28. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes






29. This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer.






30. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.






31. A data transmission service requiring the establishment of a circuit-switched connection before data can be transferred from source data terminal equipment (DTE) to a sink DTE. A circuit-switched data transmission service uses a connection network.






32. A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.






33. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.






34. A programmed edit or routine that detects transposition and transcription errors by calculating and checking the check digit






35. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur






36. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.






37. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.






38. Group of people responsible for a project; whose terms of reference may include the development; acquisition; implementation or maintenance of an application system. The team members may include line management; operational line staff; external contr






39. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti






40. The quality or state of not being named or identified






41. The transfer of service from an incapacitated primary component to its backup component






42. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal






43. A set of protocols developed by the IETF to support the secure exchange of packets






44. A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited; the type of work planned; the high level objectives and scope of the work; and topics such as budget; res






45. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.






46. With respect to security; a special type of virus that does not attach itself to programs; but rather spreads via other methods such as e-mail (also see virus)






47. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'






48. An engagement where management does not make a written assertion about the effectiveness of their control procedures; and the IS auditor provides an opinion about subject matter directly; such as the effectiveness of the control procedures






49. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer






50. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun