Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files






2. Detection on the basis of whether the system activity matched that defined as abnormal






3. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.






4. A computerized technique of blocking out the display of sensitive information; such as passwords; on a computer terminal or report






5. Detection on the basis of whether the system activity matches that defined as bad






6. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu






7. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission






8. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks






9. An interface point between the CPU and a peripheral device






10. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system






11. Refers to a sprinkler system that does not have water in the pipes during idle usage; unlike a fully charged fire extinguisher system that has water in the pipes at all times. The dry-pipe system is activated at the time of the fire alarm; and water






12. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service






13. An attack capturing sensitive pieces of information; such as passwords; passing through the network






14. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw






15. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).






16. A specially configured server; designed to attract intruders so that their actions do not affect production systems; also known as a decoy server






17. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy






18. A collection of related information treated as a unit. Separate fields within the record are used for processing of the information.






19. An audit designed to determine the accuracy of financial records; as well as evaluate the internal controls of a function or department






20. Used in data encryption; it uses an encryption key; as a public key; to encrypt the plaintext to the ciphertext. It uses the different decryption key; as a secret key; to decrypt the ciphertext to the corresponding plaintext. In contrast to a private






21. Analysis of the security state of a system or its compromise on the basis of information collected at intervals






22. A sub-network of the Internet through which information is exchanged by text; graphics; audio and video.






23. A technique used to recover the original plaintext from the ciphertext such that it is intelligible to the reader. The decryption is a reverse process of the encryption.






24. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users






25. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes






26. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.






27. The quality or state of not being named or identified






28. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)






29. An engagement where management does not make a written assertion about the effectiveness of their control procedures; and the IS auditor provides an opinion about subject matter directly; such as the effectiveness of the control procedures






30. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.






31. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.






32. Computer programs provided by a computer hardware manufacturer or software vendor and used in running the system. This technique can be used to examine processing activities; to test programs; system activities and operational procedures; to evaluate






33. Deliberately testing only the value-added functionality of a software component






34. The process of converting an analog telecommunications signal into a digital computer signal






35. A method of selecting a portion of a population; by means of mathematical calculations and probabilities; for the purpose of making scientifically and mathematically sound inferences regarding the characteristics of the entire population






36. Advanced computer systems that can simulate human capabilities; such as analysis; based on a predetermined set of rules






37. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o






38. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed






39. The risk of giving an incorrect audit opinion






40. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed






41. An entity that may be given responsibility for performing some of the administrative tasks necessary in the registration of subjects; such as confirming the subject's identity; validating that the subject is entitled to have the attributes requested






42. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.






43. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.






44. Weaknesses in systems that can be exploited in ways that violate security policy






45. Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities.






46. Used in data encryption; it uses a secret key to encrypt the plaintext to the ciphertext. It also uses the same key to decrypt the ciphertext to the corresponding plaintext. In this case; the key is symmetric such that the encryption key is equivalen






47. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the






48. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules






49. The main memory of the computer's central processing unit






50. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer