Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system
Broadband
IPSec (Internet protocol security)
virtual organizations
Intrusive monitoring

2. An attack capturing sensitive pieces of information; such as passwords; passing through the network
Magnetic card reader
Standing data
World Wide Web Consortium (W3C)
Sniffing

3. Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the ca
Handprint scanner
Budget formula
Authorization
Dial-back

4. Checks the accuracy of the results produced by a test run. There are three types of checks that an output analyzer can perform. First; if a standard set of test data and test results exists for a program; the output of a test run after program mainte
Certificate authority (CA)
DMZ (demilitarized zone)
Output analyzer
Direct reporting engagement

5. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas
Criteria
Combined Code on Corporate Governance
Web Services Description Language (WSDL)
Ring topology

6. A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.
Capacity stress testing
Interest rate risk
Black box testing
Digital certification

7. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.
Reliable audit evidence
Redundancy check
Test programs
Direct reporting engagement

8. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example
Application programming
Control risk self-assessment
Computer-assisted audit technique (CAATs)
Checkpoint restart procedures

9. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.
Integrated test facilities (ITF)
Default deny policy
Utility programs
Production programs

10. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links
Digital signature
Data communications
Brouters
Operational control

11. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
Detection risk
Computer server
Anonymous File Transfer Protocol (FTP)
Optical character recognition

12. Also known as traditional development; it is a very procedure-focused development cycle with formal sign-off at the completion of each level.
Decision support systems (DSS)
Coverage
Waterfall development
Access path

13. An edit check designed to ensure the data in a particular field is numeric
Backup
Reverse engineering
Numeric check
Prototyping

14. A disk access method that stores data sequentially; while also maintaining an index of key fields to all the records in the file for direct access capability
Indexed sequential access method (ISAM)
Business impact analysis (BIA)
Control Objectives for Enterprise Governance
Windows NT

15. Compares data to predefined reasonability limits or occurrence rates established for the data.
Reasonableness check
Systems analysis
Demodulation
Access path

16. An audit designed to determine the accuracy of financial records; as well as evaluate the internal controls of a function or department
Black box testing
Comprehensive audit
Microwave transmission
COSO

17. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.
Auditability
Reasonable assurance
Allocation entry
Direct reporting engagement

18. The electronic transmission of transactions (information) between two organizations. EDI promotes a more efficient paperless environment. EDI transmissions can replace the use of standard documents; including invoices or purchase orders.
Performance testing
Combined Code on Corporate Governance
Electronic data interchange (EDI)
Monitor

19. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof
Remote job entry (RJE)
Auditability
Audit expert systems
Database management system (DBMS)

20. Considered for acquisition the person responsible for high-level decisions; such as changes to the scope and/or budget of the project; and whether or not to implement
Penetration testing
Access control table
Plaintext
Project sponsor

21. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec
Sampling risk
Batch control
DMZ (demilitarized zone)
implementation life cycle review

22. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.
Job control language (JCL)
Anomaly detection
Magnetic card reader
Access path

23. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.
Bypass label processing (BLP)
Audit accountability
Control objective
Digital certification

24. Formal document which defines the IS auditor's responsibility; authority and accountability for a specific assignment
Source code compare programs
Engagement letter
Audit sampling
System software

25. The act of copying raw data from one place to another with little or no formatting for readability. Usually; dump refers to copying data from main memory to a display screen or a printer. Dumps are useful for diagnosing bugs. After a program fails; o
Memory dump
Downtime report
Multiplexing
Modem (modulator-demodulator)

26. A flag set in a packet to indicate that this packet is the final data packet of the transmission
Corrective controls
Nonrepudiable trnasactions
FIN (final)
Quick ship

27. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks
Decision support systems (DSS)
Ciphertext
Central processing unit (CPU)
Cold site

28. Criteria Of Control; published by the Canadian Institute of Chartered Accountants in 1995
COCO
Real-time analysis
Logical access controls
Risk

29. A document that confirms the client's and the IS auditor's acceptance of a review assignment
Terms of reference
Procedure
Whitebox testing
Password

30. An input device that reads characters and images that are printed or painted on a paper form into the computer.
Data structure
Electronic data interchange (EDI)
Applet
Optical scanner

31. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame
Coverage
Application program
Record; screen and report layouts
Frame relay

32. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.
Record
Inheritance (objects)
Data-oriented systems development
Hyperlink

33. The interface between the user and the system
Shell
Client-server
Value-added network (VAN)
Encryption key

34. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function
Optical scanner
Sampling risk
Communications controller
Automated teller machine (ATM)

35. Computer programs provided by a computer hardware manufacturer or software vendor and used in running the system. This technique can be used to examine processing activities; to test programs; system activities and operational procedures; to evaluate
False negative
Sniffing
Token ring topology
Utility software

36. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain
Split data systems
Analog
Protocol converter
Database replication

37. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no
Router
Structured programming
Idle standby
Allocation entry

38. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul
Leased lines
Firewall
Parallel simulation
Tuple

39. A high-capacity disk storage device or a computer that stores data centrally for network users and manages access to that data. File servers can be dedicated so that no process other than network management can be executed while the network is availa
Audit
Validity check
Noise
File server

40. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.
Universal Description; Discovery and Integration (UDDI)
Accountability
Audit evidence
Standing data

41. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl
UDDI
Structured Query Language (SQL)
Segregation/separation of duties
Arithmetic-logic unit (ALU)

42. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making
Source code
Useful audit evidence
System narratives
Management information system (MIS)

43. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes
Non-intrusive monitoring
Hexadecimal
Intelligent terminal
Black box testing

44. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.
Database management system (DBMS)
Trusted processes
Packet filtering
Enterprise resource planning

45. A method of computer fraud involving a computer code that instructs the computer to slice off small amounts of money from an authorized computer transaction and reroute this amount to the perpetrator's account
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Application programming interface (API)
X.25
Salami technique

46. An abnormal end to a computer job; termination of a task prior to its completion because of an error condition that cannot be resolved by recovery facilities while the task is executing
Point-of-sale systems (POS)
Abend
Hexadecimal
Optical character recognition

47. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research
Third-party review
Handprint scanner
Computer sequence checking
Compensating control

48. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu
Population
File server
Application development review
Dynamic analysis

49. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi
Internal control
Application implementation review
Access control
Criteria

50. The logical language a computer understands
Audit risk
Monitoring policy
Default password
Machine language