Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A testing technique that is used to evaluate output from one application; while the information is sent as input to another application






2. An interface point between the CPU and a peripheral device






3. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw






4. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.






5. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management






6. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis






7. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.






8. Software used to create data to be used in the testing of computer programs






9. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu






10. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.






11. A type of LAN ring topology in which a frame containing a specific format; called the token; is passed from one station to the next around the ring. When a station receives the token; it is allowed to transmit. The station can send as many frames as






12. A computerized technique of blocking out the display of sensitive information; such as passwords; on a computer terminal or report






13. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.






14. The practice of eavesdropping on information being transmitted over telecommunications links






15. The potential loss to an area due to the occurrence of an adverse event






16. A protocol used to transmit data securely between two end points to create a VPN






17. The flow of data from the input (in Internet banking; ordinarily user input at his/her desktop) to output (in Internet banking; ordinarily data in a bank's central database). Data flow includes travelling through the communication lines; routers; swi






18. The quality or state of not being named or identified






19. Asoftware testing technique whereby the internal workings of the item being tested are not known by the tester. For example - in a black box test on a software design the tester only knows the inputs and what the expected outcomes should be and not h






20. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.






21. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software






22. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department






23. Measure of interconnectivity among software program modules' structure. Coupling depends on the interface complexity between modules. This can be defined as the point at which entry or reference is made to a module; and what data passes across the in






24. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch






25. 1) The set of management statements that documents an organization's philosophy of protecting its computing and information assets 2) The set of security rules enforced by the system's security features






26. Files maintained by a system; primarily a database management system; for the purposed of reapplying changes following an error or outage recovery






27. A response; in which the system (automatically or in concert with the user) blocks or otherwise affects the progress of a detected attack. The response takes one of three forms--amending the environment; collecting more information or striking back a






28. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function






29. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.






30. The computer room and support areas






31. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.






32. The elimination of redundant data






33. A pair of small; insulated wires that are twisted around each other to minimize interference from other wires in the cable. This is a low-capacity transmission medium.






34. In a passive assault; intruders attempt to learn some characteristic of the data being transmitted. They may be able to read the contents of the data so the privacy of the data is violated. Alternatively; although the content of the data itself may r






35. A data communication network that adds processing services such as error correction; data translation and/or storage to the basic function of transporting data






36. A system's level of resilience to seamlessly react from hardware and/or software failure






37. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of






38. An international standard that defines information confidentiality; integrity and availability controls






39. Software packages that sequentially dial telephone numbers; recording any numbers that answer






40. A report that identifies the elapsed time when a computer is not operating correctly because of machine failure






41. A file of semipermanent information that is used frequently for processing data or for more than one purpose






42. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.






43. A document which defines the IS audit function's responsibility; authority and accountability






44. Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However; the goal of component






45. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.






46. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The






47. The transmission of more than one signal across a physical channel






48. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.






49. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking






50. A sampling technique used to estimate the average or total value of a population based on a sample; a statistical model used to project a quantitative characteristic; such as a dollar amount