Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A system of interconnected computers and the communications equipment used to connect them
Requirements definition
Single point of failure
Network
Ethernet

2. Programs that are used to process live or actual data that were received as input into the production environment.
Sequential file
Judgment sampling
Hyperlink
Production programs

3. Patterns indicating misuse of a system
Teleprocessing
Signatures
Private key
Rotating standby

4. Those controls that seek to maintain confidentiality; integrity and availability of information
Broadband
Audit responsibility
Data security
Interface testing

5. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).
Application proxy
Sniffing
L2TP (Layer 2 tunneling protocol)
Posting

6. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files
Logical access controls
Asynchronous transmission
Half duplex
Internal penetrators

7. A computer program or set of programs that perform the processing of records for a specific function
Application
Business-to-consumer e-commerce (B2C)
Black box testing
Scure socket layer (SSL)

8. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level
Internet packet (IP) spoofing
Security/transaction risk
Internet banking
Uninterruptible power supply (UPS)

9. A protocol for accessing a secure web server; whereby all data transferred is encrypted
HTTPS (hyper text transfer protocol secure)
Audit
Rulebase
liquidity risk

10. The code used to designate the location of a specific piece of data within computer storage
Limit check
Address
Man-in-the-middle attack
Validity check

11. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of
Application programming interface (API)
Passive assault
implementation life cycle review
Modem (modulator-demodulator)

12. The Committee on the Financial Aspects of Corporate Governance; set up in May 1991 by the UK Financial Reporting Council; the London Stock Exchange and the UK accountancy profession; was chaired by Sir Adrian Cadbury and produced a report on the subj
Virus
Cadbury
Addressing
Asymmetric key (public key)

13. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.
Business-to-consumer e-commerce (B2C)
Asynchronous Transfer Mode (ATM)
Applet
SMTP (Simple Mail Transport Protocol)

14. Transactions that cannot be denied after the fact
Nonrepudiable trnasactions
Control Objectives for Enterprise Governance
Data communications
Corporate exchange rate

15. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate
Executable code
Asynchronous Transfer Mode (ATM)
Indexed sequential file
DoS (denial-of-service) attack

16. A utility program that combines several separately compiled modules into one; resolving internal references between them
Link editor (linkage editor)
IP (Internet protocol)
Central processing unit (CPU)
Cryptography

17. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development
BSP (business service provider)
world wide web (WWW)
Executable code
Address

18. The computer's primary working memory. Each byte of memory can be accessed randomly regardless of adjacent bytes.
Electronic signature
Abend
Random access memory (RAM)
PPTP (point-to-point tunneling protocol)

19. Programs that are tested and evaluated before approval into the production environment. Test programs; through a series of change control moves; migrate from the test environment to the production environment and become production programs.
Control perimeter
Vaccine
Test programs
BSP (business service provider)

20. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem
Data dictionary
Router
Data diddling
Uninterruptible power supply (UPS)

21. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
Third-party review
Downloading
world wide web (WWW)
ASP/MSP (application or managed service provider)

22. The roles; scope and objectives documented in the service level agreement between management and audit
Audit responsibility
Encryption key
Whitebox testing
X.25

23. A process used to identify and evaluate risks and their potential effects
Outsourcing
Service level agreement (SLA)
Risk assessment
Anomaly detection

24. Controls over the business processes that are supported by the ERP
business process integrity
Logon
Privilege
Addressing

25. A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Analog signals are used in telecommunications.
Ciphertext
browser
Analog
Application implementation review

26. Filters out electrical surges and spikes
Surge suppressor
Data diddling
Variable sampling
Peripherals

27. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.
Redundancy check
Application
Remote job entry (RJE)
Data-oriented systems development

28. A file format in which records are organized and can be accessed; according to a preestablished key that is part of the record
Handprint scanner
Indexed sequential file
Downtime report
Relevant audit evidence

29. Software used to create data to be used in the testing of computer programs
COSO
Control perimeter
Authorization
Test generators

30. Interface between data terminal equipment and data communications equipment employing serial binary data interchange
Electronic cash
RS-232 interface
Discovery sampling
Data security

31. The use of alphabetic characters or an alphabetic character string
Credentialed analysis
Inherent risk
Alpha
Detective controls

32. Any information collection mechanism utilized by an intrusion detection system
Password
Intrusive monitoring
Intelligent terminal
Monitor

33. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
Trust
Database replication
Automated teller machine (ATM)
Audit trail

34. Unusual or statistically rare
Optical scanner
Anomaly
Inheritance (objects)
Electronic signature

35. Simulated transactions that can be used to test processing logic; computations and controls actually programmed in computer applications. Individual programs or an entire system can be tested. This technique includes Integrated Test Facilities (ITFs)
Permanent virtual circuit (PVC)
System exit
Test data
Executable code

36. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer
Control section
Incremental testing
Asymmetric key (public key)
Integrity

37. A sampling technique used to estimate the average or total value of a population based on a sample; a statistical model used to project a quantitative characteristic; such as a dollar amount
Judgment sampling
Continuous auditing approach
Protocol
Variable sampling

38. Any situation or event that has the potential to harm a system
Wiretapping
Decryption key
Threat
Echo checks

39. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m
Trust
Control objective
Piggy backing
price risk

40. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea
Request for proposal (RFP)
Cross-certification
Protocol
Applet

41. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.
Budget formula
Threat
Magnetic ink character recognition (MICR)
Certificate Revocation List

42. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is
Source code
Normalization
Internal storage
Compliance testing

43. The transmission of more than one signal across a physical channel
Machine language
Program evaluation and review technique (PERT)
Multiplexing
DoS (denial-of-service) attack

44. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the
liquidity risk
Peripherals
Coupling
Proxy server

45. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population
Default deny policy
Discovery sampling
Wiretapping
Record; screen and report layouts

46. A type of service providing an authentication and accounting system often used for dial-up and remote access security
Worm
RADIUS (remote authentication dial-in user service)
Uploading
Internal control

47. Group of people responsible for a project; whose terms of reference may include the development; acquisition; implementation or maintenance of an application system. The team members may include line management; operational line staff; external contr
Project team
Protection domain
Check digit verification (self-checking digit)
Database

48. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.
Address
Manual journal entry
Reliable audit evidence
Hash total

49. A document that confirms the client's and the IS auditor's acceptance of a review assignment
Technical infrastructure security
Terms of reference
Corporate exchange rate
Service level agreement (SLA)

50. A computer file storage format in which one record follows another. Records can be accessed sequentially only. It is required with magnetic tape.
Masking
Registration authority (RA)
Electronic vaulting
Sequential file