Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A fail-over process; which is basically a two-way idle standby: two servers are configured so that both can take over the other node's resource group. Both must have enough CPU power to run both applications with sufficient speed; or performance loss






2. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com






3. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems






4. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm






5. A hierarchical database that is distributed across the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail servers






6. A layer within the International Organization for Standardization (ISO)/Open Systems Interconnection (OSI) model. It is used in information transfers between users through application programs and other devices. In this layer various protocols are ne






7. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.






8. A set of protocols developed by the IETF to support the secure exchange of packets






9. A sampling technique used to estimate the average or total value of a population based on a sample; a statistical model used to project a quantitative characteristic; such as a dollar amount






10. A fail-over process in which there are two nodes (as in idle standby but without priority). The node that enters the cluster first owns the resource group; and the second will join as a standby node.






11. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data






12. The information an auditor gathers in the course of performing an IS audit. Evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






13. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.






14. A popular local area network operating system developed by the Novell Corp.






15. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The






16. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).






17. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.






18. A document which defines the IS audit function's responsibility; authority and accountability






19. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.






20. The risk of errors occurring in the area being audited






21. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;






22. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem






23. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.






24. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently






25. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.






26. A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.






27. Self-governance and freedom from conflict of interest and undue influence. The IS auditor should be free to make his/her own decisions; not influenced by the organization being audited and its people (managers and employers).






28. In a passive assault; intruders attempt to learn some characteristic of the data being transmitted. They may be able to read the contents of the data so the privacy of the data is violated. Alternatively; although the content of the data itself may r






29. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.






30. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information






31. The actions/controls dealing with operational effectiveness; efficiency and adherence to regulations and management policies






32. A pair of small; insulated wires that are twisted around each other to minimize interference from other wires in the cable. This is a low-capacity transmission medium.






33. A file format in which the file is divided into multiple subfiles and a directory is established to locate each subfile






34. A technique used to recover the original plaintext from the ciphertext such that it is intelligible to the reader. The decryption is a reverse process of the encryption.






35. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules






36. Risks that could impact the organization's ability to perform business or provide a service. They can be financial; regulatory or control oriented.






37. Those controls that seek to maintain confidentiality; integrity and availability of information






38. Interface between data terminal equipment and data communications equipment employing serial binary data interchange






39. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.






40. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch






41. The machine language code that is generally referred to as the object or load module






42. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.






43. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user






44. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.






45. A data recovery strategy that takes a set of physically disparate disks and synchronously mirrors them over high performance communication lines. Any write to a disk on one side will result in a write on the other. The local write will not return unt






46. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action






47. Authorized users of a computer system who overstep their legitimate access rights. This category is divided into masqueraders and clandestine users.






48. System narratives provide an overview explanation of system flowcharts; with explanation of key control points and system interfaces.






49. A data transmission service requiring the establishment of a circuit-switched connection before data can be transferred from source data terminal equipment (DTE) to a sink DTE. A circuit-switched data transmission service uses a connection network.






50. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.