Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The organization providing the outsourced service
Control Objectives for Enterprise Governance
Audit accountability
Service provider
Budget hierarchy

2. Requiring a great deal of computing power; processor intensive
Computationally greedy
Value-added network (VAN)
Security software
Vaccine

3. A protocol used to transmit data securely between two end points to create a VPN
Audit evidence
Business risk
PPTP (point-to-point tunneling protocol)
Protocol converter

4. Weaknesses in systems that can be exploited in ways that violate security policy
Reasonable assurance
Vulnerabilities
Reliable audit evidence
Surge suppressor

5. The primary language used by both application programmers and end users in accessing relational databases
Structured Query Language (SQL)
virtual organizations
Application system
Data owner

6. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population
Statistical sampling
Direct reporting engagement
Audit sampling
X.25

7. Analysis that is performed on a continuous basis; with results gained in time to alter the run-time system
Real-time analysis
Database administrator (DBA)
Central office (CO)
Application programming

8. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display
Address space
Internet Engineering Task Force (IETF)
Tcpdump
Systems analysis

9. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba
Operational risk
Systems acquisition process
Protocol stack
Screening routers

10. The quality or state of not being named or identified
Real-time processing
Anonymity
Information processing facility (IPF)
Performance testing

11. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service
Point-of-presence (POP)
Hot site
Packet
world wide web (WWW)

12. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.
Function point analysis
Editing
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Systems analysis

13. Disconnecting from the computer
Antivirus software
Unit testing
Logoff
Application controls

14. The rules by which a network operates and controls the flow and priority of transmissions
Service bureau
Protocol
Applet
ASCII (American Standard Code for Information Interchange)

15. The individual responsible for the safeguard and maintenance of all program and data files
Editing
Librarian
Masqueraders
Project sponsor

16. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management
Dial-in access controls
Security administrator
Control risk
Simple Object Access Protocol (SOAP)

17. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.
Integrated services digital network (ISDN)
Hash function
Registration authority (RA)
Hash total

18. The amount of time allowed for the recovery of a business function or resource after a disaster occurs
Handprint scanner
Request for proposal (RFP)
Exception reports
Recovery time objective (RTO)

19. Used to electronically input; read and interpret information directly from a source document; requires the source document to have specially-coded magnetic ink typeset
Allocation entry
Token
Magnetic ink character recognition (MICR)
Budget

20. A series of tests designed to ensure that the modified program interacts correctly with other system components. These test procedures typically are performed by the system maintenance staff in their development library.
System testing
Subject matter (Area of activity)
Vulnerability analysis
Computer-aided software engineering (CASE)

21. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of
Application programming interface (API)
Computer-assisted audit technique (CAATs)
Hacker
Degauss

22. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules
Web site
Content filtering
Packet filtering
ISP (Internet service provider)

23. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw
Operating system audit trails
HTTPS (hyper text transfer protocol secure)
ISO17799
Extensible Markup Language (XML)

24. Those controls that seek to maintain confidentiality; integrity and availability of information
Sufficient audit evidence
Prototyping
Data security
Objectivity

25. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed
Cathode ray tube (CRT)
Application controls
Vulnerabilities
Object Management Group (OMG)

26. (remote authentication dial-in user service)
Software
Synchronous transmission
RADIUS
Electronic data interchange (EDI)

27. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.
Web site
Reputational risk
Asynchronous Transfer Mode (ATM)
Frame relay

28. An interface point between the CPU and a peripheral device
Audit responsibility
Port
Budget
Offsite storage

29. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example
Checkpoint restart procedures
Vulnerability analysis
Utility programs
Capacity stress testing

30. A device that connects two similar networks together
Bridge
Downtime report
Packet switching
Batch control

31. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements
Address space
Application software tracing and mapping
Data communications
Bulk data transfer

32. Comparing the system's performance to other equivalent systems using well defined benchmarks
Performance testing
DoS (denial-of-service) attack
Anomaly
Image processing

33. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system
Internal penetrators
Cryptography
Components (as in component-based development)
Rootkit

34. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results
Parallel testing
Audit
Internal penetrators
X.25

35. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system
Information engineering
Output analyzer
Quick ship
IDS (intrusion detection system)

36. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy
Data owner
Application proxy
Computer-aided software engineering (CASE)
Virtual private network (VPN)

37. A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify if they actually arrive at the destination; not if
Redundancy check
UDP (User Datagram Protocol)
Operational audit
Security/transaction risk

38. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator
Data leakage
Screening routers
Leased lines
Test generators

39. The risk that an error which could occur in an audit area; and which could be material; individually or in combination with other errors; will not be prevented or detected and corrected on a timely basis by the internal control system
Control risk
General computer controls
External router
Node

40. The roles; scope and objectives documented in the service level agreement between management and audit
Trusted systems
Audit responsibility
Network
Anonymity

41. The technique used for selecting records in a file; one at a time; for processing; retrieval or storage. The access method is related to; but distinct from; the file organization that determines how the records are stored.
Port
Access method
Simple Object Access Protocol (SOAP)
Web Services Description Language (WSDL)

42. Detects transmission errors by appending calculated bits onto the end of each segment of data
Source code compare programs
Redundancy check
Mutual takeover
Source code

43. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.
Job control language (JCL)
Due care
Continuity
Manual journal entry

44. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.
Extended Binary-coded Decimal Interchange Code (EBCDIC)
HTTP (hyper text transfer protocol)
Bus
RADIUS (remote authentication dial-in user service)

45. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers
Attitude
Systems acquisition process
Source documents
Anonymous File Transfer Protocol (FTP)

46. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.
Control perimeter
Limit check
System software
Console log

47. An abnormal end to a computer job; termination of a task prior to its completion because of an error condition that cannot be resolved by recovery facilities while the task is executing
Audit evidence
Abend
Service provider
Internal storage

48. A device used for combining several lower-speed channels into a higher-speed channel
Edit controls
Management information system (MIS)
Multiplexor
Source lines of code (SLOC)

49. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.
Authorization
Message switching
Data structure
RFC (request for comments)

50. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product
Default password
Foreign exchange risk
Request for proposal (RFP)
Authorization