Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity
Abend
Utility programs
Sampling risk
False negative

2. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the
FIN (final)
Interest rate risk
Sampling risk
liquidity risk

3. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users
Protocol stack
Reputational risk
Twisted pairs
Masqueraders

4. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is
Due professional care
Fail-safe
Internet packet (IP) spoofing
Source code

5. A system software tool that logs; monitors and directs computer tape usage
Star topology
Fiber optic cable
Packet switching
Tape management system (TMS)

6. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements
Remote procedure calls (RPCs)
Redundancy check
Systems analysis
Generalized audit software

7. Used to enable remote access to a server computer. Commands typed are run on the remote server.
Telnet
Password
Due professional care
Address space

8. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.
Structured Query Language (SQL)
Function point analysis
Executable code
Range check

9. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Protocol converter
Business impact analysis (BIA)
Internal storage

10. The potential loss to an area due to the occurrence of an adverse event
Ring topology
Posting
Exposure
Security management

11. The objectives of management that are used as the framework for developing and implementing controls (control procedures).
End-user computing
Challenge/response token
e-commerce
Control objective

12. The boundary that defines the area of security concern and security policy coverage
Promiscuous mode
Control section
Security perimeter
Automated teller machine (ATM)

13. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product
Statistical sampling
Passive response
Request for proposal (RFP)
Baud rate

14. A numeric value; which has been calculated mathematically; is added to data to ensure that original data have not been altered or that an incorrect; but valid match has occurred. This control is effective in detecting transposition and transcription
L2F (Layer 2 forwarding)
Check digit
Star topology
Application programming interface (API)

15. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.
Database management system (DBMS)
Control Objectives for Enterprise Governance
Binary code
Port

16. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.
Encryption
File layout
Monitor
Repository

17. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature
Biometric locks
System narratives
Distributed data processing network
Exception reports

18. Source lines of code are often used in deriving single-point software-size estimations.
Source lines of code (SLOC)
RADIUS (remote authentication dial-in user service)
Decryption key
Attitude

19. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and
Application controls
Transaction protection
X.25 interface
Application development review

20. In a passive assault; intruders attempt to learn some characteristic of the data being transmitted. They may be able to read the contents of the data so the privacy of the data is violated. Alternatively; although the content of the data itself may r
Man-in-the-middle attack
Public key cryptosystem
Brute force
Passive assault

21. Transactions that cannot be denied after the fact
Cadbury
Single point of failure
Nonrepudiable trnasactions
Reasonableness check

22. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.
Useful audit evidence
Masqueraders
Non-intrusive monitoring
Criteria

23. A set of protocols that allow systems to communicate information about the state of services on other systems. It is used; for example; in determining whether systems are up; maximum packet sizes on links; whether a destination host/network/port is a
Mutual takeover
Error
vulnerability
ICMP (internet control message protocol)

24. A program that processes actions upon business data; such as data entry; update or query. It contrasts with systems program; such as an operating system or network control program; and with utility programs; such as copy or sort.
COBIT
Netware
Application program
Database specifications

25. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes
Audit sampling
Data owner
Management information system (MIS)
IT governance

26. Way of thinking; behaving; feeling; etc.
Generalized audit software
Memory dump
Data integrity
Attitude

27. The central database that stores and organizes data
Hash function
Security administrator
Repository
world wide web (WWW)

28. Unauthorized electronic exits; or doorways; out of an authorized computer program into a set of malicious instructions or programs
Trap door
Production software
Distributed data processing network
Internet Engineering Task Force (IETF)

29. A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need
Procedure
Evidence
Feasibility study
Accountability

30. Disconnecting from the computer
Logoff
Firmware
RFC (request for comments)
Service level agreement (SLA)

31. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain
Audit evidence
implementation life cycle review
IPSec (Internet protocol security)
Split data systems

32. Correctness checks built into data processing systems and applied to batches of input data; particularly in the data preparation stage. There are two main forms of batch controls: 1) sequence control; which involves numbering the records in a batch c
Integrity
Trust
Batch control
Engagement letter

33. A set of communications protocols that encompasses media access; packet transport; session communications; file transfer; electronic mail; terminal emulation; remote file access and network management. TCP/IP provides the basis for the Internet.
Rounding down
Redundancy check
Comparison program
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)

34. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.
Ethernet
Public key cryptosystem
L2F (Layer 2 forwarding)
Hyperlink

35. Organizations that have no official physical site presence and are made up of diverse geographically dispersed or mobile employees.
virtual organizations
RS-232 interface
Electronic funds transfer (EFT)
ACK (acknowledgement)

36. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes
Optical character recognition
Offline files
Network administrator
Web site

37. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.
Credentialed analysis
Base case
Duplex routing
RADIUS

38. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.
Electronic funds transfer (EFT)
Exposure
Judgment sampling
Independent attitude

39. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.
Uploading
Broadband
Request for proposal (RFP)
Privacy

40. A utility program that combines several separately compiled modules into one; resolving internal references between them
Due care
Protection domain
Communications controller
Link editor (linkage editor)

41. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate
Packet switching
DoS (denial-of-service) attack
Foreign exchange risk
Control weakness

42. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.
Digital certification
Information engineering
Structured programming
Systems development life cycle (SDLC)

43. A disk access method that stores data sequentially; while also maintaining an index of key fields to all the records in the file for direct access capability
Data flow
Indexed sequential access method (ISAM)
System flowcharts
Abend

44. The risk of errors occurring in the area being audited
Error risk
Editing
Criteria
Indexed sequential file

45. These controls are designed to prevent or restrict an error; omission or unauthorized intrusion.
Objectivity
Sufficient audit evidence
Enterprise resource planning
Preventive controls

46. A process used to identify and evaluate risks and their potential effects
Remote procedure calls (RPCs)
Database specifications
Circular routing
Risk assessment

47. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re
Database administrator (DBA)
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
Applet
Control risk self-assessment

48. A list of retracted certificates
Performance indicators
Certificate Revocation List
Parallel testing
Modulation

49. The art of designing; analyzing and attacking cryptographic schemes
Baseband
Prototyping
Payment system
Cryptography

50. Criteria Of Control; published by the Canadian Institute of Chartered Accountants in 1995
Application software tracing and mapping
Quick ship
COCO
UNIX