Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.
Hexadecimal
Parallel simulation
Bulk data transfer
Data custodian

2. The process of determining what types of activities are permitted. Ordinarily; authorisation is in the context of authentication: once you have authenticated a user; he/she may be authorised to perform different types of access or activity
Data dictionary
Authorization
Memory dump
Top-level management

3. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes
Database replication
Credit risk
Data leakage
Virtual private network (VPN)

4. The portion of a security policy that states the general process that will be performed to accomplish a security goal
Procedure
Waterfall development
Default deny policy
Application software tracing and mapping

5. A device that forwards packets between LAN devices or segments. LANs that use switches are called switched LANs.
Test data
Source lines of code (SLOC)
Program narratives
Switch

6. Records of system events generated by a specialized operating system mechanism
Operating system audit trails
Anonymous File Transfer Protocol (FTP)
End-user computing
False negative

7. An exception report is generated by a program that identifies transactions or data that appear to be incorrect. These items may be outside a predetermined range or may not conform to specified criteria.
File layout
Exception reports
Service user
Regression testing

8. Analysis that is performed on a continuous basis; with results gained in time to alter the run-time system
Financial audit
Utility software
Real-time analysis
Dry-pipe fire extinguisher system

9. A testing approach that uses knowledge of a program/module's underlying implementation and code intervals to verify its expected behavior.
Whitebox testing
Standing data
Reasonable assurance
Business risk

10. A device for sending and receiving computerized data over transmission lines
Split DNS
Terminal
HTTP (hyper text transfer protocol)
Procedure

11. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department
Content filtering
Rootkit
Operational audit
RFC (request for comments)

12. The logical language a computer understands
Machine language
Audit program
Analog
Protocol converter

13. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results
Parallel testing
PPP (point-to-point protocol)
X.500
Continuity

14. The central database that stores and organizes data
Content filtering
Assembler
Integrated services digital network (ISDN)
Repository

15. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio
implementation life cycle review
Coaxial cable
Magnetic card reader
Digital certification

16. Diligence which a person would exercise under a given set of circumstances
Honey pot
Generalized audit software
Production programs
Due care

17. An evaluation of any part of a project to perform maintenance on an application system (e.g.; project management; test plans; user acceptance testing procedures)
Appearance
Application maintenance review
System testing
Binary code

18. An edit check designed to ensure the data in a particular field is numeric
Offsite storage
Numeric check
Leased lines
Data dictionary

19. A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.
Audit evidence
DMZ (demilitarized zone)
Direct reporting engagement
Black box testing

20. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial
Arithmetic-logic unit (ALU)
Applet
Internet
Enterprise resource planning

21. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.
Batch processing
Indexed sequential access method (ISAM)
Topology
Electronic signature

22. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.
PPP (point-to-point protocol)
Quick ship
Project sponsor
Digital certificate

23. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
Posting
Administrative controls
Trust
Test programs

24. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user
Certificate Revocation List
Cold site
Nonrepudiation
Application proxy

25. A method of computer fraud involving a computer code that instructs the computer to slice off small amounts of money from an authorized computer transaction and reroute this amount to the perpetrator's account
Node
Duplex routing
Intrusion detection
Salami technique

26. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com
Point-of-sale systems (POS)
Independent appearance
Protocol
Antivirus software

27. The objectives of management that are used as the framework for developing and implementing controls (control procedures).
Direct reporting engagement
Repudiation
Control objective
Audit sampling

28. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul
Expert systems
Operational control
Trojan horse
Parallel simulation

29. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.
Data security
Operational control
Decryption key
Independent appearance

30. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw
Detection risk
Procedure
Firewall
Rootkit

31. A data recovery strategy that includes a recovery from complete backups that are physically shipped off site once a week. Specifically; logs are batched electronically several times daily; and then loaded into a tape library located at the same facil
Direct reporting engagement
Access method
LDAP (Lightweight Directory Access Protocol)
Bulk data transfer

32. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates
Data integrity
Certificate authority (CA)
Access path
Asynchronous Transfer Mode (ATM)

33. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.
Intrusion
Useful audit evidence
Inheritance (objects)
Relevant audit evidence

34. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.
Online data processing
Distributed data processing network
Untrustworthy host
Completeness check

35. Disconnecting from the computer
Data diddling
Ring topology
Logoff
Authentication

36. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.
Hypertext
Input controls
Fourth generation language (4GL)
vulnerability

37. A language used to control run routines in connection with performing tasks on a computer
Cleartext
Synchronous transmission
Job control language (JCL)
Structured Query Language (SQL)

38. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto
Reliable audit evidence
L2TP (Layer 2 tunneling protocol)
Simple Object Access Protocol (SOAP)
browser

39. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.
Budget formula
Simple Object Access Protocol (SOAP)
Remote procedure calls (RPCs)
Windows NT

40. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange
Telecommunications
Data dictionary
Object orientation
Fail-safe

41. The specific information subject to the IS auditor's report and related procedures which can include things such as the design or operation of internal controls and compliance with privacy practices or standards or specified laws and regulations.
Security management
Subject matter (Area of activity)
Multiplexor
Cross-certification

42. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.
Budget formula
Edit controls
Hardware
Sniffing

43. Processes certified as supporting a security goal
Residual risk
Man-in-the-middle attack
Technical infrastructure security
Trusted processes

44. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances
world wide web (WWW)
Executable code
Due professional care
Structured Query Language (SQL)

45. A standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system.
Private key cryptosystems
Librarian
Leased lines
Base case

46. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.
Synchronous transmission
Technical infrastructure security
Trusted processes
Magnetic ink character recognition (MICR)

47. Point at which terminals are given access to a network
Reasonable assurance
Standing data
Data owner
Node

48. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco
Posting
Permanent virtual circuit (PVC)
Budget formula
Modem (modulator-demodulator)

49. The property that data meet with a priority expectation of quality and that the data can be relied upon
Taps
Utility programs
Object-oriented system development
Data integrity

50. Deliberately testing only the value-added functionality of a software component
Electronic vaulting
Consumer
COCO
Incremental testing