Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od






2. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.






3. The current and prospective effect on earnings or capital arising from adverse business decisions; improper implementation of decisions or lack of responsiveness to industry changes.






4. Requiring a great deal of computing power; processor intensive






5. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results






6. The rules by which a network operates and controls the flow and priority of transmissions






7. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes






8. Range checks ensure that data fall within a predetermined range (also see limit checks).






9. The potential loss to an area due to the occurrence of an adverse event






10. Auxiliary computer hardware equipment used for input; output and data storage. Examples include disk drives and printers.






11. These are the requirements for establishing a database application. They include field definitions; field requirements and reporting requirements for the individual information in the database.






12. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination






13. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.






14. Any intentional violation of the security policy of a system






15. A measurement of the point prior to an outage to which data are to be restored






16. The art of designing; analyzing and attacking cryptographic schemes






17. A master control program that runs the computer and acts as a scheduler and traffic controller. It is the first program copied into the computer's memory after the computer is turned on and must reside in memory at all times. It is the software that






18. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an






19. The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risk.






20. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department






21. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed






22. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software






23. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.






24. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'






25. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.






26. A program that processes actions upon business data; such as data entry; update or query. It contrasts with systems program; such as an operating system or network control program; and with utility programs; such as copy or sort.






27. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne






28. A protocol used for transmitting data between two ends of a connection






29. A communications channel over which data can be sent and received simultaneously






30. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.






31. Detects transmission errors by appending calculated bits onto the end of each segment of data






32. A system's level of resilience to seamlessly react from hardware and/or software failure






33. The risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Internet banking provides the opportunity for banks to expand their geographic range. Customers can r






34. A disk access method that stores data sequentially; while also maintaining an index of key fields to all the records in the file for direct access capability






35. A test to check the system's ability to recover after a software or hardware failure






36. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.






37. Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period






38. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti






39. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed






40. The practice of eavesdropping on information being transmitted over telecommunications links






41. An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions






42. A utility program that combines several separately compiled modules into one; resolving internal references between them






43. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user






44. Used in data encryption; it uses a secret key to encrypt the plaintext to the ciphertext. It also uses the same key to decrypt the ciphertext to the corresponding plaintext. In this case; the key is symmetric such that the encryption key is equivalen






45. A level of comfort short of a guarantee but considered adequate given the costs of the control and the likely benefits achieved






46. This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer.






47. A group of items that is waiting to be serviced or processed






48. The act of transferring computerized information from one computer to another computer






49. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an






50. Defined minimum performance measures at or above which the service delivered is considered acceptable