SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A protocol for packet-switching networks
Information processing facility (IPF)
Audit program
Request for proposal (RFP)
X.25
2. The highest level of management in the organization; responsible for direction and control of the organization as a whole (such as director; general manager; partner; chief officer and executive manager).
Source lines of code (SLOC)
Application implementation review
Sniffing
Top-level management
3. The primary language used by both application programmers and end users in accessing relational databases
Control perimeter
Structured Query Language (SQL)
Evidence
RADIUS (remote authentication dial-in user service)
4. A file format in which the file is divided into multiple subfiles and a directory is established to locate each subfile
Public key cryptosystem
Spool (simultaneous peripheral operations online)
Partitioned file
Generalized audit software
5. The risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Internet banking provides the opportunity for banks to expand their geographic range. Customers can r
Public key
Editing
Performance indicators
Credit risk
6. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently
Concurrent access
Tuple
System software
Source code
7. Refers to a sprinkler system that does not have water in the pipes during idle usage; unlike a fully charged fire extinguisher system that has water in the pipes at all times. The dry-pipe system is activated at the time of the fire alarm; and water
Operational audit
ACK (acknowledgement)
Components (as in component-based development)
Dry-pipe fire extinguisher system
8. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes
Broadband
Proxy server
Offline files
Firmware
9. A code whose representation is limited to 0 and 1
Attitude
Binary code
System testing
Object orientation
10. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial
Enterprise resource planning
Attribute sampling
Masqueraders
Personal identification number (PIN)
11. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network
Enterprise governance
Corporate exchange rate
Business impact analysis (BIA)
ASP/MSP (application or managed service provider)
12. Program flowcharts show the sequence of instructions in a single program or subroutine. The symbols used should be the internationally accepted standard. Program flowcharts should be updated when necessary.
Structured Query Language (SQL)
Program flowcharts
Sequential file
Transaction
13. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file
Security perimeter
Access rights
Simple Object Access Protocol (SOAP)
Exception reports
14. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
vulnerability
Asynchronous Transfer Mode (ATM)
Microwave transmission
Trust
15. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system
Intrusive monitoring
System testing
Hardware
Utility programs
16. Programs and supporting documentation that enable and facilitate use of the computer. Software controls the operation of the hardware.
Inheritance (objects)
Software
Object code
Whitebox testing
17. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an
Bar code
Untrustworthy host
Computer-assisted audit technique (CAATs)
HTTPS (hyper text transfer protocol secure)
18. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat
Application acquisition review
Internet packet (IP) spoofing
Active recovery site (mirrored)
Professional competence
19. A system of interconnected computers and the communications equipment used to connect them
Compliance testing
Network
Operational control
Cadbury
20. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur
Control Objectives for Enterprise Governance
Benchmark
Address
IT governance
21. An Internet standard that allows a network to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. The server; providing the NAT service; changes the source address of outgoing packets from the internal
NAT (Network Address Translation)
Proxy server
Cleartext
RFC (request for comments)
22. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.
Manual journal entry
Control Objectives for Enterprise Governance
File layout
Card swipes
23. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements
System testing
Format checking
Systems analysis
Check digit
24. A test to check the system's ability to recover after a software or hardware failure
Bus topology
Recovery testing
Evidence
Structured programming
25. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch
Program evaluation and review technique (PERT)
Hub
Wiretapping
Spanning port
26. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig
Operator console
Completeness check
Fiber optic cable
Data leakage
27. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data
Range check
ICMP (internet control message protocol)
Data owner
Digital signature
28. A sampling technique that estimates the amount of overstatement in an account balance
Check digit
Monetary unit sampling
Segregation/separation of duties
browser
29. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no
Datagram
Spool (simultaneous peripheral operations online)
Master file
Idle standby
30. Requiring a great deal of computing power; processor intensive
Fail-safe
Computationally greedy
Standing data
Librarian
31. A device that forwards packets between LAN devices or segments. LANs that use switches are called switched LANs.
Switch
COBIT
Audit evidence
Continuity
32. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.
Data diddling
Access rights
Full duplex
Spool (simultaneous peripheral operations online)
33. An eight-digit/seven-bit code representing 128 characters; used in most small computers
Internet Engineering Task Force (IETF)
Voice mail
Digital certificate
ASCII (American Standard Code for Information Interchange)
34. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination
Idle standby
Datagram
Program flowcharts
Non-intrusive monitoring
35. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.
Ciphertext
Bus topology
Application system
Application controls
36. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
Budget organization
Brute force
Computer server
Transaction log
37. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba
Base case
Application controls
Confidentiality
Operational risk
38. Unusual or statistically rare
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Downtime report
Anomaly
Applet
39. A top-down technique of designing programs and systems. It makes programs more readable; more reliable and more easily maintained.
Data communications
ASCII (American Standard Code for Information Interchange)
Structured programming
IDS (intrusion detection system)
40. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.
Allocation entry
Variable sampling
Attitude
Control section
41. A software engineering technique whereby an existing application system code can be redesigned and coded using computer-aided software engineering (CASE) technology
Promiscuous mode
Reverse engineering
Dynamic analysis
SMTP (Simple Mail Transport Protocol)
42. 1) Two or more networks connected by a router 2) The world's largest network using TCP/IP protocols to link government; university and commercial institutions
Parallel testing
Electronic funds transfer (EFT)
Leased lines
Internet
43. A destructive computer program that spreads from computer to computer using a range of methods; including infecting floppy disks and other programs. Viruses typically attach themselves to a program and modify it so that the virus code runs when the p
Virus
Symmetric key encryption
Trusted systems
Decentralization
44. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d
Protocol stack
Security testing
Packet switching
Integrated services digital network (ISDN)
45. To record details of information or events in an organized record-keeping system; usually sequenced in the order they occurred
Database replication
Operational audit
Log
War dialler
46. Use of the Internet as a remote delivery channel for banking services. Services include the traditional ones; such as opening an account or transferring funds to different accounts; and new banking services; such as electronic bill presentment and pa
Internet banking
Capacity stress testing
X.25
Normalization
47. Data that is not encrypted. Also known as plaintext.
Intelligent terminal
Console log
Cleartext
IT governance
48. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be
X.25
Internal penetrators
FIN (final)
Hash function
49. Advanced computer systems that can simulate human capabilities; such as analysis; based on a predetermined set of rules
ASCII (American Standard Code for Information Interchange)
Performance testing
Artificial intelligence
Brute force
50. A data communication network that adds processing services such as error correction; data translation and/or storage to the basic function of transporting data
Message switching
General computer controls
Value-added network (VAN)
Interface testing
