Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem






2. An edit check designed to ensure the data in a particular field is numeric






3. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files






4. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service






5. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.






6. A system software tool that logs; monitors and directs computer tape usage






7. The rate of transmission for telecommunication data. It is expressed in bits per second (bps).






8. Programs that provide assurance that the software being audited is the correct version of the software; by providing a meaningful listing of any discrepancies between the two versions of the program






9. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.






10. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system






11. A broad and wide-ranging concept of corporate governance; covering associated organizations such as global strategic alliance partners. (Source: Control Objectives for Enterprise Governance Discussion Document; published by the Information Systems Au






12. The objectives of management that are used as the framework for developing and implementing controls (control procedures).






13. Unauthorized electronic exits; or doorways; out of an authorized computer program into a set of malicious instructions or programs






14. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.






15. Record layouts provide information regarding the type of record; its size and the type of data contained in the record. Screen and report layouts describe what information is provided and necessary for input.






16. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities






17. A version of the Windows operating system that supports preemptive multitasking






18. A utility program that combines several separately compiled modules into one; resolving internal references between them






19. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.






20. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being






21. A permanent connection between hosts in a packet switched network






22. A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source






23. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.






24. A type of service providing an authentication and accounting system often used for dial-up and remote access security






25. These controls are designed to correct errors; omissions and unauthorized uses and intrusions; once they are detected.






26. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is






27. Records of system events generated by a specialized operating system mechanism






28. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.






29. A computer program or set of programs that perform the processing of records for a specific function






30. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.






31. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase






32. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.






33. These controls are designed to prevent or restrict an error; omission or unauthorized intrusion.






34. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su






35. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for






36. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system






37. A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited; the type of work planned; the high level objectives and scope of the work; and topics such as budget; res






38. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level






39. A computer facility that provides data processing services to clients on a continual basis






40. Patterns indicating misuse of a system






41. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco






42. The consolidation in 1998 of the ''Cadbury;'' ''Greenbury'' and ''Hampel'' Reports. Named after the Committee Chairs; these reports were sponsored by the UK Financial Reporting Council; the London Stock Exchange; the Confederation of British Industry






43. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack






44. Behavior adequate to meet the situations occurring during audit work (interviews; meetings; reporting; etc.). The IS auditor should be aware that appearance of independence depends upon the perceptions of others and can be influenced by improper acti






45. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial






46. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal






47. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.






48. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o






49. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes






50. The actions/controls dealing with operational effectiveness; efficiency and adherence to regulations and management policies