Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an
Message switching
Ethernet
Generalized audit software
Foreign exchange risk

2. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.
LDAP (Lightweight Directory Access Protocol)
Rootkit
Artificial intelligence
Security software

3. Processes certified as supporting a security goal
Information processing facility (IPF)
Trusted processes
Baseband
Compiler

4. The susceptibility of an audit area to error which could be material; individually or in combination with other errors; assuming that there are no related internal controls
Requirements definition
Voice mail
Middleware
Inherent risk

5. A recovery solution provided by recovery and/or hardware vendors and includes a pre-established contract to deliver hardware resources within a specified number amount of hours after a disaster occurs. This solution usually provides organizations wit
Multiplexor
Quick ship
False positive
Rulebase

6. An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals
Record
Application programming interface (API)
Embedded audit module
Access control table

7. A series of tests designed to ensure that the modified program interacts correctly with other system components. These test procedures typically are performed by the system maintenance staff in their development library.
System testing
Honey pot
Concurrent access
Internet banking

8. The elimination of redundant data
E-mail/interpersonal messaging
Dial-back
Normalization
Input controls

9. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to
Budget formula
Reengineering
Generalized audit software
Rounding down

10. A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster
Business impact analysis (BIA)
Hot site
Fail-safe
Payment system

11. An eight-digit/seven-bit code representing 128 characters; used in most small computers
ASCII (American Standard Code for Information Interchange)
Service provider
Audit plan
Noise

12. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.
Fscal year
Operational control
Independent attitude
ACK (acknowledgement)

13. A series of steps to complete an audit objective
Audit program
Random access memory (RAM)
System narratives
Packet

14. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.
Port
Computer-assisted audit technique (CAATs)
Detective controls
Service user

15. Defined minimum performance measures at or above which the service delivered is considered acceptable
Service level agreement (SLA)
Database management system (DBMS)
liquidity risk
Security management

16. The physical layout of how computers are linked together. Examples include ring; star and bus.
Internal storage
Topology
PPTP (point-to-point tunneling protocol)
Star topology

17. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed
Assembly language
Content filtering
legal risk
Optical character recognition

18. Files; equipment; data and procedures available for use in the event of a failure or loss; if the originals are destroyed or out of service
Audit responsibility
War dialler
Backup
Internet packet (IP) spoofing

19. Disconnecting from the computer
Spoofing
Request for proposal (RFP)
Ring topology
Logoff

20. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system
Structured programming
TACACS+ (terminal access controller access control system plus)
Batch control
IDS (intrusion detection system)

21. Analysis that is performed on a continuous basis; with results gained in time to alter the run-time system
Manual journal entry
Parity check
Real-time analysis
Fscal year

22. A resource whose loss will result in the loss of service or production
Single point of failure
Uninterruptible power supply (UPS)
price risk
Protection domain

23. A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Analog signals are used in telecommunications.
Public key cryptosystem
Analog
Strategic risk
Internet Engineering Task Force (IETF)

24. The ability of end users to design and implement their own information system utilizing computer software products
End-user computing
Run-to-run totals
Netware
Direct reporting engagement

25. A protocol used to transmit data securely between two end points to create a VPN
Internal penetrators
Recovery point objective (RPO)—
PPTP (point-to-point tunneling protocol)
Digital signature

26. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system
Audit program
Antivirus software
Rootkit
Application programming

27. A manual or automated log of all updates to data files and databases
Transaction log
Input controls
Bar code
Database replication

28. A pair of small; insulated wires that are twisted around each other to minimize interference from other wires in the cable. This is a low-capacity transmission medium.
Twisted pairs
Hash total
Antivirus software
Masking

29. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is
Edit controls
Screening routers
False negative
Expert systems

30. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.
Budget organization
Honey pot
Packet switching
Baseband

31. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul
Database replication
Logon
Netware
Parallel simulation

32. Used to electronically scan and input written information from a source document
Optical scanner
UDDI
Optical character recognition
Wide area network (WAN)

33. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint
Brute force
Biometrics
Payment system
Data security

34. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of
Function point analysis
Intranet
Challenge/response token
Application programming interface (API)

35. (remote authentication dial-in user service)
Hash function
Netware
Auditability
RADIUS

36. The boundary that defines the area of security concern and security policy coverage
Security perimeter
Network
Integrated test facilities (ITF)
Regression testing

37. The property that data meet with a priority expectation of quality and that the data can be relied upon
Parallel simulation
Credit risk
Data integrity
Black box testing

38. Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the ca
Windows NT
Gateway
Dial-back
Remote job entry (RJE)

39. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.
Unit testing
Personal identification number (PIN)
Windows NT
Abend

40. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks
browser
Decision support systems (DSS)
Duplex routing
Bypass label processing (BLP)

41. The technique used for selecting records in a file; one at a time; for processing; retrieval or storage. The access method is related to; but distinct from; the file organization that determines how the records are stored.
Access method
Information engineering
Inherent risk
IDS (intrusion detection system)

42. A sampling technique that estimates the amount of overstatement in an account balance
Analog
COCO
Uninterruptible power supply (UPS)
Monetary unit sampling

43. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.
Gateway
Format checking
Random access memory (RAM)
Internal control

44. Polymorphism refers to database structures that send the same command to different child objects that can produce different results depending on their family hierarchical tree structure.
Protocol converter
Polymorphism (objects)
X.25 interface
Data leakage

45. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.
Variable sampling
Generalized audit software
Professional competence
Digital signature

46. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange
Client-server
Adjusting period
Sampling risk
Telecommunications

47. Identified by one central processor and databases that form a distributed processing configuration
Centralized data processing
System testing
Standing data
Console log

48. In a passive assault; intruders attempt to learn some characteristic of the data being transmitted. They may be able to read the contents of the data so the privacy of the data is violated. Alternatively; although the content of the data itself may r
Remote job entry (RJE)
Passive assault
False negative
RS-232 interface

49. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm
Scure socket layer (SSL)
Independent attitude
System flowcharts
Dumb terminal

50. Used to ensure that input data agree with predetermined criteria stored in a table
Brouters
Table look-ups
Project team
Record; screen and report layouts