Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Those policies and procedures implemented to achieve a related control objective






2. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links






3. Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the ca






4. Analysis that is performed in real time or in continuous form






5. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission






6. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer






7. Also known as traditional development; it is a very procedure-focused development cycle with formal sign-off at the completion of each level.






8. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service






9. The process of actually entering transactions into computerized or manual files. Such transactions might immediately update the master files or may result in memo posting; in which the transactions are accumulated over a period of time; then applied






10. The process of taking an unencrypted message (plaintext); applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)






11. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature






12. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files






13. The electronic transmission of transactions (information) between two organizations. EDI promotes a more efficient paperless environment. EDI transmissions can replace the use of standard documents; including invoices or purchase orders.






14. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it






15. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management






16. A sampling technique that estimates the amount of overstatement in an account balance






17. To configure a computer or other network device to resist attacks






18. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.






19. Data unit that is routed from source to destination in a packet-switched network. A packet contains both routing information and data. Transmission control protocol/Internet protocol (TCP/IP) is such a packet-switched network.






20. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.






21. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key






22. Block-at-a-time data transmission






23. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.






24. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw






25. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities






26. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions






27. A testing technique that is used to evaluate output from one application; while the information is sent as input to another application






28. Used to enable remote access to a server computer. Commands typed are run on the remote server.






29. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl






30. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software






31. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network






32. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users






33. A computer file storage format in which one record follows another. Records can be accessed sequentially only. It is required with magnetic tape.






34. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.






35. A file format in which the file is divided into multiple subfiles and a directory is established to locate each subfile






36. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code






37. Authorized users of a computer system who overstep their legitimate access rights. This category is divided into masqueraders and clandestine users.






38. A document that confirms the client's and the IS auditor's acceptance of a review assignment






39. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain






40. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide






41. The boundary defining the scope of control authority for an entity. For example; if a system is within the control perimeter; the right and ability exists to control it in response to an attack.






42. The consolidation in 1998 of the ''Cadbury;'' ''Greenbury'' and ''Hampel'' Reports. Named after the Committee Chairs; these reports were sponsored by the UK Financial Reporting Council; the London Stock Exchange; the Confederation of British Industry






43. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.






44. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






45. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of






46. The area of the central processing unit that performs mathematical and analytical operations






47. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'






48. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates






49. The process of converting an analog telecommunications signal into a digital computer signal






50. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;