Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.






2. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed






3. A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements






4. A flag set in a packet to indicate that this packet is the final data packet of the transmission






5. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.






6. The transfer of service from an incapacitated primary component to its backup component






7. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities






8. The central database that stores and organizes data






9. Used to electronically scan and input written information from a source document






10. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.






11. The interface between the user and the system






12. Software packages that sequentially dial telephone numbers; recording any numbers that answer






13. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu






14. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical






15. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.






16. A system development technique that enables users and developers to reach agreement on system requirements. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphas






17. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users






18. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes






19. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems






20. The elimination of redundant data






21. A numeric value; which has been calculated mathematically; is added to data to ensure that original data have not been altered or that an incorrect; but valid match has occurred. This control is effective in detecting transposition and transcription






22. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).






23. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr






24. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas






25. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.






26. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system






27. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).






28. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example






29. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research






30. A broad and wide-ranging concept of corporate governance; covering associated organizations such as global strategic alliance partners. (Source: Control Objectives for Enterprise Governance Discussion Document; published by the Information Systems Au






31. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv






32. Detection on the basis of whether the system activity matched that defined as abnormal






33. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.






34. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.






35. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.






36. Specifies the format of packets and the addressing scheme






37. A hierarchical database that is distributed across the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail servers






38. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy






39. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






40. A communication network that serves several users within a specified geographic area. It is made up of servers; workstations; a network operating system and a communications link. Personal computer LANs function as distributed processing systems in w






41. Authorized users of a computer system who overstep their legitimate access rights. This category is divided into masqueraders and clandestine users.






42. The application of an edit; using a predefined field definition to a submitted information stream; a test to ensure that data conform to a predefined format






43. Relates to the technical and physical features of the computer






44. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed






45. The organization providing the outsourced service






46. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code






47. Testing an application with large quantities of data to evaluate its performance during peak periods. It also is called volume testing.






48. The computer's primary working memory. Each byte of memory can be accessed randomly regardless of adjacent bytes.






49. A top-down technique of designing programs and systems. It makes programs more readable; more reliable and more easily maintained.






50. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re