SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Organizations that have no official physical site presence and are made up of diverse geographically dispersed or mobile employees.
Control weakness
Systems acquisition process
virtual organizations
Subject matter (Area of activity)
2. Diligence which a person would exercise under a given set of circumstances
Due care
Application layer
DNS (domain name system)
E-mail/interpersonal messaging
3. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.
Central office (CO)
Dumb terminal
System exit
Queue
4. The flow of data from the input (in Internet banking; ordinarily user input at his/her desktop) to output (in Internet banking; ordinarily data in a bank's central database). Data flow includes travelling through the communication lines; routers; swi
Interest rate risk
Data flow
Artificial intelligence
Shell
5. An automated detail report of computer system activity
Message switching
Check digit verification (self-checking digit)
Challenge/response token
Console log
6. The technique used for selecting records in a file; one at a time; for processing; retrieval or storage. The access method is related to; but distinct from; the file organization that determines how the records are stored.
Preventive controls
System software
Access method
Extended Binary-coded Decimal Interchange Code (EBCDIC)
7. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.
Repository
Alpha
Expert systems
Budget formula
8. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange
browser
Budget
Embedded audit module
Telecommunications
9. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions
Availability
Handprint scanner
Redo logs
Population
10. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.
File server
Test programs
Bypass label processing (BLP)
Top-level management
11. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all
Data diddling
Prototyping
Scheduling
Criteria
12. An individual who attempts to gain unauthorized access to a computer system
Anomaly detection
Input controls
Hacker
Electronic funds transfer (EFT)
13. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code
Point-of-sale systems (POS)
Security management
Reengineering
Assembler
14. The process of converting an analog telecommunications signal into a digital computer signal
Arithmetic-logic unit (ALU)
Demodulation
Recovery time objective (RTO)
Static analysis
15. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file
Optical scanner
Production programs
Access rights
System narratives
16. Devices that perform the functions of both bridges and routers; are called brouters. Naturally; they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones; which
Systems development life cycle (SDLC)
Security management
Availability
Brouters
17. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements
Single point of failure
Procedure
Fscal year
Systems analysis
18. The code used to designate the location of a specific piece of data within computer storage
Segregation/separation of duties
Address
Degauss
Test generators
19. Programs and supporting documentation that enable and facilitate use of the computer. Software controls the operation of the hardware.
Pervasive IS controls
Variable sampling
Range check
Software
20. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.
Memory dump
Detective controls
Project sponsor
Handprint scanner
21. The password used to gain access when a system is first installed on a computer or network device. There is a large list published on the Internet and maintained at several locations. Failure to change these after the installation leaves the system v
Business-to-consumer e-commerce (B2C)
Default password
Firmware
Librarian
22. A protocol used for transmitting data between two ends of a connection
PPP (point-to-point protocol)
Base case
Electronic vaulting
Machine language
23. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw
Third-party review
ISP (Internet service provider)
Recovery point objective (RPO)—
Extensible Markup Language (XML)
24. A destructive computer program that spreads from computer to computer using a range of methods; including infecting floppy disks and other programs. Viruses typically attach themselves to a program and modify it so that the virus code runs when the p
Spool (simultaneous peripheral operations online)
Repository
Binary code
Virus
25. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei
Audit trail
Hardware
End-user computing
Bus topology
26. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and
War dialler
Application controls
Port
Simple fail-over
27. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.
Batch processing
Corporate exchange rate
BSP (business service provider)
Port
28. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.
Internal control
Subject matter (Area of activity)
Production programs
Encryption
29. Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer.
Multiplexing
Encapsulation (objects)
Spoofing
Data analysis
30. Digital information; such as cleartext; that is intelligible to the reader
Indexed sequential file
Plaintext
Scure socket layer (SSL)
Electronic vaulting
31. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.
Web site
File
Bridge
ISO17799
32. Analysis that is performed in real time or in continuous form
Dynamic analysis
Audit authority
Residual risk
Biometric locks
33. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes
Data leakage
Non-intrusive monitoring
Multiplexor
Gateway
34. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.
Computer-aided software engineering (CASE)
Unit testing
Latency
Digital certificate
35. A named collection of related records
Trusted processes
Risk
File
Bar case
36. The act or function of developing and maintaining applications programs in production
Application programming
Data dictionary
Data structure
Audit responsibility
37. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe
Record; screen and report layouts
Non-intrusive monitoring
Filtering router
Cohesion
38. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.
Utility programs
Nonrepudiation
Data communications
Initial program load (IPL)
39. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data
Star topology
Data owner
UNIX
Audit
40. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo
ASP/MSP (application or managed service provider)
Anonymous File Transfer Protocol (FTP)
Address
Budget
41. An engagement where management does not make a written assertion about the effectiveness of their control procedures; and the IS auditor provides an opinion about subject matter directly; such as the effectiveness of the control procedures
Indexed sequential access method (ISAM)
Performance indicators
Business process reengineering (BPR)
Direct reporting engagement
42. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.
Program narratives
Edit controls
Object Management Group (OMG)
Hypertext
43. A layer within the International Organization for Standardization (ISO)/Open Systems Interconnection (OSI) model. It is used in information transfers between users through application programs and other devices. In this layer various protocols are ne
Application layer
Confidentiality
Topology
Scheduling
44. Business events or information grouped together because they have a single or similar purpose. Typically; a transaction is applied to a calculation or event that then results in the updating of a holding or master file.
Business impact analysis (BIA)
Strategic risk
Appearance of independence
Transaction
45. An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions
Authorization
Compensating control
Population
Latency
46. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of
Generalized audit software
Application programming interface (API)
Application program
Intrusive monitoring
47. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.
File
Edit controls
Electronic funds transfer (EFT)
Substantive testing
48. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research
Vulnerabilities
Computer sequence checking
Hub
Internal control
49. A telecommunications traffic controlling methodology in which a complete message is sent to a concentration point and stored until the communications path is established
Utility software
Message switching
Data analysis
Sequence check
50. Defined minimum performance measures at or above which the service delivered is considered acceptable
Asymmetric key (public key)
Operational risk
Repudiation
Service level agreement (SLA)