SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels
Hot site
Magnetic card reader
Audit accountability
Decision support systems (DSS)
2. Programs that are tested and evaluated before approval into the production environment. Test programs; through a series of change control moves; migrate from the test environment to the production environment and become production programs.
Sufficient audit evidence
Test programs
Cold site
Service bureau
3. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it
Registration authority (RA)
Limit check
Fail-safe
Preventive controls
4. A technique used to recover the original plaintext from the ciphertext such that it is intelligible to the reader. The decryption is a reverse process of the encryption.
Test data
Application security
Anomaly detection
Decryption
5. An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)
Rapid application development
Run instructions
Local area network (LAN)
Attribute sampling
6. The process of transmitting messages in convenient pieces that can be reassembled at the destination
Packet switching
Structured programming
Incremental testing
Latency
7. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems
Information engineering
L2TP (Layer 2 tunneling protocol)
Internet
Application controls
8. The risk that activities will include deliberate circumvention of controls with the intent to conceal the perpetuation of irregularities. The unauthorized use of assets or services and abetting or helping to conceal.
Independent attitude
Fraud risk
Utility programs
Coverage
9. A fail-over process; which is basically a two-way idle standby: two servers are configured so that both can take over the other node's resource group. Both must have enough CPU power to run both applications with sufficient speed; or performance loss
Hash function
Privilege
Mutual takeover
Integrated test facilities (ITF)
10. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.
Gateway
Electronic vaulting
Database
Edit controls
11. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes
Blackbox testing
Non-intrusive monitoring
Internet
Alpha
12. A layer within the International Organization for Standardization (ISO)/Open Systems Interconnection (OSI) model. It is used in information transfers between users through application programs and other devices. In this layer various protocols are ne
Checkpoint restart procedures
Executable code
Trust
Application layer
13. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm
Compensating control
Protocol
Systems development life cycle (SDLC)
Program narratives
14. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes
Recovery time objective (RTO)
Data leakage
Budget organization
Dial-back
15. A private key cryptosystem published by the National Bureau of Standards (NBS); the predecessor of the US National Institute of Standards and Technology (NIST). DES has been used commonly for data encryption in the forms of software and hardware impl
Intelligent terminal
Reputational risk
Password
Data Encryption Standard (DES)
16. The process of taking an unencrypted message (plaintext); applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)
Encryption
Indexed sequential file
Transaction
Field
17. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Business impact analysis (BIA)
Audit accountability
Record
Object code
18. Error control deviations (compliance testing) or misstatements (substantive testing)
Regression testing
Application acquisition review
Corporate governance
Error
19. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of
Dial-in access controls
Audit evidence
Signatures
Sniffing
20. A numeric value; which has been calculated mathematically; is added to data to ensure that original data have not been altered or that an incorrect; but valid match has occurred. This control is effective in detecting transposition and transcription
Frame relay
Check digit
Password
Internet Engineering Task Force (IETF)
21. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.
Trusted processes
Gateway
Public key infrastructure
Windows NT
22. The main memory of the computer's central processing unit
Database specifications
Appearance
Internal storage
Audit objective
23. The computer room and support areas
Tuple
Indexed sequential access method (ISAM)
Regression testing
Information processing facility (IPF)
24. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack
Indexed sequential file
Binary code
False positive
Internal storage
25. The name given to a class of algorithms that repeatedly try all possible combinations until a solution is found
Brute force
Numeric check
Professional competence
Record; screen and report layouts
26. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.
Ciphertext
Data security
Corrective controls
Audit evidence
27. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context
Full duplex
Materiality
Intrusion detection
Real-time processing
28. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being
Buffer
Nonrepudiation
Population
Compensating control
29. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch
Security software
End-user computing
Spanning port
Telecommunications
30. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.
Hierarchical database
Encapsulation (objects)
Input controls
Telnet
31. The outward impression of being self-governing and free from conflict of interest and undue influence
Access method
Topology
Independent appearance
Audit
32. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.
Cluster controller
Utility software
Batch processing
Integrated services digital network (ISDN)
33. A sampling technique that estimates the amount of overstatement in an account balance
Database management system (DBMS)
Monetary unit sampling
Anonymity
Scheduling
34. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs
World Wide Web Consortium (W3C)
Firmware
Requirements definition
Address space
35. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed
Cathode ray tube (CRT)
Object Management Group (OMG)
Shell
Capacity stress testing
36. The list of rules and/or guidance that is used to analyze event data
Information engineering
Rulebase
Anomaly detection
Echo checks
37. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer
Privacy
Utility programs
Diskless workstations
Input controls
38. In broadband; multiple channels are formed by dividing the transmission medium into discrete frequency segments. It generally requires the use of a modem.
Hierarchical database
Run-to-run totals
Broadband
Check digit
39. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.
Handprint scanner
Authentication
Format checking
vulnerability
40. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research (can be alpha or numeric and usually utilizes a key field)
Controls (Control procedures)
Encryption
Sequence check
Inheritance (objects)
41. Computer hardware that houses the electronic circuits that control/direct all operations of the computer system
Compiler
L2TP (Layer 2 tunneling protocol)
Parity check
Central processing unit (CPU)
42. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.
IPSec (Internet protocol security)
Address space
Trust
Trap door
43. A deficiency in the design or operation of a control procedure. Control weaknesses can potentially result in risks relevant to the area of activity not being reduced to an acceptable level (relevant risks are those that threaten achievement of the ob
Control weakness
Abend
Signatures
Masqueraders
44. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered
Token
Automated teller machine (ATM)
Bus
Security/transaction risk
45. Specifies the format of packets and the addressing scheme
Central office (CO)
Bulk data transfer
IP (Internet protocol)
ACK (acknowledgement)
46. Checks the accuracy of the results produced by a test run. There are three types of checks that an output analyzer can perform. First; if a standard set of test data and test results exists for a program; the output of a test run after program mainte
Protocol converter
Noise
Concurrent access
Output analyzer
47. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.
Internal control
SYN (synchronize)
Regression testing
Embedded audit module
48. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.
Alpha
Masqueraders
Utility programs
UNIX
49. The practice of eavesdropping on information being transmitted over telecommunications links
DMZ (demilitarized zone)
DDoS (distributed denial-of-service) attack
Wiretapping
Foreign exchange risk
50. A protocol for accessing a secure web server; whereby all data transferred is encrypted
HTTPS (hyper text transfer protocol secure)
RADIUS (remote authentication dial-in user service)
Switch
Web page