SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.
Program evaluation and review technique (PERT)
Certificate Revocation List
Electronic funds transfer (EFT)
Multiplexor
2. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure
Tuple
Field
Fraud risk
Noise
3. Programs that provide assurance that the software being audited is the correct version of the software; by providing a meaningful listing of any discrepancies between the two versions of the program
Reasonable assurance
Source code compare programs
Control Objectives for Enterprise Governance
Corporate exchange rate
4. Used to electronically input; read and interpret information directly from a source document; requires the source document to have specially-coded magnetic ink typeset
Object-oriented system development
Financial audit
PPP (point-to-point protocol)
Magnetic ink character recognition (MICR)
5. Provide verification that all transmitted data are read and processed
Waterfall development
Run-to-run totals
External router
Detection risk
6. Record layouts provide information regarding the type of record; its size and the type of data contained in the record. Screen and report layouts describe what information is provided and necessary for input.
Data structure
Web Services Description Language (WSDL)
Utility programs
Record; screen and report layouts
7. An interface point between the CPU and a peripheral device
Port
Trojan horse
DDoS (distributed denial-of-service) attack
Digital certificate
8. The rate of transmission for telecommunication data. It is expressed in bits per second (bps).
Irregularities
Recovery point objective (RPO)—
Inheritance (objects)
Baud rate
9. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed
Packet switching
Corporate exchange rate
Promiscuous mode
Incremental testing
10. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.
Trusted processes
Numeric check
Standing data
Security/transaction risk
11. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus
e-commerce
Fraud risk
Reengineering
Twisted pairs
12. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.
System flowcharts
PPP (point-to-point protocol)
Internet Engineering Task Force (IETF)
Nonrepudiation
13. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw
Backup
Firewall
Run instructions
Attitude
14. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users
Masqueraders
Protocol
Magnetic card reader
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
15. A set of utilities that implement a particular network protocol. For instance; in Windows machines a TCP/IP stack consists of TCP/IP software; sockets software and hardware driver software.
Protocol stack
Decentralization
Master file
Audit risk
16. A permanent connection between hosts in a packet switched network
Brute force
Concurrent access
Permanent virtual circuit (PVC)
Bar case
17. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination
Password cracker
Web page
Availability
Datagram
18. A sub-network of the Internet through which information is exchanged by text; graphics; audio and video.
world wide web (WWW)
Intrusion detection
Dial-back
Consumer
19. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.
Bus
Piggy backing
Professional competence
HTTPS (hyper text transfer protocol secure)
20. Software packages that sequentially dial telephone numbers; recording any numbers that answer
War dialler
Communications controller
Corrective controls
Anonymous File Transfer Protocol (FTP)
21. A series of steps to complete an audit objective
Non-intrusive monitoring
Audit
Downtime report
Audit program
22. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management
Switch
Security administrator
Structured Query Language (SQL)
Electronic cash
23. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm
Data Encryption Standard (DES)
Components (as in component-based development)
Systems development life cycle (SDLC)
UNIX
24. Universal Description; Discovery and Integration
Optical scanner
Split data systems
UDDI
Corporate exchange rate
25. A workstation or PC on a network that does not have its own disk. Instead; it stores files on a network file server.
Statistical sampling
Diskless workstations
Registration authority (RA)
Journal entry
26. Is present when a financial asset or liability is denominated in a foreign currency or is funded by borrowings in another currency
Web Services Description Language (WSDL)
Internal control structure
Reverse engineering
Foreign exchange risk
27. The amount of time allowed for the recovery of a business function or resource after a disaster occurs
Audit evidence
Recovery time objective (RTO)
Random access memory (RAM)
Operator console
28. A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations
Systems development life cycle (SDLC)
Frame relay
Application software tracing and mapping
Microwave transmission
29. Intentional violations of established management policy or regulatory requirements. Deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole; gross negligence or unintentional illegal acts.
Irregularities
Computer sequence checking
Surge suppressor
Administrative controls
30. Files; equipment; data and procedures available for use in the event of a failure or loss; if the originals are destroyed or out of service
Record
Backup
Ring topology
Redo logs
31. The information an auditor gathers in the course of performing an IS audit. Evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Evidence
Ring topology
Handprint scanner
Technical infrastructure security
32. A third party that provides organizations with a variety of Internet; and Internet-related services
Reasonable assurance
Application software tracing and mapping
ISP (Internet service provider)
Telnet
33. The flow of data from the input (in Internet banking; ordinarily user input at his/her desktop) to output (in Internet banking; ordinarily data in a bank's central database). Data flow includes travelling through the communication lines; routers; swi
Remote procedure calls (RPCs)
Data flow
Node
Baud rate
34. Formal document which defines the IS auditor's responsibility; authority and accountability for a specific assignment
Plaintext
Engagement letter
Internal penetrators
Hyperlink
35. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com
Point-of-sale systems (POS)
Proxy server
Protocol
Useful audit evidence
36. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.
Whitebox testing
Simple fail-over
Budget organization
Computer server
37. An edit check designed to ensure the data in a particular field is numeric
Buffer
Nonrepudiable trnasactions
Systems development life cycle (SDLC)
Numeric check
38. The relationships among files in a database and among data items within each file
Data leakage
Third-party review
Ring topology
Data structure
39. An input device that reads characters and images that are printed or painted on a paper form into the computer.
Optical scanner
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
File
Centralized data processing
40. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame
Generalized audit software
Irregularities
Frame relay
Source code compare programs
41. The level to which transactions can be traced and audited through a system
Authorization
Network administrator
Range check
Auditability
42. The property that data meet with a priority expectation of quality and that the data can be relied upon
Database specifications
Reengineering
Data integrity
Card swipes
43. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information
Reasonable assurance
Trusted systems
Mutual takeover
Surge suppressor
44. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the
Access method
liquidity risk
Default deny policy
Protocol converter
45. The transfer of service from an incapacitated primary component to its backup component
Record
Fail-over
Hub
Smart card
46. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all
Logs/Log file
Criteria
Recovery point objective (RPO)—
Independent attitude
47. The risk that an error which could occur in an audit area; and which could be material; individually or in combination with other errors; will not be prevented or detected and corrected on a timely basis by the internal control system
ASCII (American Standard Code for Information Interchange)
Quick ship
Control risk
Compliance testing
48. An audit designed to determine the accuracy of financial records; as well as evaluate the internal controls of a function or department
Comprehensive audit
FTP (file transfer protocol)
Utility software
Alpha
49. The outward impression of being self-governing and free from conflict of interest and undue influence
Independent appearance
Population
Peripherals
L2F (Layer 2 forwarding)
50. Digital information; such as cleartext; that is intelligible to the reader
Plaintext
Data diddling
UDDI
World Wide Web Consortium (W3C)
