SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.
Remote job entry (RJE)
Digital certification
Hierarchical database
Protocol converter
2. The ability of end users to design and implement their own information system utilizing computer software products
Strategic risk
IDS (intrusion detection system)
End-user computing
Vulnerability analysis
3. A pair of small; insulated wires that are twisted around each other to minimize interference from other wires in the cable. This is a low-capacity transmission medium.
Field
System flowcharts
Twisted pairs
Relevant audit evidence
4. Digital information; such as cleartext; that is intelligible to the reader
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
Plaintext
TCP (transmission control protocol)
IDS (intrusion detection system)
5. A top-down technique of designing programs and systems. It makes programs more readable; more reliable and more easily maintained.
Discovery sampling
Structured programming
Table look-ups
Systems acquisition process
6. The susceptibility of an audit area to error which could be material; individually or in combination with other errors; assuming that there are no related internal controls
Split DNS
Anonymous File Transfer Protocol (FTP)
Corporate exchange rate
Inherent risk
7. The process of monitoring the events occurring in a computer system or network; detecting signs of security problems
Controls (Control procedures)
Intrusion detection
Dry-pipe fire extinguisher system
FIN (final)
8. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key
Population
Private key
Echo checks
Anomaly
9. Computer hardware that houses the electronic circuits that control/direct all operations of the computer system
Performance testing
Evidence
Central processing unit (CPU)
Production software
10. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical
Hierarchical database
Computer-aided software engineering (CASE)
File layout
Payment system
11. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be
Encryption
Hash function
Computationally greedy
Discovery sampling
12. A program written in a portable; platform independent computer language; such as Java. It is usually embedded in an HTML page and then executed by a browser. Applets can only perform a restricted set of operations; thus preventing; or at least minimi
Monitor
Applet
ASCII (American Standard Code for Information Interchange)
Parallel testing
13. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management
Terminal
System flowcharts
implementation life cycle review
False negative
14. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.
Partitioned file
Artificial intelligence
Hexadecimal
Half duplex
15. Also known as traditional development; it is a very procedure-focused development cycle with formal sign-off at the completion of each level.
Audit expert systems
Electronic cash
Full duplex
Waterfall development
16. The property that data meet with a priority expectation of quality and that the data can be relied upon
Certificate Revocation List
Data integrity
Mutual takeover
Communications controller
17. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is
NAT (Network Address Translation)
Program evaluation and review technique (PERT)
Expert systems
Passive assault
18. The proportion of known attacks detected by an intrusion detection system
Object code
Coverage
Single point of failure
Expert systems
19. Organizations that have no official physical site presence and are made up of diverse geographically dispersed or mobile employees.
virtual organizations
FIN (final)
Geographic disk mirroring
Teleprocessing
20. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)
Mapping
ISP (Internet service provider)
Application programming
Normalization
21. Authorized users of a computer system who overstep their legitimate access rights. This category is divided into masqueraders and clandestine users.
Continuous auditing approach
Address
Test generators
Internal penetrators
22. A type of LAN architecture that utilizes a central controller to which all nodes are directly connected. All transmissions from one station to another pass through the central controller; which is responsible for managing and controlling all communic
Star topology
Judgment sampling
Internet Inter-ORB Protocol (IIOP)
Static analysis
23. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.
Limit check
Magnetic ink character recognition (MICR)
Access path
Recovery testing
24. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure
Port
Tuple
Test generators
Evidence
25. A cipher technique whereby different cryptographic keys are used to encrypt and decrypt a message (see public key cryptosystems)
Fourth generation language (4GL)
Asymmetric key (public key)
Artificial intelligence
Public key
26. System flowcharts are graphical representations of the sequence of operations in an information system or program. Information system flowcharts show how data from source documents flow through the computer to final distribution to users. Symbols use
System flowcharts
Symmetric key encryption
Gateway
Parity check
27. A device that forwards packets between LAN devices or segments. LANs that use switches are called switched LANs.
Network hop
Spoofing
Symmetric key encryption
Switch
28. The password used to gain access when a system is first installed on a computer or network device. There is a large list published on the Internet and maintained at several locations. Failure to change these after the installation leaves the system v
Default password
Adjusting period
Protocol converter
Diskless workstations
29. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.
Budget hierarchy
Network
Inherent risk
Residual risk
30. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.
Intrusion detection
Limit check
Man-in-the-middle attack
Budget
31. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.
ICMP (internet control message protocol)
Point-of-sale systems (POS)
Sufficient audit evidence
Application security
32. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes
Nonrepudiable trnasactions
Appearance of independence
IT governance
Access path
33. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an
Computer server
Generalized audit software
Man-in-the-middle attack
Data-oriented systems development
34. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and
Systems development life cycle (SDLC)
Application controls
Security software
Embedded audit module
35. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.
Executable code
Project sponsor
Trusted processes
Allocation entry
36. Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the ca
FIN (final)
Twisted pairs
Dial-back
System software
37. A list of retracted certificates
Certificate Revocation List
Concurrent access
Random access memory (RAM)
Idle standby
38. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.
Transaction log
Regression testing
FTP (file transfer protocol)
Trojan horse
39. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information
Trusted systems
Downtime report
Data integrity
Project sponsor
40. A multiuser; multitasking operating system that is used widely as the master control program in workstations and especially servers
TACACS+ (terminal access controller access control system plus)
Hot site
UNIX
Transaction protection
41. Error control deviations (compliance testing) or misstatements (substantive testing)
Logs/Log file
Sequence check
Bulk data transfer
Error
42. Simulated transactions that can be used to test processing logic; computations and controls actually programmed in computer applications. Individual programs or an entire system can be tested. This technique includes Integrated Test Facilities (ITFs)
Objectivity
Field
Firmware
Test data
43. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.
Corporate exchange rate
Open systems
IDS (intrusion detection system)
Due care
44. To configure a computer or other network device to resist attacks
Authorization
Data flow
Attitude
Harden
45. A device that connects two similar networks together
Token
Bandwidth
Bridge
IPSec (Internet protocol security)
46. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig
Uninterruptible power supply (UPS)
Project team
Fiber optic cable
Error
47. A data transmission service requiring the establishment of a circuit-switched connection before data can be transferred from source data terminal equipment (DTE) to a sink DTE. A circuit-switched data transmission service uses a connection network.
Record; screen and report layouts
ACK (acknowledgement)
Circuit-switched network
Masking
48. A program that translates programming language (source code) into machine executable instructions (object code)
Compiler
File layout
Substantive testing
Residual risk
49. A system that authentically distributes users' public keys using certificates
UDP (User Datagram Protocol)
vulnerability
Public key infrastructure
Accountability
50. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus
Function point analysis
Dial-in access controls
Intrusion detection
e-commerce