SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A system development methodology that is organised around ''objects'' rather than ''actions;' and 'data ' rather than 'logic.' Object-oriented analysis is an assessment of a physical system to determine which objects in the real world need to be repr
Access path
Object-oriented system development
Regression testing
ICMP (internet control message protocol)
2. A third party that provides organizations with a variety of Internet; and Internet-related services
ISP (Internet service provider)
Spanning port
End-user computing
Audit accountability
3. Programs that provide assurance that the software being audited is the correct version of the software; by providing a meaningful listing of any discrepancies between the two versions of the program
Consumer
Taps
Source code compare programs
Strategic risk
4. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.
Security perimeter
Function point analysis
Passive response
Multiplexor
5. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems
Taps
Application proxy
Access path
Client-server
6. Criteria Of Control; published by the Canadian Institute of Chartered Accountants in 1995
Circuit-switched network
COCO
Structured Query Language (SQL)
Packet filtering
7. A collection of computer programs used in the design; processing and control of all applications. The programs and processing routines that control the computer hardware; including the operating system and utility programs. Refers to the operating sy
System software
Monetary unit sampling
Antivirus software
Control weakness
8. A process used to identify and evaluate risks and their potential effects
Centralized data processing
Teleprocessing
Risk assessment
Detective controls
9. A named collection of related records
File
Internet Engineering Task Force (IETF)
Hypertext
TCP (transmission control protocol)
10. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
Full duplex
Due professional care
Brute force
Computer server
11. An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions
Fraud risk
Telnet
Compensating control
Token
12. A response; in which the system (automatically or in concert with the user) blocks or otherwise affects the progress of a detected attack. The response takes one of three forms--amending the environment; collecting more information or striking back a
Optical character recognition
General computer controls
Active response
File
13. The process of actually entering transactions into computerized or manual files. Such transactions might immediately update the master files or may result in memo posting; in which the transactions are accumulated over a period of time; then applied
Posting
Logon
Proxy server
Applet
14. Used to electronically scan and input written information from a source document
Project sponsor
Bar code
Application programming interface (API)
Optical character recognition
15. A system of storing messages in a private recording medium where the called party can later retrieve the messages
Spoofing
Voice mail
Demodulation
HTTPS (hyper text transfer protocol secure)
16. A sampling technique used to estimate the average or total value of a population based on a sample; a statistical model used to project a quantitative characteristic; such as a dollar amount
Application
Variable sampling
Application controls
Object orientation
17. A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements
Database
Source documents
Man-in-the-middle attack
Application system
18. Is the risk to earnings or capital arising from movements in interest rates. From an economic perspective; a bank focuses on the sensitivity of the value of its assets; liabilities and revenues to changes in interest rates. Internet banking may attra
Validity check
TCP (transmission control protocol)
Controls (Control procedures)
Interest rate risk
19. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.
World Wide Web Consortium (W3C)
Downtime report
Electronic signature
Star topology
20. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems
Audit sampling
Latency
Control Objectives for Enterprise Governance
Sequential file
21. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.
SMTP (Simple Mail Transport Protocol)
Hot site
Cluster controller
False positive
22. The main memory of the computer's central processing unit
Irregularities
Internal storage
Check digit verification (self-checking digit)
Job control language (JCL)
23. Emergency processing agreements between two or more organizations with similar equipment or applications. Typically; participants promise to provide processing time to each other when an emergency arises.
Reciprocal agreement
Application
Systems acquisition process
Blackbox testing
24. Requiring a great deal of computing power; processor intensive
Computationally greedy
Voice mail
Electronic vaulting
Screening routers
25. The ability of end users to design and implement their own information system utilizing computer software products
End-user computing
Systems acquisition process
Bus
Comparison program
26. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.
Program narratives
Generalized audit software
Partitioned file
Editing
27. A device that is used to authenticate a user; typically in addition to a username and password. It is usually a credit card-sized device that displays a pseudo random number that changes every few minutes.
Public key infrastructure
Audit accountability
Availability
Token
28. Filters out electrical surges and spikes
Surge suppressor
Untrustworthy host
Frame relay
Trusted processes
29. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti
Electronic vaulting
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Web Services Description Language (WSDL)
Security administrator
30. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission
Internet banking
Internal control
Split DNS
ACK (acknowledgement)
31. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates
Electronic data interchange (EDI)
Reputational risk
Certificate authority (CA)
Input controls
32. The process of determining what types of activities are permitted. Ordinarily; authorisation is in the context of authentication: once you have authenticated a user; he/she may be authorised to perform different types of access or activity
Authorization
Application proxy
Variable sampling
Verification
33. Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer.
Audit risk
Sniffing
Encapsulation (objects)
Teleprocessing
34. A type of LAN architecture that utilizes a central controller to which all nodes are directly connected. All transmissions from one station to another pass through the central controller; which is responsible for managing and controlling all communic
Dial-back
Star topology
UDP (User Datagram Protocol)
Administrative controls
35. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service
Application proxy
Application system
Decryption
Multiplexor
36. The proportion of known attacks detected by an intrusion detection system
Magnetic card reader
Coverage
Real-time analysis
Security/transaction risk
37. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m
Active recovery site (mirrored)
Distributed data processing network
price risk
Parity check
38. A resource whose loss will result in the loss of service or production
Recovery time objective (RTO)
Compiler
Extensible Markup Language (XML)
Single point of failure
39. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.
Corporate exchange rate
Utility programs
Sufficient audit evidence
Network administrator
40. The area of the system that the intrusion detection system is meant to monitor and protect
Value-added network (VAN)
RADIUS
FTP (file transfer protocol)
Protection domain
41. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr
General computer controls
Residual risk
Downloading
Initial program load (IPL)
42. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.
Point-of-sale systems (POS)
Attitude
Twisted pairs
Digital signature
43. An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals
Partitioned file
Packet
Access control table
Point-of-presence (POP)
44. A deficiency in the design or operation of a control procedure. Control weaknesses can potentially result in risks relevant to the area of activity not being reduced to an acceptable level (relevant risks are those that threaten achievement of the ob
Fault tolerance
Corporate governance
Personal identification number (PIN)
Control weakness
45. A financial system that establishes the means for transferring money between suppliers and users of funds; ordinarily by exchanging debits or credits between banks or financial institutions.
UNIX
Editing
System exit
Payment system
46. The current and prospective effect on earnings or capital arising from adverse business decisions; improper implementation of decisions or lack of responsiveness to industry changes.
Procedure
Strategic risk
Wide area network (WAN)
L2F (Layer 2 forwarding)
47. A set of utilities that implement a particular network protocol. For instance; in Windows machines a TCP/IP stack consists of TCP/IP software; sockets software and hardware driver software.
Protocol stack
Artificial intelligence
Interface testing
Checkpoint restart procedures
48. A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also; that permits multimedia (graphics) applications on the World Wide Web
browser
Control Objectives for Enterprise Governance
Security administrator
Packet switching
49. A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify if they actually arrive at the destination; not if
Control perimeter
Security policy
UDP (User Datagram Protocol)
Web page
50. A method of selecting a portion of a population; by means of mathematical calculations and probabilities; for the purpose of making scientifically and mathematically sound inferences regarding the characteristics of the entire population
General computer controls
Statistical sampling
world wide web (WWW)
Credentialed analysis