Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and






2. Software packages that sequentially dial telephone numbers; recording any numbers that answer






3. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.






4. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems






5. Estimated cost and revenue amounts for a given range of periods and set of books. There can be multiple budget versions for the same set of books.






6. Intentional violations of established management policy or regulatory requirements. Deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole; gross negligence or unintentional illegal acts.






7. Behavior adequate to meet the situations occurring during audit work (interviews; meetings; reporting; etc.). The IS auditor should be aware that appearance of independence depends upon the perceptions of others and can be influenced by improper acti






8. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code






9. Identified by one central processor and databases that form a distributed processing configuration






10. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system






11. Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.






12. A testing approach that uses knowledge of a program/module's underlying implementation and code intervals to verify its expected behavior.






13. The act of transferring computerized information from one computer to another computer






14. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population






15. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.






16. To record details of information or events in an organized record-keeping system; usually sequenced in the order they occurred






17. Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer.






18. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.






19. A system development methodology that is organised around ''objects'' rather than ''actions;' and 'data ' rather than 'logic.' Object-oriented analysis is an assessment of a physical system to determine which objects in the real world need to be repr






20. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.






21. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'






22. The list of rules and/or guidance that is used to analyze event data






23. A device for sending and receiving computerized data over transmission lines






24. The application of an edit; using a predefined field definition to a submitted information stream; a test to ensure that data conform to a predefined format






25. A manual or automated log of all updates to data files and databases






26. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently






27. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.






28. The current and prospective effect on earnings or capital arising from adverse business decisions; improper implementation of decisions or lack of responsiveness to industry changes.






29. A statement of the position within the organization; including lines of reporting and the rights of access






30. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination






31. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users






32. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations






33. Faking the sending address of a transmission in order to gain illegal entry into a secure system






34. A low-level computer programming language which uses symbolic code and produces machine instructions






35. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission






36. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.






37. A protocol and program that allows the remote identification of users logged into a system






38. Checks that data are entered correctly






39. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research (can be alpha or numeric and usually utilizes a key field)






40. Programs and supporting documentation that enable and facilitate use of the computer. Software controls the operation of the hardware.






41. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development






42. A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers






43. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.






44. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem






45. The level of trust with which a system object is imbued






46. A file format in which records are organized and can be accessed; according to a preestablished key that is part of the record






47. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.






48. These controls are designed to prevent or restrict an error; omission or unauthorized intrusion.






49. 1) Two or more networks connected by a router 2) The world's largest network using TCP/IP protocols to link government; university and commercial institutions






50. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests