SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key
Private key
Harden
Access control table
Operational control
2. A collection of related information treated as a unit. Separate fields within the record are used for processing of the information.
Record
COBIT
Capacity stress testing
Service bureau
3. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
Trap door
Numeric check
Man-in-the-middle attack
Third-party review
4. Disconnecting from the computer
ISP (Internet service provider)
Exposure
Logoff
Comparison program
5. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the
liquidity risk
Spanning port
Internal penetrators
Logical access controls
6. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed
Promiscuous mode
Utility programs
Table look-ups
Software
7. Error control deviations (compliance testing) or misstatements (substantive testing)
Error
Protocol
Structured Query Language (SQL)
Range check
8. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.
Incremental testing
HTTP (hyper text transfer protocol)
Variable sampling
Compiler
9. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.
Output analyzer
Digital signature
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Automated teller machine (ATM)
10. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.
Reputational risk
Operational control
Bus topology
Foreign exchange risk
11. 1) Two or more networks connected by a router 2) The world's largest network using TCP/IP protocols to link government; university and commercial institutions
Authorization
Audit risk
Internet
Source documents
12. The time it takes a system and network delay to respond. System latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.
Telnet
Repository
Latency
Access control table
13. Detection on the basis of whether the system activity matches that defined as bad
Piggy backing
Password
Trusted systems
Misuse detection
14. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.
Port
Software
Terms of reference
Digital certificate
15. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.
Certificate authority (CA)
Active response
Spool (simultaneous peripheral operations online)
Dumb terminal
16. An approach to system development where the basic unit of attention is an object; which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template ca
Object orientation
Statistical sampling
Rootkit
Multiplexing
17. The risk associated with an event when the control is in place to reduce the effect or likelihood of that event being taken into account
Anomaly detection
Audit evidence
Residual risk
Optical character recognition
18. A protocol for packet-switching networks
Audit evidence
Application controls
X.25
Variable sampling
19. The flow of data from the input (in Internet banking; ordinarily user input at his/her desktop) to output (in Internet banking; ordinarily data in a bank's central database). Data flow includes travelling through the communication lines; routers; swi
Data flow
Router
Web page
Table look-ups
20. Considered for acquisition the person responsible for high-level decisions; such as changes to the scope and/or budget of the project; and whether or not to implement
Distributed data processing network
Electronic signature
Project sponsor
Microwave transmission
21. Programs that are used to process live or actual data that were received as input into the production environment.
Production programs
Audit charter
Control objective
Data custodian
22. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial
Shell
Bypass label processing (BLP)
Enterprise resource planning
Magnetic card reader
23. A protocol used to transmit data securely between two end points to create a VPN
PPTP (point-to-point tunneling protocol)
Modulation
Tcpdump
External router
24. A system's level of resilience to seamlessly react from hardware and/or software failure
Fault tolerance
Object orientation
Application controls
File
25. An integrated set of computer programs designed to serve a particular function that has specific input; processing and output activities (e.g.; general ledger; manufacturing resource planning; human resource management)
Program flowcharts
Application system
Bypass label processing (BLP)
Packet filtering
26. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'
Computationally greedy
Corrective controls
COSO
Waterfall development
27. Software used to create data to be used in the testing of computer programs
Real-time processing
COCO
Finger
Test generators
28. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate
Salami technique
Risk assessment
DoS (denial-of-service) attack
Extended Binary-coded Decimal Interchange Code (EBCDIC)
29. An authentication protocol; often used by remote-access servers
RADIUS (remote authentication dial-in user service)
Monitoring policy
Control section
TACACS+ (terminal access controller access control system plus)
30. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.
Dumb terminal
Data integrity
Hash total
Rapid application development
31. Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the ca
Baud rate
Application system
Object code
Dial-back
32. Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.
Object Management Group (OMG)
Middleware
PPTP (point-to-point tunneling protocol)
vulnerability
33. A broad and wide-ranging concept of corporate governance; covering associated organizations such as global strategic alliance partners. (Source: Control Objectives for Enterprise Governance Discussion Document; published by the Information Systems Au
Field
Enterprise governance
Signatures
Engagement letter
34. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame
Frame relay
Data diddling
Spoofing
Inherent risk
35. Is the risk to earnings or capital arising from movements in interest rates. From an economic perspective; a bank focuses on the sensitivity of the value of its assets; liabilities and revenues to changes in interest rates. Internet banking may attra
Control group
Data-oriented systems development
Security perimeter
Interest rate risk
36. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population
Field
Warm-site
General computer controls
Audit sampling
37. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
NAT (Network Address Translation)
Computer server
File layout
ASCII (American Standard Code for Information Interchange)
38. Is present when a financial asset or liability is denominated in a foreign currency or is funded by borrowings in another currency
virtual organizations
Object Management Group (OMG)
Service provider
Foreign exchange risk
39. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain
Split data systems
Edit controls
Private key
Spanning port
40. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules
Expert systems
Quick ship
Filtering router
Audit charter
41. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users
Professional competence
Proxy server
Masqueraders
Expert systems
42. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.
Polymorphism (objects)
Piggy backing
Cathode ray tube (CRT)
Finger
43. Program flowcharts show the sequence of instructions in a single program or subroutine. The symbols used should be the internationally accepted standard. Program flowcharts should be updated when necessary.
Independent attitude
Program flowcharts
Nonrepudiation
Credit risk
44. A system of storing messages in a private recording medium where the called party can later retrieve the messages
Data Encryption Standard (DES)
Application program
Rotating standby
Voice mail
45. The central database that stores and organizes data
Concurrent access
world wide web (WWW)
Single point of failure
Repository
46. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to
Data Encryption Standard (DES)
Redo logs
ACK (acknowledgement)
Rounding down
47. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is
Downloading
legal risk
Source code
Fiber optic cable
48. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy
Audit authority
Virtual private network (VPN)
Reputational risk
Rounding down
49. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.
Message switching
Web site
Real-time analysis
Transaction protection
50. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy
Asynchronous Transfer Mode (ATM)
Audit
Threat
Performance testing
