SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The highest level of management in the organization; responsible for direction and control of the organization as a whole (such as director; general manager; partner; chief officer and executive manager).
Magnetic ink character recognition (MICR)
Top-level management
Requirements definition
Anonymous File Transfer Protocol (FTP)
2. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.
Authentication
Limit check
RADIUS (remote authentication dial-in user service)
Application software tracing and mapping
3. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.
Man-in-the-middle attack
Alpha
Credentialed analysis
Protocol converter
4. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions
Population
Budget formula
Rounding down
Queue
5. Any intentional violation of the security policy of a system
Access rights
Tcpdump
Intrusion
Embedded audit module
6. A program that translates programming language (source code) into machine executable instructions (object code)
Rotating standby
Machine language
X.25 interface
Compiler
7. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.
Remote job entry (RJE)
Procedure
Discovery sampling
vulnerability
8. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.
Redundancy check
Allocation entry
Concurrent access
File layout
9. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.
Firmware
Token
Hierarchical database
Monitor
10. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.
Trojan horse
Controls (Control procedures)
Authorization
Uninterruptible power supply (UPS)
11. A denial-of-service (DoS) assault from multiple sources; see DoS
Bulk data transfer
Modem (modulator-demodulator)
Business impact analysis (BIA)
DDoS (distributed denial-of-service) attack
12. The rate of transmission for telecommunication data. It is expressed in bits per second (bps).
Standing data
Preventive controls
Baud rate
Completeness check
13. Error control deviations (compliance testing) or misstatements (substantive testing)
Editing
TCP (transmission control protocol)
Application
Error
14. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems
Auditability
Function point analysis
Source documents
Information engineering
15. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software
System testing
Intrusive monitoring
Limit check
Sniff
16. A group of items that is waiting to be serviced or processed
Attitude
Peripherals
Queue
Internal penetrators
17. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Repudiation
Application proxy
Posting
18. A series of tests designed to ensure that the modified program interacts correctly with other system components. These test procedures typically are performed by the system maintenance staff in their development library.
Allocation entry
System testing
Asymmetric key (public key)
Strategic risk
19. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.
Incremental testing
Signatures
Cluster controller
Privacy
20. A specially configured server; designed to attract intruders so that their actions do not affect production systems; also known as a decoy server
Honey pot
Proxy server
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Outsourcing
21. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw
Random access memory (RAM)
Structured Query Language (SQL)
Audit authority
Firewall
22. The list of rules and/or guidance that is used to analyze event data
Access method
E-mail/interpersonal messaging
Rulebase
Protocol stack
23. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department
Reasonable assurance
Hardware
Operational audit
Logical access controls
24. The name given to a class of algorithms that repeatedly try all possible combinations until a solution is found
Brute force
UDP (User Datagram Protocol)
Unit testing
Data analysis
25. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered
Internal control
Virus
Full duplex
Security/transaction risk
26. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).
Job control language (JCL)
Object orientation
Control perimeter
Addressing
27. The organization using the outsourced service
Service user
Control objective
Internet banking
Data Encryption Standard (DES)
28. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example
Error risk
Checkpoint restart procedures
Magnetic ink character recognition (MICR)
Operational control
29. A deficiency in the design or operation of a control procedure. Control weaknesses can potentially result in risks relevant to the area of activity not being reduced to an acceptable level (relevant risks are those that threaten achievement of the ob
Control weakness
Program flowcharts
Hash function
Bus topology
30. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code
Application layer
Assembler
Application security
Tape management system (TMS)
31. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain
Performance indicators
Split data systems
Backup
Modulation
32. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).
Expert systems
legal risk
Hot site
Bandwidth
33. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su
Business impact analysis (BIA)
Ethernet
Control section
Message switching
34. An eight-bit code representing 256 characters; used in most large computer systems
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Internet
Error risk
Nonrepudiation
35. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management
e-commerce
Finger
implementation life cycle review
X.25 interface
36. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is
Expert systems
Web site
Demodulation
Router
37. A device that connects two similar networks together
Bridge
Application security
Compliance testing
Service level agreement (SLA)
38. The process of determining what types of activities are permitted. Ordinarily; authorisation is in the context of authentication: once you have authenticated a user; he/she may be authorised to perform different types of access or activity
Reasonableness check
Protocol
Authorization
Bar case
39. A sampling technique used to estimate the average or total value of a population based on a sample; a statistical model used to project a quantitative characteristic; such as a dollar amount
Variable sampling
Embedded audit module
Data integrity
DNS (domain name system)
40. The risk that the IS auditor's substantive procedures will not detect an error which could be material; individually or in combination with other errors
Foreign exchange risk
business process integrity
Continuous auditing approach
Detection risk
41. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com
Point-of-sale systems (POS)
Router
Hash function
Token ring topology
42. A protocol for packet-switching networks
Compensating control
File layout
Hierarchical database
X.25
43. The boundary that defines the area of security concern and security policy coverage
Security perimeter
Due care
Security administrator
Logs/Log file
44. Block-at-a-time data transmission
Financial audit
Packet filtering
Scheduling
Synchronous transmission
45. An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals
Residual risk
Hardware
Bypass label processing (BLP)
Access control table
46. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being
Buffer
Outsourcing
Control perimeter
Reengineering
47. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr
Feasibility study
General computer controls
Consumer
Promiscuous mode
48. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.
Brute force
Gateway
Verification
Computer-aided software engineering (CASE)
49. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries
Application programming
Wide area network (WAN)
Protocol stack
Validity check
50. Behavior adequate to meet the situations occurring during audit work (interviews; meetings; reporting; etc.). The IS auditor should be aware that appearance of independence depends upon the perceptions of others and can be influenced by improper acti
Active recovery site (mirrored)
Appearance of independence
Internet Engineering Task Force (IETF)
Payment system