SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A numeric value; which has been calculated mathematically; is added to data to ensure that original data have not been altered or that an incorrect; but valid match has occurred. This control is effective in detecting transposition and transcription
Management information system (MIS)
Offsite storage
Audit accountability
Check digit
2. A software engineering technique whereby an existing application system code can be redesigned and coded using computer-aided software engineering (CASE) technology
liquidity risk
Reverse engineering
Point-of-presence (POP)
Noise
3. Detection on the basis of whether the system activity matches that defined as bad
Logical access controls
Monetary unit sampling
Misuse detection
Strategic risk
4. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme
Public key
Telnet
Internal control structure
Run instructions
5. A formal agreement with a third party to perform an IS function for an organization
Outsourcing
Intrusion detection
Sequence check
Risk
6. The information an auditor gathers in the course of performing an IS audit. Evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Normalization
Monitoring policy
Independent attitude
Evidence
7. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).
Posting
Internet Engineering Task Force (IETF)
Bandwidth
Rulebase
8. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain
Optical character recognition
Exception reports
Split data systems
Datagram
9. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service
Bar case
Object Management Group (OMG)
Application software tracing and mapping
Point-of-presence (POP)
10. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements
Screening routers
Procedure
Systems analysis
Data diddling
11. The central database that stores and organizes data
Repository
Indexed sequential file
Downtime report
Comparison program
12. A telecommunications traffic controlling methodology in which a complete message is sent to a concentration point and stored until the communications path is established
Message switching
ASCII (American Standard Code for Information Interchange)
Masqueraders
Service provider
13. A data recovery strategy that takes a set of physically disparate disks and synchronously mirrors them over high performance communication lines. Any write to a disk on one side will result in a write on the other. The local write will not return unt
Client-server
Geographic disk mirroring
Single point of failure
Initial program load (IPL)
14. Programmed checking of data validity in accordance with predetermined criteria
Data diddling
System flowcharts
Corporate governance
Validity check
15. A specially configured server; designed to attract intruders so that their actions do not affect production systems; also known as a decoy server
Internet Engineering Task Force (IETF)
Active response
Honey pot
Firewall
16. Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However; the goal of component
Private key
Journal entry
Fourth generation language (4GL)
Components (as in component-based development)
17. The list of rules and/or guidance that is used to analyze event data
Nonrepudiable trnasactions
Rulebase
Requirements definition
General computer controls
18. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes
Hot site
IDS (intrusion detection system)
Reciprocal agreement
Non-intrusive monitoring
19. The specific information subject to the IS auditor's report and related procedures which can include things such as the design or operation of internal controls and compliance with privacy practices or standards or specified laws and regulations.
Internal control
Internet Engineering Task Force (IETF)
Sniff
Subject matter (Area of activity)
20. The main memory of the computer's central processing unit
Cohesion
implementation life cycle review
Internal storage
HTTPS (hyper text transfer protocol secure)
21. Hardware devices; such as asynchronous and synchronous transmissions; that convert between two different types of transmission
Application proxy
Biometrics
Random access memory (RAM)
Protocol converter
22. An audit designed to determine the accuracy of financial records; as well as evaluate the internal controls of a function or department
Comprehensive audit
Dry-pipe fire extinguisher system
Uninterruptible power supply (UPS)
Computer server
23. The process of creating and managing duplicate versions of a database. Replication not only copies a database but also synchronizes a set of replicas so that changes made to one replica are reflected in all the others. The beauty of replication is th
Integrated test facilities (ITF)
Database replication
Monitoring policy
Threat
24. Records of system events generated by a specialized operating system mechanism
Operating system audit trails
Active response
Cold site
Switch
25. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development
Subject matter (Area of activity)
System exit
Static analysis
BSP (business service provider)
26. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint
Biometrics
Encryption key
Asymmetric key (public key)
Coverage
27. An international standard that defines information confidentiality; integrity and availability controls
Statistical sampling
Test data
Single point of failure
ISO17799
28. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function
Access control
Audit authority
Object-oriented system development
Communications controller
29. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul
BSP (business service provider)
Parallel simulation
Detection risk
Discovery sampling
30. The process of electronically inputting source documents by taking an image of the document; thereby eliminating the need for key entry
Image processing
price risk
Application acquisition review
Arithmetic-logic unit (ALU)
31. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no
Journal entry
Nonrepudiable trnasactions
Idle standby
Vulnerabilities
32. Any yearly accounting period without regard to its relationship to a calendar year.
e-commerce
Internal control
Fscal year
Security administrator
33. The ability to exercise judgement; express opinions and present recommendations with impartiality
Bypass label processing (BLP)
Useful audit evidence
Objectivity
Password
34. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of
Certificate authority (CA)
Degauss
Tape management system (TMS)
Central office (CO)
35. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination
Application programming interface (API)
Judgment sampling
Datagram
Compliance testing
36. Software used to create data to be used in the testing of computer programs
Decryption key
Test generators
Anomaly
Applet
37. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.
BSP (business service provider)
Anomaly
SMTP (Simple Mail Transport Protocol)
Internal control
38. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.
Edit controls
Untrustworthy host
Sequence check
Record
39. A type of service providing an authentication and accounting system often used for dial-up and remote access security
Vaccine
RADIUS (remote authentication dial-in user service)
Utility programs
Completeness check
40. A test to check the system's ability to recover after a software or hardware failure
Alpha
Downtime report
Recovery testing
Project team
41. A popular local area network operating system developed by the Novell Corp.
Service provider
Transaction
Netware
Multiplexing
42. Memory chips with embedded program code that hold their content when power is turned off
Shell
External router
Multiplexor
Firmware
43. A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.
X.25 interface
Black box testing
Source code
Expert systems
44. The risk of giving an incorrect audit opinion
Audit risk
Offline files
Diskless workstations
Firewall
45. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
Record; screen and report layouts
Trust
Engagement letter
Redo logs
46. Is present when a financial asset or liability is denominated in a foreign currency or is funded by borrowings in another currency
Security policy
Foreign exchange risk
Baud rate
Ethernet
47. In open systems architecture; circular routing is the logical path of a message in a communications network based on a series of gates at the physical network layer in the open systems interconnection (OSI) model.
Mutual takeover
Proxy server
Challenge/response token
Circular routing
48. A device that forwards packets between LAN devices or segments. LANs that use switches are called switched LANs.
Computer-aided software engineering (CASE)
Logon
Detection risk
Switch
49. A statement of the position within the organization; including lines of reporting and the rights of access
File layout
Limit check
Audit authority
Program evaluation and review technique (PERT)
50. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof
Compliance testing
Token
Audit expert systems
Integrity
