Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically






2. The roles; scope and objectives documented in the service level agreement between management and audit






3. A report that identifies the elapsed time when a computer is not operating correctly because of machine failure






4. Use of the Internet as a remote delivery channel for banking services. Services include the traditional ones; such as opening an account or transferring funds to different accounts; and new banking services; such as electronic bill presentment and pa






5. The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction






6. The structure through which the objectives of an organization are set; and the means of attaining those objectives; and determines monitoring performance guidelines. Good corporate governance should provide proper incentives for board and management






7. Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period






8. A device that is used to authenticate a user; typically in addition to a username and password. It is usually a credit card-sized device that displays a pseudo random number that changes every few minutes.






9. A utility program that combines several separately compiled modules into one; resolving internal references between them






10. Confidentiality concerns the protection of sensitive information from unauthorized disclosure






11. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl






12. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.






13. Organizations that have no official physical site presence and are made up of diverse geographically dispersed or mobile employees.






14. A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also; that permits multimedia (graphics) applications on the World Wide Web






15. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy






16. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).






17. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems






18. A printed machine-readable code that consists of parallel bars of varied width and spacing






19. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996






20. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur






21. A method of computer fraud involving a computer code that instructs the computer to slice off small amounts of money from an authorized computer transaction and reroute this amount to the perpetrator's account






22. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.






23. The process of monitoring the events occurring in a computer system or network; detecting signs of security problems






24. A destructive computer program that spreads from computer to computer using a range of methods; including infecting floppy disks and other programs. Viruses typically attach themselves to a program and modify it so that the virus code runs when the p






25. A group of items that is waiting to be serviced or processed






26. Unauthorized electronic exits; or doorways; out of an authorized computer program into a set of malicious instructions or programs






27. A document which defines the IS audit function's responsibility; authority and accountability






28. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels






29. The area of the central processing unit that performs mathematical and analytical operations






30. A system that authentically distributes users' public keys using certificates






31. Interface between data terminal equipment and data communications equipment employing serial binary data interchange






32. A recovery solution provided by recovery and/or hardware vendors and includes a pre-established contract to deliver hardware resources within a specified number amount of hours after a disaster occurs. This solution usually provides organizations wit






33. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.






34. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re






35. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack






36. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw






37. A data recovery strategy that includes a recovery from complete backups that are physically shipped off site once a week. Specifically; logs are batched electronically several times daily; and then loaded into a tape library located at the same facil






38. A storage facility located away from the building housing the primary information processing facility (IPF); used for storage of computer media such as offline backup data and storage files






39. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.






40. The individual responsible for the safeguard and maintenance of all program and data files






41. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications






42. A card reader that reads cards with a magnetizable surface on which data can be stored and retrieved






43. A measurement of the point prior to an outage to which data are to be restored






44. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.






45. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is






46. Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure; more responsive to the customer base and market conditions; while yielding material cost savings. To ree






47. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.






48. Checks the accuracy of the results produced by a test run. There are three types of checks that an output analyzer can perform. First; if a standard set of test data and test results exists for a program; the output of a test run after program mainte






49. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of






50. Hardware devices; such as asynchronous and synchronous transmissions; that convert between two different types of transmission