Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Specifies the format of packets and the addressing scheme






2. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed






3. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea






4. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer






5. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed






6. A software engineering technique whereby an existing application system code can be redesigned and coded using computer-aided software engineering (CASE) technology






7. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od






8. Special system software features and utilities that allow the user to perform complex system maintenance. Use of these exits often permits the user to operate outside of the security access control system.






9. Intentional violations of established management policy or regulatory requirements. Deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole; gross negligence or unintentional illegal acts.






10. The code used to designate the location of a specific piece of data within computer storage






11. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications






12. The physical layout of how computers are linked together. Examples include ring; star and bus.






13. The current and prospective effect on earnings or capital arising from adverse business decisions; improper implementation of decisions or lack of responsiveness to industry changes.






14. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm






15. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase






16. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






17. A method of computer fraud involving a computer code that instructs the computer to slice off small amounts of money from an authorized computer transaction and reroute this amount to the perpetrator's account






18. The technique used for selecting records in a file; one at a time; for processing; retrieval or storage. The access method is related to; but distinct from; the file organization that determines how the records are stored.






19. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme






20. Confidentiality concerns the protection of sensitive information from unauthorized disclosure






21. Checks that data are entered correctly






22. A program designed to detect computer viruses






23. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba






24. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.






25. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.






26. Checks the accuracy of the results produced by a test run. There are three types of checks that an output analyzer can perform. First; if a standard set of test data and test results exists for a program; the output of a test run after program mainte






27. Considered for acquisition the person responsible for high-level decisions; such as changes to the scope and/or budget of the project; and whether or not to implement






28. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the






29. A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster






30. A public key cryptosystem developed by R. Rivest; A. Shamir and L. Adleman. The RSA has two different keys; the public encryption key and the secret decryption key. The strength of the RSA depends on the difficulty of the prime number factorization.






31. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.






32. Files created specifically to record various actions occurring on the system to be monitored; such as failed login attempts; full disk drives and e-mail delivery failures






33. Changing data with malicious intent before or during input into the system






34. The risk that the IS auditor's substantive procedures will not detect an error which could be material; individually or in combination with other errors






35. Files; equipment; data and procedures available for use in the event of a failure or loss; if the originals are destroyed or out of service






36. An individual who attempts to gain unauthorized access to a computer system






37. A program written in a portable; platform independent computer language; such as Java. It is usually embedded in an HTML page and then executed by a browser. Applets can only perform a restricted set of operations; thus preventing; or at least minimi






38. A telecommunications traffic controlling methodology in which a complete message is sent to a concentration point and stored until the communications path is established






39. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun






40. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.






41. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements






42. The boundary that defines the area of security concern and security policy coverage






43. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem






44. Source lines of code are often used in deriving single-point software-size estimations.






45. A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers






46. The ability to map a given activity or event back to the responsible party






47. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.






48. Block-at-a-time data transmission






49. A low-level computer programming language which uses symbolic code and produces machine instructions






50. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The