Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The main memory of the computer's central processing unit






2. The boundary that defines the area of security concern and security policy coverage






3. A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations






4. Behavior adequate to meet the situations occurring during audit work (interviews; meetings; reporting; etc.). The IS auditor should be aware that appearance of independence depends upon the perceptions of others and can be influenced by improper acti






5. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed






6. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links






7. A type of service providing an authentication and accounting system often used for dial-up and remote access security






8. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels






9. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'






10. A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster






11. A layer within the International Organization for Standardization (ISO)/Open Systems Interconnection (OSI) model. It is used in information transfers between users through application programs and other devices. In this layer various protocols are ne






12. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat






13. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;






14. The risk of errors occurring in the area being audited






15. The individual responsible for the safeguard and maintenance of all program and data files






16. An audit designed to determine the accuracy of financial records and information






17. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations






18. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul






19. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.






20. An attack using packets with the spoofed source Internet packet (IP) addresses. This technique exploits applications that use authentication based on IP addresses. This technique also may enable an unauthorized user to gain root access on the target






21. A protocol for packet-switching networks






22. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management






23. A fail-over process in which there are two nodes (as in idle standby but without priority). The node that enters the cluster first owns the resource group; and the second will join as a standby node.






24. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no






25. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.






26. Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network; while denying access from the Internet directly to the private network.






27. The Internet standards setting organization with affiliates internationally from network industry representatives. This includes all network industry developers and researchers concerned with evolution and planned growth of the Internet.






28. A software engineering technique whereby an existing application system code can be redesigned and coded using computer-aided software engineering (CASE) technology






29. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal






30. A file of semipermanent information that is used frequently for processing data or for more than one purpose






31. A program that translates programming language (source code) into machine executable instructions (object code)






32. Detection on the basis of whether the system activity matches that defined as bad






33. Emergency processing agreements between two or more organizations with similar equipment or applications. Typically; participants promise to provide processing time to each other when an emergency arises.






34. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information






35. An audit designed to determine the accuracy of financial records; as well as evaluate the internal controls of a function or department






36. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o






37. A method used in the information processing facility (IPF) to determine and establish the sequence of computer job processing






38. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo






39. A device for sending and receiving computerized data over transmission lines






40. A multiuser; multitasking operating system that is used widely as the master control program in workstations and especially servers






41. A computer file storage format in which one record follows another. Records can be accessed sequentially only. It is required with magnetic tape.






42. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key






43. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus






44. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.






45. A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also; that permits multimedia (graphics) applications on the World Wide Web






46. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action






47. A standardized body of data created for testing purposes. Users normally establish the data. Base case validates production application systems and tests the ongoing accurate operation of the system.






48. Testing an application with large quantities of data to evaluate its performance during peak periods. It also is called volume testing.






49. Impartial point of view which allows the IS auditor to act objectively and with fairness






50. A project management technique used in the planning and control of system projects