Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all






2. A method of user authentication. Challenge response authentication is carried out through use of the Challenge Handshake Authentication Protocol (CHAP). When a user tries to log into the server; the server sends the user a ''challenge;'' which is a r






3. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.






4. The computer room and support areas






5. The process of electronically inputting source documents by taking an image of the document; thereby eliminating the need for key entry






6. A financial system that establishes the means for transferring money between suppliers and users of funds; ordinarily by exchanging debits or credits between banks or financial institutions.






7. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management






8. A piece of information; in a digitized form; used to recover the plaintext from the corresponding ciphertext by decryption






9. Using telecommunications facilities for handling and processing of computerized information






10. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for






11. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department






12. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).






13. 1) Two or more networks connected by a router 2) The world's largest network using TCP/IP protocols to link government; university and commercial institutions






14. A file format in which records are organized and can be accessed; according to a preestablished key that is part of the record






15. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.






16. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu






17. A test to check the system's ability to recover after a software or hardware failure






18. A version of the Windows operating system that supports preemptive multitasking






19. A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited; the type of work planned; the high level objectives and scope of the work; and topics such as budget; res






20. A sub-network of the Internet through which information is exchanged by text; graphics; audio and video.






21. Comparing the system's performance to other equivalent systems using well defined benchmarks






22. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint






23. Measure of interconnectivity among software program modules' structure. Coupling depends on the interface complexity between modules. This can be defined as the point at which entry or reference is made to a module; and what data passes across the in






24. 1) The set of management statements that documents an organization's philosophy of protecting its computing and information assets 2) The set of security rules enforced by the system's security features






25. Organizations that have no official physical site presence and are made up of diverse geographically dispersed or mobile employees.






26. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems






27. Deliberately testing only the value-added functionality of a software component






28. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically






29. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.






30. Correctness checks built into data processing systems and applied to batches of input data; particularly in the data preparation stage. There are two main forms of batch controls: 1) sequence control; which involves numbering the records in a batch c






31. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently






32. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac






33. The outward impression of being self-governing and free from conflict of interest and undue influence






34. Interface between data terminal equipment and data communications equipment employing serial binary data interchange






35. Polymorphism refers to database structures that send the same command to different child objects that can produce different results depending on their family hierarchical tree structure.






36. A software engineering technique whereby an existing application system code can be redesigned and coded using computer-aided software engineering (CASE) technology






37. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to






38. The standard e-mail protocol on the Internet






39. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.






40. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.






41. A system development technique that enables users and developers to reach agreement on system requirements. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphas






42. (remote authentication dial-in user service)






43. The art of designing; analyzing and attacking cryptographic schemes






44. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.






45. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.






46. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.






47. A special terminal used by computer operations personnel to control computer and systems operations functions. These terminals typically provide a high level of computer access and should be properly secured.






48. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme






49. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs






50. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996