Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.






2. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.






3. Considered for acquisition the person responsible for high-level decisions; such as changes to the scope and/or budget of the project; and whether or not to implement






4. The process of converting an analog telecommunications signal into a digital computer signal






5. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances






6. A flag set in a packet to indicate that this packet is the final data packet of the transmission






7. Specifies the format of packets and the addressing scheme






8. A method used in the information processing facility (IPF) to determine and establish the sequence of computer job processing






9. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem






10. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules






11. Programs that are used to process live or actual data that were received as input into the production environment.






12. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).






13. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.






14. A deficiency in the design or operation of a control procedure. Control weaknesses can potentially result in risks relevant to the area of activity not being reduced to an acceptable level (relevant risks are those that threaten achievement of the ob






15. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in






16. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.






17. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.






18. A storage facility located away from the building housing the primary information processing facility (IPF); used for storage of computer media such as offline backup data and storage files






19. Auxiliary computer hardware equipment used for input; output and data storage. Examples include disk drives and printers.






20. The standard e-mail protocol on the Internet






21. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of






22. The act of giving the idea or impression of being or doing something






23. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac






24. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making






25. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;






26. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.






27. Behavior adequate to meet the situations occurring during audit work (interviews; meetings; reporting; etc.). The IS auditor should be aware that appearance of independence depends upon the perceptions of others and can be influenced by improper acti






28. The proportion of known attacks detected by an intrusion detection system






29. The application of an edit; using a predefined field definition to a submitted information stream; a test to ensure that data conform to a predefined format






30. The quality or state of not being named or identified






31. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer






32. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations






33. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.






34. The current and prospective effect on earnings or capital arising from adverse business decisions; improper implementation of decisions or lack of responsiveness to industry changes.






35. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission






36. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'






37. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.






38. The act of verifying the identity of a system entity (e.g.; a user; a system; a network node) and the entity's eligibility to access computerized information. Designed to protect against fraudulent logon activity. Authentication can also refer to the






39. The password used to gain access when a system is first installed on a computer or network device. There is a large list published on the Internet and maintained at several locations. Failure to change these after the installation leaves the system v






40. A method of computer fraud involving a computer code that instructs the computer to slice off small amounts of money from an authorized computer transaction and reroute this amount to the perpetrator's account






41. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od






42. An edit check designed to ensure the data in a particular field is numeric






43. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti






44. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.






45. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data






46. A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need






47. The process of converting a digital computer signal into an analog telecommunications signal






48. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes






49. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network






50. Formal document which defines the IS auditor's responsibility; authority and accountability for a specific assignment