Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide






2. The Committee on the Financial Aspects of Corporate Governance; set up in May 1991 by the UK Financial Reporting Council; the London Stock Exchange and the UK accountancy profession; was chaired by Sir Adrian Cadbury and produced a report on the subj






3. Hardware devices; such as asynchronous and synchronous transmissions; that convert between two different types of transmission






4. Standard that defines how global directories should be structured. X.500 directories are hierarchical with different levels for each category of information; such as country; state and city.






5. The process of actually entering transactions into computerized or manual files. Such transactions might immediately update the master files or may result in memo posting; in which the transactions are accumulated over a period of time; then applied






6. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for






7. A telecommunications traffic controlling methodology in which a complete message is sent to a concentration point and stored until the communications path is established






8. A device that forwards packets between LAN devices or segments. LANs that use switches are called switched LANs.






9. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.






10. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.






11. A language; which enables electronic documents that present information that can be connected together by links instead of being presented sequentially; as is the case with normal text.






12. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an






13. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C






14. A testing approach that uses knowledge of a program/module's underlying implementation and code intervals to verify its expected behavior.






15. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.






16. The router at the extreme edge of the network under control; usually connected to an ISP or other service provider; also known as border router






17. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population






18. Changing data with malicious intent before or during input into the system






19. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.






20. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.






21. A measurement of the point prior to an outage to which data are to be restored






22. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels






23. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'






24. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be






25. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr






26. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software






27. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system






28. A set of communications protocols that encompasses media access; packet transport; session communications; file transfer; electronic mail; terminal emulation; remote file access and network management. TCP/IP provides the basis for the Internet.






29. Way of thinking; behaving; feeling; etc.






30. A series of steps to complete an audit objective






31. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack






32. Asoftware testing technique whereby the internal workings of the item being tested are not known by the tester. For example - in a black box test on a software design the tester only knows the inputs and what the expected outcomes should be and not h






33. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered






34. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea






35. The use of alphabetic characters or an alphabetic character string






36. The organization providing the outsourced service






37. The relationships among files in a database and among data items within each file






38. Processes certified as supporting a security goal






39. A process involving the extraction of components from existing systems and restructuring these components to develop new systems or to enhance the efficiency of existing systems. Existing software systems thus can be modernized to prolong their funct






40. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m






41. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.






42. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw






43. Compares data to predefined reasonability limits or occurrence rates established for the data.






44. A fail-over process in which there are two nodes (as in idle standby but without priority). The node that enters the cluster first owns the resource group; and the second will join as a standby node.






45. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs






46. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service






47. Programs that are tested and evaluated before approval into the production environment. Test programs; through a series of change control moves; migrate from the test environment to the production environment and become production programs.






48. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer






49. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.






50. A financial system that establishes the means for transferring money between suppliers and users of funds; ordinarily by exchanging debits or credits between banks or financial institutions.