SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (remote authentication dial-in user service)
Fail-safe
Rapid application development
RADIUS
Duplex routing
2. Data that is not encrypted. Also known as plaintext.
Cleartext
Packet filtering
Electronic funds transfer (EFT)
Independent attitude
3. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems
Mutual takeover
Risk
Access path
Network administrator
4. Self-governance and freedom from conflict of interest and undue influence. The IS auditor should be free to make his/her own decisions; not influenced by the organization being audited and its people (managers and employers).
Benchmark
Data leakage
Independence
Hot site
5. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw
Extensible Markup Language (XML)
Challenge/response token
Communications controller
Object Management Group (OMG)
6. Source lines of code are often used in deriving single-point software-size estimations.
Circuit-switched network
Simple fail-over
Computer-aided software engineering (CASE)
Source lines of code (SLOC)
7. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack
Adjusting period
Telecommunications
Management information system (MIS)
Network hop
8. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.
Credentialed analysis
Hypertext
Decentralization
virtual organizations
9. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.
Promiscuous mode
Cryptography
Intranet
Hexadecimal
10. A debit or credit to a general ledger account. See also manual journal entry.
Man-in-the-middle attack
Point-of-presence (POP)
Journal entry
Datagram
11. The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risk.
Data Encryption Standard (DES)
Nonrepudiation
Audit objective
Generalized audit software
12. Files; equipment; data and procedures available for use in the event of a failure or loss; if the originals are destroyed or out of service
Redundancy check
UNIX
Third-party review
Backup
13. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system
Windows NT
Rootkit
Enterprise resource planning
Password
14. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being
Security/transaction risk
Certificate authority (CA)
Buffer
Coaxial cable
15. A program that processes actions upon business data; such as data entry; update or query. It contrasts with systems program; such as an operating system or network control program; and with utility programs; such as copy or sort.
Certificate authority (CA)
Firewall
Application program
ICMP (internet control message protocol)
16. The individual responsible for the safeguard and maintenance of all program and data files
Redundancy check
Librarian
Electronic vaulting
Security software
17. Using telecommunications facilities for handling and processing of computerized information
Computer-assisted audit technique (CAATs)
Field
Teleprocessing
Control section
18. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator
Screening routers
Wide area network (WAN)
Field
Brute force
19. A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations
Microwave transmission
Control Objectives for Enterprise Governance
Frame relay
Direct reporting engagement
20. Advanced computer systems that can simulate human capabilities; such as analysis; based on a predetermined set of rules
External router
Application program
Database replication
Artificial intelligence
21. Analysis of the security state of a system or its compromise on the basis of information collected at intervals
Circular routing
Vulnerability analysis
Point-of-presence (POP)
Control risk
22. The process of distributing computer processing to different locations within an organization
Reciprocal agreement
Split DNS
Decentralization
Active recovery site (mirrored)
23. The ability to map a given activity or event back to the responsible party
Accountability
Image processing
Artificial intelligence
Web Services Description Language (WSDL)
24. The specific information subject to the IS auditor's report and related procedures which can include things such as the design or operation of internal controls and compliance with privacy practices or standards or specified laws and regulations.
Subject matter (Area of activity)
Asynchronous transmission
Public key cryptosystem
Business risk
25. A multiuser; multitasking operating system that is used widely as the master control program in workstations and especially servers
Appearance of independence
External router
UNIX
Voice mail
26. A common connection point for devices in a network; hubs commonly are used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port; it is copied to the other ports so that all segments of the LAN can see all pac
Application program
Ethernet
Hub
Dumb terminal
27. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.
Salami technique
SYN (synchronize)
Access path
Continuous auditing approach
28. Intentional violations of established management policy or regulatory requirements. Deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole; gross negligence or unintentional illegal acts.
Mutual takeover
Log
Binary code
Irregularities
29. Any information collection mechanism utilized by an intrusion detection system
Availability
Monitor
Card swipes
Active response
30. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.
Trojan horse
Audit
Dynamic analysis
Digital signature
31. Used to electronically input; read and interpret information directly from a source document; requires the source document to have specially-coded magnetic ink typeset
Brouters
System software
Magnetic ink character recognition (MICR)
Asynchronous Transfer Mode (ATM)
32. A response; in which the system (automatically or in concert with the user) blocks or otherwise affects the progress of a detected attack. The response takes one of three forms--amending the environment; collecting more information or striking back a
Hyperlink
Audit risk
Active response
Hacker
33. A type of LAN architecture that utilizes a central controller to which all nodes are directly connected. All transmissions from one station to another pass through the central controller; which is responsible for managing and controlling all communic
DDoS (distributed denial-of-service) attack
Star topology
Signatures
Data communications
34. A device used for combining several lower-speed channels into a higher-speed channel
RS-232 interface
Multiplexor
Network administrator
Internal control
35. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.
Digital certification
Sequential file
Compensating control
Access method
36. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system
Artificial intelligence
Structured Query Language (SQL)
Relevant audit evidence
IDS (intrusion detection system)
37. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action
Telecommunications
Passive response
Decentralization
RADIUS (remote authentication dial-in user service)
38. An interface between data terminal equipment (DTE) and data circuit-terminating equipment (DCE) for terminals operating in the packet mode on some public data networks
Compiler
Audit risk
X.25 interface
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
39. The risk of giving an incorrect audit opinion
Appearance
Smart card
Audit risk
Database administrator (DBA)
40. The act of giving the idea or impression of being or doing something
HTTPS (hyper text transfer protocol secure)
Initial program load (IPL)
Appearance
Local area network (LAN)
41. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal
Data dictionary
Dumb terminal
Real-time processing
Control weakness
42. The elimination of redundant data
Normalization
Independence
Anonymity
Record
43. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules
Control group
Batch processing
Packet filtering
Packet switching
44. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all
Buffer
Control Objectives for Enterprise Governance
Unit testing
Criteria
45. A journal entry entered at a computer terminal. Manual journal entries can include regular; statistical; inter-company and foreign currency entries
Manual journal entry
Field
Incremental testing
Residual risk
46. An authentication protocol; often used by remote-access servers
Concurrent access
Application
TACACS+ (terminal access controller access control system plus)
Security management
47. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems
Certificate authority (CA)
Control Objectives for Enterprise Governance
Corporate exchange rate
Manual journal entry
48. The name given to a class of algorithms that repeatedly try all possible combinations until a solution is found
Brute force
Trap door
Sequential file
Tcpdump
49. Any intentional violation of the security policy of a system
Budget hierarchy
Memory dump
Intrusion
Program narratives
50. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities
Performance indicators
Local loop
Range check
Access method
