Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The risk that an error which could occur in an audit area; and which could be material; individually or in combination with other errors; will not be prevented or detected and corrected on a timely basis by the internal control system






2. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.






3. A printed machine-readable code that consists of parallel bars of varied width and spacing






4. A protocol for packet-switching networks






5. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.






6. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.






7. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).






8. An Internet standard that allows a network to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. The server; providing the NAT service; changes the source address of outgoing packets from the internal






9. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.






10. Processes certified as supporting a security goal






11. The information an auditor gathers in the course of performing an IS audit. Evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






12. The application of an edit; using a predefined field definition to a submitted information stream; a test to ensure that data conform to a predefined format






13. Changing data with malicious intent before or during input into the system






14. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.






15. The process of electronically inputting source documents by taking an image of the document; thereby eliminating the need for key entry






16. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.






17. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer






18. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.






19. A set of utilities that implement a particular network protocol. For instance; in Windows machines a TCP/IP stack consists of TCP/IP software; sockets software and hardware driver software.






20. The risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Internet banking provides the opportunity for banks to expand their geographic range. Customers can r






21. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide






22. 1) Two or more networks connected by a router 2) The world's largest network using TCP/IP protocols to link government; university and commercial institutions






23. Impartial point of view which allows the IS auditor to act objectively and with fairness






24. A data communication network that adds processing services such as error correction; data translation and/or storage to the basic function of transporting data






25. A series of tests designed to ensure that the modified program interacts correctly with other system components. These test procedures typically are performed by the system maintenance staff in their development library.






26. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.






27. The organization using the outsourced service






28. 1) The set of management statements that documents an organization's philosophy of protecting its computing and information assets 2) The set of security rules enforced by the system's security features






29. Devices that perform the functions of both bridges and routers; are called brouters. Naturally; they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones; which






30. A special terminal used by computer operations personnel to control computer and systems operations functions. These terminals typically provide a high level of computer access and should be properly secured.






31. A series of steps to complete an audit objective






32. A group of computers connected by a communications network; where the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server but it






33. The transfer of service from an incapacitated primary component to its backup component






34. The act of transferring computerized information from one computer to another computer






35. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.






36. A system development technique that enables users and developers to reach agreement on system requirements. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphas






37. A layer within the International Organization for Standardization (ISO)/Open Systems Interconnection (OSI) model. It is used in information transfers between users through application programs and other devices. In this layer various protocols are ne






38. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl






39. An automated detail report of computer system activity






40. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.






41. This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer.






42. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.






43. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.






44. The consolidation in 1998 of the ''Cadbury;'' ''Greenbury'' and ''Hampel'' Reports. Named after the Committee Chairs; these reports were sponsored by the UK Financial Reporting Council; the London Stock Exchange; the Confederation of British Industry






45. A standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system.






46. A popular local area network operating system developed by the Novell Corp.






47. The ability to exercise judgement; express opinions and present recommendations with impartiality






48. A code whose representation is limited to 0 and 1






49. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all






50. Checks the accuracy of the results produced by a test run. There are three types of checks that an output analyzer can perform. First; if a standard set of test data and test results exists for a program; the output of a test run after program mainte