Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer






2. The practice of eavesdropping on information being transmitted over telecommunications links






3. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).






4. The act of connecting to the computer. It typically requires entry of a user ID and password into a computer terminal.






5. Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure; more responsive to the customer base and market conditions; while yielding material cost savings. To ree






6. The computer room and support areas






7. An individual using a terminal; PC or an application can access a network to send an unstructured message to another individual or group of people.






8. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.






9. (remote authentication dial-in user service)






10. A standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system.






11. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.






12. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.






13. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.






14. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management






15. To configure a computer or other network device to resist attacks






16. An eight-digit/seven-bit code representing 128 characters; used in most small computers






17. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas






18. 1) Two or more networks connected by a router 2) The world's largest network using TCP/IP protocols to link government; university and commercial institutions






19. A data recovery strategy that includes a recovery from complete backups that are physically shipped off site once a week. Specifically; logs are batched electronically several times daily; and then loaded into a tape library located at the same facil






20. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea






21. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.






22. The list of rules and/or guidance that is used to analyze event data






23. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently






24. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo






25. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))






26. A top-down technique of designing programs and systems. It makes programs more readable; more reliable and more easily maintained.






27. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements






28. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences






29. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;






30. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t






31. Disconnecting from the computer






32. A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited; the type of work planned; the high level objectives and scope of the work; and topics such as budget; res






33. A program designed to detect computer viruses






34. A program that translates programming language (source code) into machine executable instructions (object code)






35. A computer program or set of programs that perform the processing of records for a specific function






36. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system






37. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.






38. Risks that could impact the organization's ability to perform business or provide a service. They can be financial; regulatory or control oriented.






39. A debit or credit to a general ledger account. See also manual journal entry.






40. An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals






41. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.






42. A fail-over process; which is basically a two-way idle standby: two servers are configured so that both can take over the other node's resource group. Both must have enough CPU power to run both applications with sufficient speed; or performance loss






43. A data transmission service requiring the establishment of a circuit-switched connection before data can be transferred from source data terminal equipment (DTE) to a sink DTE. A circuit-switched data transmission service uses a connection network.






44. Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer.






45. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi






46. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.






47. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.






48. A piece of information; in a digitized form; used to recover the plaintext from the corresponding ciphertext by decryption






49. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.






50. The process of taking an unencrypted message (plaintext); applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)