Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The amount of time allowed for the recovery of a business function or resource after a disaster occurs






2. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.






3. A collection of related information treated as a unit. Separate fields within the record are used for processing of the information.






4. Filters out electrical surges and spikes






5. The interface between the user and the system






6. An eight-bit code representing 256 characters; used in most large computer systems






7. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.






8. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.






9. A system of interconnected computers and the communications equipment used to connect them






10. The machine language code that is generally referred to as the object or load module






11. Way of thinking; behaving; feeling; etc.






12. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population






13. A biometric device that is used to authenticate a user through palm scans






14. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;






15. An attack capturing sensitive pieces of information; such as passwords; passing through the network






16. Detects transmission errors by appending calculated bits onto the end of each segment of data






17. Estimated cost and revenue amounts for a given range of periods and set of books. There can be multiple budget versions for the same set of books.






18. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su






19. A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited; the type of work planned; the high level objectives and scope of the work; and topics such as budget; res






20. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period






21. The computer's primary working memory. Each byte of memory can be accessed randomly regardless of adjacent bytes.






22. A recovery solution provided by recovery and/or hardware vendors and includes a pre-established contract to deliver hardware resources within a specified number amount of hours after a disaster occurs. This solution usually provides organizations wit






23. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all






24. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint






25. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).






26. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed






27. The risk that activities will include deliberate circumvention of controls with the intent to conceal the perpetuation of irregularities. The unauthorized use of assets or services and abetting or helping to conceal.






28. The technique used for selecting records in a file; one at a time; for processing; retrieval or storage. The access method is related to; but distinct from; the file organization that determines how the records are stored.






29. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec






30. Is present when a financial asset or liability is denominated in a foreign currency or is funded by borrowings in another currency






31. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr






32. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes






33. The process of creating and managing duplicate versions of a database. Replication not only copies a database but also synchronizes a set of replicas so that changes made to one replica are reflected in all the others. The beauty of replication is th






34. Those controls that seek to maintain confidentiality; integrity and availability of information






35. Universal Description; Discovery and Integration






36. The proportion of known attacks detected by an intrusion detection system






37. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t






38. Processes certified as supporting a security goal






39. A procedure designed to ensure that no fields are missing from a record






40. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.






41. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm






42. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm






43. Data unit that is routed from source to destination in a packet-switched network. A packet contains both routing information and data. Transmission control protocol/Internet protocol (TCP/IP) is such a packet-switched network.






44. Unusual or statistically rare






45. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users






46. The transmission of job control language (JCL) and batches of transactions from a remote terminal location






47. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research






48. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file






49. The level of trust with which a system object is imbued






50. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests