SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Any yearly accounting period without regard to its relationship to a calendar year.
Data leakage
Fscal year
Executable code
E-mail/interpersonal messaging
2. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.
ICMP (internet control message protocol)
Editing
Dumb terminal
Automated teller machine (ATM)
3. Used to ensure that input data agree with predetermined criteria stored in a table
System narratives
Monitor
Demodulation
Table look-ups
4. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem
Symmetric key encryption
Transaction protection
Prototyping
Dial-in access controls
5. A printed machine-readable code that consists of parallel bars of varied width and spacing
Bar code
Anomaly
Run instructions
Test programs
6. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.
Continuity
Edit controls
Communications controller
Compliance testing
7. The level to which transactions can be traced and audited through a system
Information processing facility (IPF)
Auditability
COSO
Fault tolerance
8. The ability to map a given activity or event back to the responsible party
COCO
Credentialed analysis
Accountability
Monitoring policy
9. Comparing the system's performance to other equivalent systems using well defined benchmarks
Dry-pipe fire extinguisher system
LDAP (Lightweight Directory Access Protocol)
Bar code
Performance testing
10. A collection of related information treated as a unit. Separate fields within the record are used for processing of the information.
Business process reengineering (BPR)
Systems analysis
Service provider
Record
11. An international consortium founded in 1994 of affiliates from public and private organizations involved with the Internet and the web. The W3C's primary mission is to promulgate open standards to further enhance the economic growth of Internet web s
COCO
World Wide Web Consortium (W3C)
Administrative controls
Intelligent terminal
12. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups
Trap door
Enterprise governance
Control group
Comparison program
13. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature
Biometric locks
Hexadecimal
Decryption
Independent attitude
14. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio
Coaxial cable
Piggy backing
Application maintenance review
Firmware
15. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su
Magnetic card reader
Trust
Screening routers
Business impact analysis (BIA)
16. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.
Leased lines
Bus topology
Offsite storage
Record
17. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an
Audit
Generalized audit software
Irregularities
Independent appearance
18. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
Compensating control
E-mail/interpersonal messaging
Exception reports
Computer server
19. Relates to the technical and physical features of the computer
Biometrics
Exception reports
Hardware
ISO17799
20. A protocol and program that allows the remote identification of users logged into a system
Access control table
FTP (file transfer protocol)
RS-232 interface
Finger
21. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries
Audit charter
Information engineering
Source documents
Wide area network (WAN)
22. A system's level of resilience to seamlessly react from hardware and/or software failure
Mapping
Fault tolerance
Application security
COCO
23. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme
Recovery time objective (RTO)
Public key
Application security
False negative
24. The specific information subject to the IS auditor's report and related procedures which can include things such as the design or operation of internal controls and compliance with privacy practices or standards or specified laws and regulations.
Subject matter (Area of activity)
Object orientation
Utility programs
Numeric check
25. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide
Warm-site
Data analysis
Unit testing
Requirements definition
26. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain
Split data systems
Record; screen and report layouts
Private key
Transaction
27. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes
Downtime report
Application acquisition review
Modulation
IT governance
28. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas
Indexed sequential access method (ISAM)
Trap door
Private key
Ring topology
29. Program flowcharts show the sequence of instructions in a single program or subroutine. The symbols used should be the internationally accepted standard. Program flowcharts should be updated when necessary.
Business impact analysis (BIA)
Program flowcharts
Modem (modulator-demodulator)
Compliance testing
30. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase
Centralized data processing
Regression testing
Ciphertext
Real-time analysis
31. A disk access method that stores data sequentially; while also maintaining an index of key fields to all the records in the file for direct access capability
Audit charter
Anomaly detection
Indexed sequential access method (ISAM)
Demodulation
32. Diligence which a person would exercise under a given set of circumstances
TCP (transmission control protocol)
Data integrity
Due care
Synchronous transmission
33. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto
Datagram
Fscal year
Object Management Group (OMG)
Simple Object Access Protocol (SOAP)
34. A third party that provides organizations with a variety of Internet; and Internet-related services
Data integrity
Application system
ISP (Internet service provider)
Risk
35. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv
Web page
vulnerability
Active response
Structured Query Language (SQL)
36. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'
Address space
COSO
Electronic data interchange (EDI)
Web Services Description Language (WSDL)
37. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t
Password cracker
Salami technique
Addressing
legal risk
38. Provide verification that all transmitted data are read and processed
World Wide Web Consortium (W3C)
False positive
Run-to-run totals
FTP (file transfer protocol)
39. An international standard that defines information confidentiality; integrity and availability controls
Irregularities
Telnet
Fiber optic cable
ISO17799
40. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.
IT governance
Extended Binary-coded Decimal Interchange Code (EBCDIC)
File layout
Error risk
41. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.
Operational control
Link editor (linkage editor)
Administrative controls
Business impact analysis (BIA)
42. A language used to control run routines in connection with performing tasks on a computer
Job control language (JCL)
Transaction log
Attribute sampling
Prototyping
43. The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction
Initial program load (IPL)
General computer controls
Anomaly detection
Dumb terminal
44. Records of system events generated by a specialized operating system mechanism
Outsourcing
Masking
Console log
Operating system audit trails
45. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.
Hyperlink
Continuity
Untrustworthy host
Run-to-run totals
46. A type of LAN architecture that utilizes a central controller to which all nodes are directly connected. All transmissions from one station to another pass through the central controller; which is responsible for managing and controlling all communic
General computer controls
Internet banking
Data-oriented systems development
Star topology
47. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.
Passive assault
Integrated test facilities (ITF)
Object code
ACK (acknowledgement)
48. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications
Anomaly
Asynchronous Transfer Mode (ATM)
Application implementation review
Application security
49. Used to electronically scan and input written information from a source document
Optical character recognition
Internet packet (IP) spoofing
General computer controls
Password cracker
50. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne
Database replication
Judgment sampling
Control risk
Proxy server