SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for
Baseband
Security testing
Middleware
Content filtering
2. An interface between data terminal equipment (DTE) and data circuit-terminating equipment (DCE) for terminals operating in the packet mode on some public data networks
Computer sequence checking
X.25 interface
Biometrics
Indexed sequential file
3. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.
Console log
Numeric check
Public key cryptosystem
Function point analysis
4. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system
Pervasive IS controls
Trusted systems
Password
Logoff
5. Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.
Control perimeter
legal risk
Middleware
Image processing
6. Detects transmission errors by appending calculated bits onto the end of each segment of data
Latency
Sampling risk
Redundancy check
Operational risk
7. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Test programs
Object code
Centralized data processing
Digital certificate
8. A hierarchical database that is distributed across the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail servers
Reasonableness check
Operating system audit trails
Point-of-presence (POP)
DNS (domain name system)
9. A public key cryptosystem developed by R. Rivest; A. Shamir and L. Adleman. The RSA has two different keys; the public encryption key and the secret decryption key. The strength of the RSA depends on the difficulty of the prime number factorization.
RSA
Exposure
Logs/Log file
Dumb terminal
10. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management
Budget hierarchy
Application controls
Source lines of code (SLOC)
Security administrator
11. Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However; the goal of component
Value-added network (VAN)
Input controls
Components (as in component-based development)
Addressing
12. Applications that detect; prevent and possibly remove all known viruses from files located in a microcomputer hard drive
PPTP (point-to-point tunneling protocol)
Antivirus software
Biometrics
Intranet
13. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management
UNIX
implementation life cycle review
Financial audit
Baseband
14. The ability of end users to design and implement their own information system utilizing computer software products
Gateway
Indexed sequential file
Honey pot
End-user computing
15. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.
Sequential file
Unit testing
Fault tolerance
Feasibility study
16. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.
Operational audit
Hexadecimal
TCP (transmission control protocol)
Record; screen and report layouts
17. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of
Integrated test facilities (ITF)
Degauss
Uploading
Data Encryption Standard (DES)
18. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels
Audit accountability
Benchmark
Application programming interface (API)
Job control language (JCL)
19. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.
Computer sequence checking
Control Objectives for Enterprise Governance
Integrated test facilities (ITF)
Cleartext
20. A method of selecting a portion of a population; by means of mathematical calculations and probabilities; for the purpose of making scientifically and mathematically sound inferences regarding the characteristics of the entire population
Source code
Statistical sampling
Registration authority (RA)
Mutual takeover
21. Controls that prevent unauthorized access from remote users that attempt to access a secured environment. These controls range from dial-back controls to remote user authentication.
Dial-in access controls
Vulnerability analysis
Electronic vaulting
Finger
22. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.
Trusted systems
Checkpoint restart procedures
Incremental testing
Continuity
23. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint
Universal Description; Discovery and Integration (UDDI)
Object orientation
Queue
Biometrics
24. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne
Central office (CO)
Proxy server
Log
Audit authority
25. Advanced computer systems that can simulate human capabilities; such as analysis; based on a predetermined set of rules
Finger
Artificial intelligence
Non-intrusive monitoring
Extensible Markup Language (XML)
26. The router at the extreme edge of the network under control; usually connected to an ISP or other service provider; also known as border router
External router
Vulnerabilities
Scure socket layer (SSL)
Production software
27. A special terminal used by computer operations personnel to control computer and systems operations functions. These terminals typically provide a high level of computer access and should be properly secured.
Prototyping
Local loop
Operator console
Internet
28. The central database that stores and organizes data
Management information system (MIS)
Internet Inter-ORB Protocol (IIOP)
Repository
Rootkit
29. Is present when a financial asset or liability is denominated in a foreign currency or is funded by borrowings in another currency
Foreign exchange risk
Fscal year
Protocol stack
Computer-aided software engineering (CASE)
30. The actions/controls dealing with operational effectiveness; efficiency and adherence to regulations and management policies
Private key
Administrative controls
Salami technique
Integrated test facilities (ITF)
31. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems
Control Objectives for Enterprise Governance
Transaction log
Inheritance (objects)
Residual risk
32. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.
Object-oriented system development
Quick ship
Broadband
Electronic funds transfer (EFT)
33. A series of steps to complete an audit objective
Data integrity
Audit program
Blackbox testing
L2F (Layer 2 forwarding)
34. A collection of related information treated as a unit. Separate fields within the record are used for processing of the information.
Virus
Standing data
Record
Active response
35. An edit check designed to ensure the data in a particular field is numeric
Procedure
Real-time analysis
Numeric check
Nonrepudiable trnasactions
36. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu
Application development review
Application proxy
Rotating standby
Simple fail-over
37. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file
Memory dump
Access rights
Trust
Mutual takeover
38. The process of distributing computer processing to different locations within an organization
Error risk
Node
Decentralization
Appearance
39. Disturbances; such as static; in data transmissions that cause messages to be misinterpreted by the receiver
Application system
Project sponsor
Due care
Noise
40. A denial-of-service (DoS) assault from multiple sources; see DoS
Optical scanner
DDoS (distributed denial-of-service) attack
SMTP (Simple Mail Transport Protocol)
Real-time analysis
41. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).
File server
Data integrity
Anonymity
Bandwidth
42. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.
Distributed data processing network
Regression testing
Cluster controller
Interface testing
43. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.
Consumer
Test generators
Audit authority
Budget
44. Disconnecting from the computer
Untrustworthy host
Logoff
Reverse engineering
Program evaluation and review technique (PERT)
45. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is
Interest rate risk
Source code
Internal storage
Terms of reference
46. Unauthorized electronic exits; or doorways; out of an authorized computer program into a set of malicious instructions or programs
Systems analysis
Operating system audit trails
Checkpoint restart procedures
Trap door
47. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe
Cohesion
Gateway
Security policy
Requirements definition
48. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user
Cold site
Synchronous transmission
Random access memory (RAM)
Real-time processing
49. A computer file storage format in which one record follows another. Records can be accessed sequentially only. It is required with magnetic tape.
Appearance
Source code
Sequential file
Logon
50. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.
Web site
Application controls
Technical infrastructure security
Sniff