SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The ability of end users to design and implement their own information system utilizing computer software products
End-user computing
DoS (denial-of-service) attack
System flowcharts
Virus
2. Applications that detect; prevent and possibly remove all known viruses from files located in a microcomputer hard drive
Piggy backing
Trusted processes
Audit authority
Antivirus software
3. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software
Abend
Sniff
Batch processing
Digital certificate
4. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.
Sniff
Integrity
Integrated test facilities (ITF)
Continuity
5. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.
Security software
Online data processing
price risk
Security administrator
6. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making
Management information system (MIS)
Source documents
Parallel testing
Interest rate risk
7. Error control deviations (compliance testing) or misstatements (substantive testing)
Communications controller
Authorization
Port
Error
8. The risk that an error which could occur in an audit area; and which could be material; individually or in combination with other errors; will not be prevented or detected and corrected on a timely basis by the internal control system
Cleartext
Control risk
Taps
Local area network (LAN)
9. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an
Untrustworthy host
Personal identification number (PIN)
Accountability
Local loop
10. Used to electronically scan and input written information from a source document
Optical character recognition
Management information system (MIS)
Manual journal entry
Waterfall development
11. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no
Real-time processing
Idle standby
Object-oriented system development
Verification
12. An individual or department responsible for the security and information classification of the shared data stored on a database system. This responsibility includes the design; definition and maintenance of the database.
business process integrity
Repository
Budget
Database administrator (DBA)
13. The area of the system that the intrusion detection system is meant to monitor and protect
Static analysis
ASP/MSP (application or managed service provider)
Protection domain
Vulnerability analysis
14. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.
Optical character recognition
Materiality
Reliable audit evidence
Bypass label processing (BLP)
15. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all
Procedure
Criteria
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Hexadecimal
16. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm
virtual organizations
Warm-site
Scure socket layer (SSL)
Trust
17. Faking the sending address of a transmission in order to gain illegal entry into a secure system
Enterprise resource planning
Rounding down
Coupling
Spoofing
18. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem
Base case
Data dictionary
Offline files
implementation life cycle review
19. Considered for acquisition the person responsible for high-level decisions; such as changes to the scope and/or budget of the project; and whether or not to implement
Project sponsor
System narratives
Posting
Application security
20. A communication network that serves several users within a specified geographic area. It is made up of servers; workstations; a network operating system and a communications link. Personal computer LANs function as distributed processing systems in w
Direct reporting engagement
Local area network (LAN)
File
Content filtering
21. The act of copying raw data from one place to another with little or no formatting for readability. Usually; dump refers to copying data from main memory to a display screen or a printer. Dumps are useful for diagnosing bugs. After a program fails; o
Source documents
Operating system
Computer sequence checking
Memory dump
22. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development
Batch control
Decision support systems (DSS)
BSP (business service provider)
Continuous auditing approach
23. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.
Batch processing
Application maintenance review
Request for proposal (RFP)
Ciphertext
24. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of
Pervasive IS controls
Internet banking
Degauss
File server
25. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.
Bypass label processing (BLP)
Database management system (DBMS)
System testing
Monitor
26. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.
Spool (simultaneous peripheral operations online)
Unit testing
Datagram
Utility programs
27. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key
Synchronous transmission
Private key
Vaccine
Baud rate
28. The person responsible for maintaining a LAN and assisting end users
Indexed sequential access method (ISAM)
Hierarchical database
Network administrator
Fault tolerance
29. Any yearly accounting period without regard to its relationship to a calendar year.
Circular routing
Fscal year
System flowcharts
DoS (denial-of-service) attack
30. The list of rules and/or guidance that is used to analyze event data
System exit
Rulebase
Downtime report
Polymorphism (objects)
31. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs
Requirements definition
Corrective controls
Hash function
Virus
32. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the
Digital signature
liquidity risk
Fail-safe
Posting
33. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements
Promiscuous mode
RSA
Appearance
Application software tracing and mapping
34. A workstation or PC on a network that does not have its own disk. Instead; it stores files on a network file server.
browser
Exception reports
Bus
Diskless workstations
35. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.
vulnerability
L2TP (Layer 2 tunneling protocol)
Batch control
Filtering router
36. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department
Limit check
Due professional care
Operational audit
Masking
37. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.
Audit objective
RS-232 interface
Run instructions
Utility software
38. A layer within the International Organization for Standardization (ISO)/Open Systems Interconnection (OSI) model. It is used in information transfers between users through application programs and other devices. In this layer various protocols are ne
Middleware
Application layer
Application maintenance review
Cohesion
39. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical
Downloading
Concurrent access
Dumb terminal
Computer-aided software engineering (CASE)
40. The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction
Program narratives
Initial program load (IPL)
Management information system (MIS)
Integrated services digital network (ISDN)
41. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure
Unit testing
Tuple
Authorization
Outsourcing
42. The act of transferring computerized information from one computer to another computer
Integrated test facilities (ITF)
Firewall
Downloading
Regression testing
43. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system
Password
Appearance of independence
Run instructions
vulnerability
44. An interface point between the CPU and a peripheral device
Hypertext
Middleware
Port
Security policy
45. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example
Computationally greedy
Database replication
IPSec (Internet protocol security)
Checkpoint restart procedures
46. The logical language a computer understands
Optical scanner
Machine language
HTTPS (hyper text transfer protocol secure)
Redundancy check
47. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof
Downtime report
Polymorphism (objects)
Audit expert systems
Gateway
48. The ability to map a given activity or event back to the responsible party
Mapping
Accountability
Decryption
Comprehensive audit
49. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population
implementation life cycle review
Audit sampling
Fail-over
Bulk data transfer
50. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems
Control objective
Control Objectives for Enterprise Governance
Certificate Revocation List
Object orientation