Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Business events or information grouped together because they have a single or similar purpose. Typically; a transaction is applied to a calculation or event that then results in the updating of a holding or master file.






2. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication






3. The art of designing; analyzing and attacking cryptographic schemes






4. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system






5. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od






6. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed






7. Digital information; such as cleartext; that is intelligible to the reader






8. These controls are designed to correct errors; omissions and unauthorized uses and intrusions; once they are detected.






9. The transmission of job control language (JCL) and batches of transactions from a remote terminal location






10. A device that connects two similar networks together






11. Transactions that cannot be denied after the fact






12. A public key cryptosystem developed by R. Rivest; A. Shamir and L. Adleman. The RSA has two different keys; the public encryption key and the secret decryption key. The strength of the RSA depends on the difficulty of the prime number factorization.






13. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function






14. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.






15. Specifies the format of packets and the addressing scheme






16. Checks the accuracy of the results produced by a test run. There are three types of checks that an output analyzer can perform. First; if a standard set of test data and test results exists for a program; the output of a test run after program mainte






17. Source lines of code are often used in deriving single-point software-size estimations.






18. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.






19. A protocol for packet-switching networks






20. A piece of information; in a digitized form; used to recover the plaintext from the corresponding ciphertext by decryption






21. A high-capacity disk storage device or a computer that stores data centrally for network users and manages access to that data. File servers can be dedicated so that no process other than network management can be executed while the network is availa






22. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat






23. A system development technique that enables users and developers to reach agreement on system requirements. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphas






24. An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)






25. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe






26. Controls that prevent unauthorized access from remote users that attempt to access a secured environment. These controls range from dial-back controls to remote user authentication.






27. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context






28. Error control deviations (compliance testing) or misstatements (substantive testing)






29. Those controls that seek to maintain confidentiality; integrity and availability of information






30. A collection of computer programs used in the design; processing and control of all applications. The programs and processing routines that control the computer hardware; including the operating system and utility programs. Refers to the operating sy






31. A biometric device that is used to authenticate a user through palm scans






32. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re






33. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links






34. A telecommunications traffic controlling methodology in which a complete message is sent to a concentration point and stored until the communications path is established






35. A card reader that reads cards with a magnetizable surface on which data can be stored and retrieved






36. A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need






37. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results






38. A master control program that runs the computer and acts as a scheduler and traffic controller. It is the first program copied into the computer's memory after the computer is turned on and must reside in memory at all times. It is the software that






39. An entity that may be given responsibility for performing some of the administrative tasks necessary in the registration of subjects; such as confirming the subject's identity; validating that the subject is entitled to have the attributes requested






40. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network






41. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems






42. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.






43. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an






44. A process used to identify and evaluate risks and their potential effects






45. A workstation or PC on a network that does not have its own disk. Instead; it stores files on a network file server.






46. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.






47. The portion of a security policy that states the general process that will be performed to accomplish a security goal






48. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period






49. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme






50. A low-level computer programming language which uses symbolic code and produces machine instructions