Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A computerized technique of blocking out the display of sensitive information; such as passwords; on a computer terminal or report
Masking
Point-of-sale systems (POS)
System testing
Terms of reference

2. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;
Ethernet
Budget
Security management
PPP (point-to-point protocol)

3. A third party that provides organizations with a variety of Internet; and Internet-related services
Cadbury
ISP (Internet service provider)
Dial-back
Coverage

4. The act of verifying the identity of a system entity (e.g.; a user; a system; a network node) and the entity's eligibility to access computerized information. Designed to protect against fraudulent logon activity. Authentication can also refer to the
Filtering router
Authentication
Hacker
Hyperlink

5. An attack using packets with the spoofed source Internet packet (IP) addresses. This technique exploits applications that use authentication based on IP addresses. This technique also may enable an unauthorized user to gain root access on the target
Auditability
UNIX
Internet packet (IP) spoofing
Performance testing

6. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes
IT governance
Due care
Harden
Uploading

7. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.
Hierarchical database
Simple fail-over
Logon
Fourth generation language (4GL)

8. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.
Database administrator (DBA)
Threat
Distributed data processing network
Reasonableness check

9. The physical layout of how computers are linked together. Examples include ring; star and bus.
Topology
Service level agreement (SLA)
Population
Network

10. A language; which enables electronic documents that present information that can be connected together by links instead of being presented sequentially; as is the case with normal text.
COCO
Unit testing
Object code
Hypertext

11. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for
Content filtering
Internet Inter-ORB Protocol (IIOP)
Baseband
Control perimeter

12. Polymorphism refers to database structures that send the same command to different child objects that can produce different results depending on their family hierarchical tree structure.
Audit accountability
Rotating standby
Data flow
Polymorphism (objects)

13. A language used to control run routines in connection with performing tasks on a computer
RS-232 interface
Job control language (JCL)
Single point of failure
UDDI

14. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis
Data communications
Virtual private network (VPN)
Static analysis
Systems development life cycle (SDLC)

15. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.
Data custodian
Operator console
Noise
Local loop

16. An individual or department responsible for the security and information classification of the shared data stored on a database system. This responsibility includes the design; definition and maintenance of the database.
Redo logs
Batch processing
RADIUS (remote authentication dial-in user service)
Database administrator (DBA)

17. The use of alphabetic characters or an alphabetic character string
Buffer
Alpha
Rounding down
Split data systems

18. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making
Application layer
Cryptography
Master file
Management information system (MIS)

19. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer
Redundancy check
Source documents
Certificate Revocation List
Input controls

20. The potential loss to an area due to the occurrence of an adverse event
Internet Inter-ORB Protocol (IIOP)
Budget
Multiplexor
Exposure

21. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.
Security software
Integrated services digital network (ISDN)
Database administrator (DBA)
Bypass label processing (BLP)

22. A project management technique used in the planning and control of system projects
Program evaluation and review technique (PERT)
Brute force
Digital certification
Compliance testing

23. An interface point between the CPU and a peripheral device
Card swipes
Signatures
Port
world wide web (WWW)

24. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information
Hacker
Trusted systems
HTTP (hyper text transfer protocol)
X.500

25. The ability to exercise judgement; express opinions and present recommendations with impartiality
Redundancy check
Objectivity
System flowcharts
Application system

26. Comparing the system's performance to other equivalent systems using well defined benchmarks
Performance testing
Verification
COCO
Simple fail-over

27. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users
Risk assessment
Split DNS
Wiretapping
Network administrator

28. The transmission of job control language (JCL) and batches of transactions from a remote terminal location
Source documents
Object Management Group (OMG)
Remote job entry (RJE)
Utility programs

29. Any intentional violation of the security policy of a system
Intrusion
Sequence check
Recovery time objective (RTO)
Audit trail

30. These controls are designed to correct errors; omissions and unauthorized uses and intrusions; once they are detected.
Cluster controller
Corrective controls
False negative
X.500

31. English-like; user friendly; nonprocedural computer languages used to program and/or read and process computer files
Fourth generation language (4GL)
Star topology
Application maintenance review
Audit authority

32. A multiuser; multitasking operating system that is used widely as the master control program in workstations and especially servers
Hash total
UNIX
Budget formula
Central processing unit (CPU)

33. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.
Control risk
Digital signature
Data Encryption Standard (DES)
Decryption key

34. Source lines of code are often used in deriving single-point software-size estimations.
Population
Source lines of code (SLOC)
Sniff
BSP (business service provider)

35. Unusual or statistically rare
Anomaly
Vaccine
Program evaluation and review technique (PERT)
Sequence check

36. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Audit expert systems
Untrustworthy host
Business process reengineering (BPR)

37. (remote authentication dial-in user service)
Recovery point objective (RPO)—
Machine language
RADIUS
Data analysis

38. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.
Verification
Access path
Message switching
Materiality

39. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries
Broadband
Decentralization
Wide area network (WAN)
Validity check

40. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels
Idle standby
Audit accountability
Telnet
Transaction log

41. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea
Decryption
Cohesion
Degauss
Cross-certification

42. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities
Capacity stress testing
Local loop
Central processing unit (CPU)
BSP (business service provider)

43. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems
Risk
Management information system (MIS)
Indexed sequential access method (ISAM)
Twisted pairs

44. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered
Incremental testing
Feasibility study
IP (Internet protocol)
Security/transaction risk

45. The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction
Initial program load (IPL)
Combined Code on Corporate Governance
Application layer
Microwave transmission

46. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules
Hexadecimal
ACK (acknowledgement)
Sequence check
Internet Inter-ORB Protocol (IIOP)

47. Detects transmission errors by appending calculated bits onto the end of each segment of data
Hacker
Rulebase
DMZ (demilitarized zone)
Redundancy check

48. Also known as traditional development; it is a very procedure-focused development cycle with formal sign-off at the completion of each level.
Waterfall development
Operational risk
Point-of-presence (POP)
Point-of-sale systems (POS)

49. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links
Magnetic ink character recognition (MICR)
Business process reengineering (BPR)
Demodulation
Data communications

50. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.
End-user computing
Field
Passive assault
DDoS (distributed denial-of-service) attack