SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The main memory of the computer's central processing unit
Internal storage
Intrusion
Encryption key
Asynchronous transmission
2. The boundary that defines the area of security concern and security policy coverage
Security perimeter
Universal Description; Discovery and Integration (UDDI)
Control Objectives for Enterprise Governance
Procedure
3. A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations
Microwave transmission
Diskless workstations
Anomaly
Control Objectives for Enterprise Governance
4. Behavior adequate to meet the situations occurring during audit work (interviews; meetings; reporting; etc.). The IS auditor should be aware that appearance of independence depends upon the perceptions of others and can be influenced by improper acti
Logs/Log file
Business-to-consumer e-commerce (B2C)
Local area network (LAN)
Appearance of independence
5. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed
File layout
Promiscuous mode
Repudiation
Standing data
6. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links
e-commerce
Private key cryptosystems
Encryption key
Data communications
7. A type of service providing an authentication and accounting system often used for dial-up and remote access security
Source code compare programs
Brouters
Digital certification
RADIUS (remote authentication dial-in user service)
8. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels
Range check
Audit accountability
Monitoring policy
Components (as in component-based development)
9. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'
COSO
Dial-back
Audit trail
Object Management Group (OMG)
10. A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster
Application program
Hot site
Application software tracing and mapping
LDAP (Lightweight Directory Access Protocol)
11. A layer within the International Organization for Standardization (ISO)/Open Systems Interconnection (OSI) model. It is used in information transfers between users through application programs and other devices. In this layer various protocols are ne
Bus topology
Application layer
Engagement letter
Software
12. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat
Audit trail
Operating system
Systems development life cycle (SDLC)
Application acquisition review
13. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;
virtual organizations
legal risk
Detailed IS ontrols
Security management
14. The risk of errors occurring in the area being audited
General computer controls
Fail-safe
Whitebox testing
Error risk
15. The individual responsible for the safeguard and maintenance of all program and data files
Librarian
Wiretapping
HTTP (hyper text transfer protocol)
Security management
16. An audit designed to determine the accuracy of financial records and information
Geographic disk mirroring
Protocol converter
Cadbury
Financial audit
17. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations
Communications controller
Analog
Residual risk
Integrity
18. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul
Parallel simulation
Source documents
Piggy backing
Population
19. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.
Statistical sampling
Cluster controller
Piggy backing
Inherent risk
20. An attack using packets with the spoofed source Internet packet (IP) addresses. This technique exploits applications that use authentication based on IP addresses. This technique also may enable an unauthorized user to gain root access on the target
Decryption key
Point-of-presence (POP)
Protection domain
Internet packet (IP) spoofing
21. A protocol for packet-switching networks
X.25
Function point analysis
Foreign exchange risk
Internal control
22. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management
Harden
Router
Security administrator
Integrated test facilities (ITF)
23. A fail-over process in which there are two nodes (as in idle standby but without priority). The node that enters the cluster first owns the resource group; and the second will join as a standby node.
FTP (file transfer protocol)
Operational control
Continuity
Rotating standby
24. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no
Data leakage
SYN (synchronize)
Idle standby
Central office (CO)
25. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.
Security administrator
Bar case
Hexadecimal
Cryptography
26. Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network; while denying access from the Internet directly to the private network.
Credentialed analysis
DMZ (demilitarized zone)
Machine language
Integrated test facilities (ITF)
27. The Internet standards setting organization with affiliates internationally from network industry representatives. This includes all network industry developers and researchers concerned with evolution and planned growth of the Internet.
Fiber optic cable
Business-to-consumer e-commerce (B2C)
Rapid application development
Internet Engineering Task Force (IETF)
28. A software engineering technique whereby an existing application system code can be redesigned and coded using computer-aided software engineering (CASE) technology
Reverse engineering
Attitude
Logs/Log file
Single point of failure
29. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal
Optical scanner
Integrity
Real-time processing
Cohesion
30. A file of semipermanent information that is used frequently for processing data or for more than one purpose
ISP (Internet service provider)
Master file
Hub
Systems development life cycle (SDLC)
31. A program that translates programming language (source code) into machine executable instructions (object code)
Subject matter (Area of activity)
X.25 interface
Wide area network (WAN)
Compiler
32. Detection on the basis of whether the system activity matches that defined as bad
Due care
War dialler
Misuse detection
Protection domain
33. Emergency processing agreements between two or more organizations with similar equipment or applications. Typically; participants promise to provide processing time to each other when an emergency arises.
Packet filtering
Reciprocal agreement
Security administrator
Structured programming
34. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information
Trusted systems
PPP (point-to-point protocol)
Cold site
Cluster controller
35. An audit designed to determine the accuracy of financial records; as well as evaluate the internal controls of a function or department
Audit sampling
Audit evidence
Comprehensive audit
Duplex routing
36. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o
Noise
Open systems
Source code compare programs
Test data
37. A method used in the information processing facility (IPF) to determine and establish the sequence of computer job processing
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Signatures
Scheduling
Electronic signature
38. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo
Integrated services digital network (ISDN)
ISP (Internet service provider)
System flowcharts
Anonymous File Transfer Protocol (FTP)
39. A device for sending and receiving computerized data over transmission lines
Vulnerabilities
Electronic vaulting
Edit controls
Terminal
40. A multiuser; multitasking operating system that is used widely as the master control program in workstations and especially servers
Decision support systems (DSS)
UNIX
Non-intrusive monitoring
Audit plan
41. A computer file storage format in which one record follows another. Records can be accessed sequentially only. It is required with magnetic tape.
Dial-back
Sequence check
Sequential file
Budget
42. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key
Active response
Parallel simulation
Private key
Outsourcing
43. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus
Masking
e-commerce
Electronic data interchange (EDI)
Bar case
44. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.
Budget organization
Protocol
Base case
Dynamic analysis
45. A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also; that permits multimedia (graphics) applications on the World Wide Web
Access rights
Application maintenance review
Nonrepudiation
browser
46. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action
Passive response
Mapping
Database administrator (DBA)
Interest rate risk
47. A standardized body of data created for testing purposes. Users normally establish the data. Base case validates production application systems and tests the ongoing accurate operation of the system.
COBIT
Bar case
Continuous auditing approach
RSA
48. Testing an application with large quantities of data to evaluate its performance during peak periods. It also is called volume testing.
COCO
Business impact analysis (BIA)
File layout
Capacity stress testing
49. Impartial point of view which allows the IS auditor to act objectively and with fairness
Centralized data processing
Independent attitude
Benchmark
Split DNS
50. A project management technique used in the planning and control of system projects
Audit accountability
Auditability
Program evaluation and review technique (PERT)
Artificial intelligence
