SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Point at which terminals are given access to a network
Node
Audit evidence
Attribute sampling
Screening routers
2. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy
Virtual private network (VPN)
Rotating standby
Feasibility study
Backup
3. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)
Penetration testing
Rapid application development
IP (Internet protocol)
Application implementation review
4. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis
Budget hierarchy
Static analysis
Bar code
Budget formula
5. An integrated set of computer programs designed to serve a particular function that has specific input; processing and output activities (e.g.; general ledger; manufacturing resource planning; human resource management)
Application system
virtual organizations
Telecommunications
Fault tolerance
6. A sampling technique that estimates the amount of overstatement in an account balance
Taps
Monetary unit sampling
Asymmetric key (public key)
Integrated test facilities (ITF)
7. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files
Dial-back
Logical access controls
Enterprise governance
L2F (Layer 2 forwarding)
8. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the
Passive assault
Anomaly
Data custodian
liquidity risk
9. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.
Function point analysis
Useful audit evidence
Untrustworthy host
Cohesion
10. Digital information; such as cleartext; that is intelligible to the reader
Plaintext
Redundancy check
Expert systems
Image processing
11. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example
Checkpoint restart procedures
Security policy
External router
Manual journal entry
12. The transfer of service from an incapacitated primary component to its backup component
Fail-over
Computer-assisted audit technique (CAATs)
Service user
HTTP (hyper text transfer protocol)
13. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and
Security software
Expert systems
Application controls
Adjusting period
14. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences
Comparison program
File
Cryptography
Trap door
15. The consolidation in 1998 of the ''Cadbury;'' ''Greenbury'' and ''Hampel'' Reports. Named after the Committee Chairs; these reports were sponsored by the UK Financial Reporting Council; the London Stock Exchange; the Confederation of British Industry
vulnerability
Downtime report
Combined Code on Corporate Governance
Electronic cash
16. Impartial point of view which allows the IS auditor to act objectively and with fairness
Appearance
Independent attitude
Reliable audit evidence
ISP (Internet service provider)
17. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.
Budget formula
Teleprocessing
Port
Fail-safe
18. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.
Black box testing
War dialler
Production software
Universal Description; Discovery and Integration (UDDI)
19. A set of protocols developed by the IETF to support the secure exchange of packets
Application security
Fail-safe
PPTP (point-to-point tunneling protocol)
IPSec (Internet protocol security)
20. A fail-over process in which there are two nodes (as in idle standby but without priority). The node that enters the cluster first owns the resource group; and the second will join as a standby node.
Bar case
L2F (Layer 2 forwarding)
Data leakage
Rotating standby
21. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.
Bus
COCO
Audit risk
Protocol converter
22. A device that forwards packets between LAN devices or segments. LANs that use switches are called switched LANs.
Independence
DDoS (distributed denial-of-service) attack
Verification
Switch
23. Analysis of the security state of a system or its compromise on the basis of information collected at intervals
Vulnerability analysis
Utility software
Passive assault
Enterprise governance
24. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.
Router
Availability
Database management system (DBMS)
Data security
25. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of
Control risk self-assessment
Symmetric key encryption
Application programming interface (API)
Monitoring policy
26. A telecommunications traffic controlling methodology in which a complete message is sent to a concentration point and stored until the communications path is established
Message switching
Tcpdump
Log
Evidence
27. The structure through which the objectives of an organization are set; and the means of attaining those objectives; and determines monitoring performance guidelines. Good corporate governance should provide proper incentives for board and management
price risk
Decryption key
Internal control structure
Corporate governance
28. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication
Automated teller machine (ATM)
E-mail/interpersonal messaging
Brouters
Man-in-the-middle attack
29. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems
Plaintext
Information engineering
Administrative controls
Local area network (LAN)
30. The primary language used by both application programmers and end users in accessing relational databases
Systems acquisition process
Parity check
Reputational risk
Structured Query Language (SQL)
31. A computer program or set of programs that perform the processing of records for a specific function
Sampling risk
Internet packet (IP) spoofing
Application
Intrusion detection
32. Detection on the basis of whether the system activity matched that defined as abnormal
Applet
Anomaly detection
Digital signature
Verification
33. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re
Check digit verification (self-checking digit)
Inheritance (objects)
Operating system audit trails
Control risk self-assessment
34. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange
Telecommunications
Sniffing
Record
Wide area network (WAN)
35. The logical language a computer understands
Machine language
Symmetric key encryption
Parallel simulation
Application controls
36. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'
Residual risk
Run instructions
COSO
Screening routers
37. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations
Integrity
Applet
Privilege
HTTPS (hyper text transfer protocol secure)
38. Specifies the format of packets and the addressing scheme
Reciprocal agreement
Challenge/response token
IP (Internet protocol)
Trusted processes
39. The process of converting an analog telecommunications signal into a digital computer signal
Buffer
Controls (Control procedures)
Demodulation
Full duplex
40. A communications channel over which data can be sent and received simultaneously
Engagement letter
System testing
Full duplex
Authentication
41. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;
Offsite storage
Card swipes
Distributed data processing network
Cohesion
42. An approach to system development where the basic unit of attention is an object; which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template ca
Production software
PPTP (point-to-point tunneling protocol)
Intranet
Object orientation
43. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.
Active response
Masqueraders
Hash total
Hierarchical database
44. A pair of small; insulated wires that are twisted around each other to minimize interference from other wires in the cable. This is a low-capacity transmission medium.
Twisted pairs
Incremental testing
Asymmetric key (public key)
File
45. An attack capturing sensitive pieces of information; such as passwords; passing through the network
Broadband
Sniffing
Scure socket layer (SSL)
Voice mail
46. Records of system events generated by a specialized operating system mechanism
Fail-over
Sampling risk
Subject matter (Area of activity)
Operating system audit trails
47. Detection on the basis of whether the system activity matches that defined as bad
Harden
Fourth generation language (4GL)
Noise
Misuse detection
48. A third party that provides organizations with a variety of Internet; and Internet-related services
PPTP (point-to-point tunneling protocol)
ISP (Internet service provider)
Pervasive IS controls
Intrusive monitoring
49. An input device that reads characters and images that are printed or painted on a paper form into the computer.
Latency
Embedded audit module
Distributed data processing network
Optical scanner
50. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management
implementation life cycle review
Assembler
Internet packet (IP) spoofing
Degauss
