Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development






2. Confidentiality concerns the protection of sensitive information from unauthorized disclosure






3. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management






4. An entity that may be given responsibility for performing some of the administrative tasks necessary in the registration of subjects; such as confirming the subject's identity; validating that the subject is entitled to have the attributes requested






5. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system






6. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities






7. A permanent connection between hosts in a packet switched network






8. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat






9. An exception report is generated by a program that identifies transactions or data that appear to be incorrect. These items may be outside a predetermined range or may not conform to specified criteria.






10. A protocol used for transmitting data between two ends of a connection






11. Computer hardware that houses the electronic circuits that control/direct all operations of the computer system






12. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.






13. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.






14. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw






15. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of






16. A numeric value; which has been calculated mathematically; is added to data to ensure that original data have not been altered or that an incorrect; but valid match has occurred. This control is effective in detecting transposition and transcription






17. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.






18. A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Analog signals are used in telecommunications.






19. Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities.






20. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea






21. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product






22. The Internet standards setting organization with affiliates internationally from network industry representatives. This includes all network industry developers and researchers concerned with evolution and planned growth of the Internet.






23. Provide verification that all transmitted data are read and processed






24. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an






25. A standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system.






26. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions






27. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.






28. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example






29. Identified by one central processor and databases that form a distributed processing configuration






30. Criteria Of Control; published by the Canadian Institute of Chartered Accountants in 1995






31. Auxiliary computer hardware equipment used for input; output and data storage. Examples include disk drives and printers.






32. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system






33. Any yearly accounting period without regard to its relationship to a calendar year.






34. A device for sending and receiving computerized data over transmission lines






35. A document that confirms the client's and the IS auditor's acceptance of a review assignment






36. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.






37. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population






38. A system's level of resilience to seamlessly react from hardware and/or software failure






39. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes






40. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes






41. A device that connects two similar networks together






42. A system development technique that enables users and developers to reach agreement on system requirements. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphas






43. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload






44. A utility program that combines several separately compiled modules into one; resolving internal references between them






45. A group of computers connected by a communications network; where the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server but it






46. A project management technique used in the planning and control of system projects






47. A named collection of related records






48. Weaknesses in systems that can be exploited in ways that violate security policy






49. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.






50. A file of semipermanent information that is used frequently for processing data or for more than one purpose