Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A process used to identify and evaluate risks and their potential effects
Message switching
Random access memory (RAM)
Format checking
Risk assessment

2. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.
Control weakness
Electronic cash
Online data processing
Decryption key

3. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m
price risk
Journal entry
Electronic signature
Brute force

4. Asoftware testing technique whereby the internal workings of the item being tested are not known by the tester. For example - in a black box test on a software design the tester only knows the inputs and what the expected outcomes should be and not h
Operational audit
Blackbox testing
Star topology
Source code compare programs

5. A system's level of resilience to seamlessly react from hardware and/or software failure
Token ring topology
Protocol
Fault tolerance
Worm

6. A system software tool that logs; monitors and directs computer tape usage
Tape management system (TMS)
Ciphertext
Computer server
Electronic signature

7. A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster
Transaction
Hot site
IP (Internet protocol)
Star topology

8. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio
Inheritance (objects)
Object Management Group (OMG)
False positive
Coaxial cable

9. A set of protocols developed by the IETF to support the secure exchange of packets
Web Services Description Language (WSDL)
Spool (simultaneous peripheral operations online)
ASP/MSP (application or managed service provider)
IPSec (Internet protocol security)

10. Analysis of the security state of a system or its compromise on the basis of information collected at intervals
Application acquisition review
Vulnerability analysis
Check digit
Broadband

11. Weaknesses in systems that can be exploited in ways that violate security policy
Normalization
Salami technique
Vulnerabilities
ISP (Internet service provider)

12. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.
Datagram
Network administrator
Hash total
Business-to-consumer e-commerce (B2C)

13. A protocol for packet-switching networks
X.25
Systems analysis
Trusted systems
Check digit

14. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Random access memory (RAM)
Service provider
Statistical sampling
Object code

15. An interface point between the CPU and a peripheral device
Corrective controls
Source lines of code (SLOC)
Port
IPSec (Internet protocol security)

16. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'
Editing
COSO
Bridge
Parallel simulation

17. A 24-hour; stand-alone mini-bank; located outside branch bank offices or in public places like shopping malls. Through ATMs; clients can make deposits; withdrawals; account inquiries and transfers. Typically; the ATM network is comprised of two spher
Automated teller machine (ATM)
Online data processing
Sampling risk
Audit authority

18. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks
Security perimeter
Idle standby
Fiber optic cable
Decision support systems (DSS)

19. A program that translates programming language (source code) into machine executable instructions (object code)
Attitude
Compiler
ASCII (American Standard Code for Information Interchange)
Transaction

20. Range checks ensure that data fall within a predetermined range (also see limit checks).
Split DNS
Foreign exchange risk
Financial audit
Range check

21. A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also; that permits multimedia (graphics) applications on the World Wide Web
browser
IP (Internet protocol)
Audit program
Redundancy check

22. Self-governance and freedom from conflict of interest and undue influence. The IS auditor should be free to make his/her own decisions; not influenced by the organization being audited and its people (managers and employers).
Trap door
Modulation
Hub
Independence

23. A web-based version of the traditional phone book's yellow and white pages enabling businesses to be publicly listed in promoting greater e-commerce activities.
Redo logs
Universal Description; Discovery and Integration (UDDI)
Corporate governance
RFC (request for comments)

24. The elimination of redundant data
Normalization
Universal Description; Discovery and Integration (UDDI)
Audit expert systems
Online data processing

25. A card reader that reads cards with a magnetizable surface on which data can be stored and retrieved
IDS (intrusion detection system)
Database replication
Reengineering
Magnetic card reader

26. The ability of end users to design and implement their own information system utilizing computer software products
End-user computing
Baseband
Synchronous transmission
Smart card

27. Applications that detect; prevent and possibly remove all known viruses from files located in a microcomputer hard drive
Corporate exchange rate
Harden
Antivirus software
Posting

28. Character-at-a-time transmission
Dumb terminal
Asynchronous transmission
Editing
Asynchronous Transfer Mode (ATM)

29. In open systems architecture; circular routing is the logical path of a message in a communications network based on a series of gates at the physical network layer in the open systems interconnection (OSI) model.
PPTP (point-to-point tunneling protocol)
Operational control
Network hop
Circular routing

30. The objectives of management that are used as the framework for developing and implementing controls (control procedures).
Arithmetic-logic unit (ALU)
NAT (Network Address Translation)
Echo checks
Control objective

31. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels
Audit accountability
Logs/Log file
FIN (final)
Performance testing

32. A system of interconnected computers and the communications equipment used to connect them
Network
War dialler
Software
Rounding down

33. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data
Data owner
Electronic cash
Reputational risk
Client-server

34. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm
DoS (denial-of-service) attack
Outsourcing
Incremental testing
Systems development life cycle (SDLC)

35. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.
Warm-site
Attitude
Operational audit
Data dictionary

36. An interface between data terminal equipment (DTE) and data circuit-terminating equipment (DCE) for terminals operating in the packet mode on some public data networks
X.25 interface
Statistical sampling
Source code compare programs
Business risk

37. A computer file storage format in which one record follows another. Records can be accessed sequentially only. It is required with magnetic tape.
Top-level management
Web page
Sequential file
Masking

38. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw
Digital signature
Corporate exchange rate
Optical character recognition
Firewall

39. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an
Authorization
Harden
War dialler
Generalized audit software

40. A piece of information; in a digitized form; used by an encryption algorithm to convert the plaintext to the ciphertext
Encryption key
Encapsulation (objects)
Internal penetrators
Combined Code on Corporate Governance

41. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes
Business-to-consumer e-commerce (B2C)
Baud rate
Offline files
Dumb terminal

42. System flowcharts are graphical representations of the sequence of operations in an information system or program. Information system flowcharts show how data from source documents flow through the computer to final distribution to users. Symbols use
System flowcharts
Token
Business process reengineering (BPR)
DNS (domain name system)

43. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat
Performance testing
Application acquisition review
Mutual takeover
Professional competence

44. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key
Private key
Request for proposal (RFP)
Population
FTP (file transfer protocol)

45. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload
Control section
Vulnerability analysis
Consumer
Active recovery site (mirrored)

46. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.
Numeric check
Memory dump
Verification
Detective controls

47. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is
Rounding down
Compensating control
Expert systems
Wide area network (WAN)

48. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;
Security management
Datagram
Objectivity
Foreign exchange risk

49. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer
ASCII (American Standard Code for Information Interchange)
Control section
Application implementation review
Audit sampling

50. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996
COBIT
Control section
FTP (file transfer protocol)
Point-of-presence (POP)