SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The structure through which the objectives of an organization are set; and the means of attaining those objectives; and determines monitoring performance guidelines. Good corporate governance should provide proper incentives for board and management
Ciphertext
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Corporate governance
Screening routers
2. Refers to a sprinkler system that does not have water in the pipes during idle usage; unlike a fully charged fire extinguisher system that has water in the pipes at all times. The dry-pipe system is activated at the time of the fire alarm; and water
Screening routers
Dry-pipe fire extinguisher system
Registration authority (RA)
DMZ (demilitarized zone)
3. Defined minimum performance measures at or above which the service delivered is considered acceptable
Security management
Recovery time objective (RTO)
Service level agreement (SLA)
Hardware
4. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack
Protection domain
False positive
Fault tolerance
RS-232 interface
5. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity
False negative
Detection risk
Materiality
PPTP (point-to-point tunneling protocol)
6. Advanced computer systems that can simulate human capabilities; such as analysis; based on a predetermined set of rules
Information processing facility (IPF)
Input controls
Artificial intelligence
Internal control structure
7. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem
Sniff
Data dictionary
Internet Inter-ORB Protocol (IIOP)
Geographic disk mirroring
8. A system's level of resilience to seamlessly react from hardware and/or software failure
Embedded audit module
Fault tolerance
DDoS (distributed denial-of-service) attack
Artificial intelligence
9. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it
Fail-safe
Synchronous transmission
Cold site
Internet packet (IP) spoofing
10. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.
Useful audit evidence
Business-to-consumer e-commerce (B2C)
Audit responsibility
COCO
11. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996
COBIT
Intrusion detection
Control section
Coverage
12. A standardized body of data created for testing purposes. Users normally establish the data. Base case validates production application systems and tests the ongoing accurate operation of the system.
Modulation
Frame relay
Degauss
Bar case
13. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba
Protocol
Corporate exchange rate
Operational risk
Audit objective
14. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules
Internet Inter-ORB Protocol (IIOP)
Indexed sequential file
L2F (Layer 2 forwarding)
Object-oriented system development
15. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.
Virus
BSP (business service provider)
Operational control
Packet filtering
16. A file format in which the file is divided into multiple subfiles and a directory is established to locate each subfile
Internet banking
Internet
Network administrator
Partitioned file
17. Is present when a financial asset or liability is denominated in a foreign currency or is funded by borrowings in another currency
Logical access controls
Bulk data transfer
Foreign exchange risk
Batch control
18. Requiring a great deal of computing power; processor intensive
Program flowcharts
Antivirus software
Service bureau
Computationally greedy
19. A system of storing messages in a private recording medium where the called party can later retrieve the messages
Structured programming
Objectivity
Voice mail
External router
20. Processes certified as supporting a security goal
Abend
Audit accountability
Interface testing
Trusted processes
21. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.
Cathode ray tube (CRT)
Digital certificate
Program evaluation and review technique (PERT)
Reasonableness check
22. The act of verifying the identity of a system entity (e.g.; a user; a system; a network node) and the entity's eligibility to access computerized information. Designed to protect against fraudulent logon activity. Authentication can also refer to the
Edit controls
Split data systems
Internet Inter-ORB Protocol (IIOP)
Authentication
23. A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need
Prototyping
Offline files
Access method
Feasibility study
24. A special terminal used by computer operations personnel to control computer and systems operations functions. These terminals typically provide a high level of computer access and should be properly secured.
Vulnerabilities
Operator console
Statistical sampling
Application controls
25. A language; which enables electronic documents that present information that can be connected together by links instead of being presented sequentially; as is the case with normal text.
Consumer
Hypertext
Half duplex
Application layer
26. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data
Data owner
Untrustworthy host
Fault tolerance
Mapping
27. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C
Downtime report
Batch processing
Vaccine
Object Management Group (OMG)
28. A system development methodology that is organised around ''objects'' rather than ''actions;' and 'data ' rather than 'logic.' Object-oriented analysis is an assessment of a physical system to determine which objects in the real world need to be repr
General computer controls
Performance testing
Object-oriented system development
Base case
29. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.
Application programming
Test data
Baseband
Data custodian
30. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Extensible Markup Language (XML)
Object code
Nonrepudiation
Default password
31. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.
Computer server
Electronic funds transfer (EFT)
System exit
Substantive testing
32. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.
FIN (final)
Point-of-presence (POP)
ISO17799
Repudiation
33. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code
Security perimeter
Assembler
Comparison program
Public key infrastructure
34. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.
Honey pot
TCP (transmission control protocol)
Sniffing
Reverse engineering
35. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an
Strategic risk
Untrustworthy host
Circular routing
Service bureau
36. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b
Reputational risk
Application implementation review
SMTP (Simple Mail Transport Protocol)
Applet
37. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems
Coupling
Control Objectives for Enterprise Governance
Intrusive monitoring
Tuple
38. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)
Vulnerability analysis
Mapping
Comparison program
Detailed IS ontrols
39. Group of people responsible for a project; whose terms of reference may include the development; acquisition; implementation or maintenance of an application system. The team members may include line management; operational line staff; external contr
Trap door
Project team
SYN (synchronize)
Variable sampling
40. Confidentiality concerns the protection of sensitive information from unauthorized disclosure
Confidentiality
Administrative controls
Exposure
Passive response
41. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems
Taps
System testing
Compliance testing
Artificial intelligence
42. An edit check designed to ensure the data in a particular field is numeric
Numeric check
Encryption key
Certificate authority (CA)
Table look-ups
43. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of
Risk
Embedded audit module
Residual risk
Audit evidence
44. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making
World Wide Web Consortium (W3C)
Management information system (MIS)
Record; screen and report layouts
Masking
45. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.
Downtime report
Packet
LDAP (Lightweight Directory Access Protocol)
Service provider
46. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial
Enterprise resource planning
Audit responsibility
Attitude
Run instructions
47. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups
Plaintext
browser
Internal penetrators
Control group
48. A response; in which the system (automatically or in concert with the user) blocks or otherwise affects the progress of a detected attack. The response takes one of three forms--amending the environment; collecting more information or striking back a
Database replication
Function point analysis
Active response
Ethernet
49. An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)
L2TP (Layer 2 tunneling protocol)
Editing
Quick ship
Attribute sampling
50. An interface point between the CPU and a peripheral device
Port
Test programs
Technical infrastructure security
Audit program