Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack






2. Those policies and procedures implemented to achieve a related control objective






3. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level






4. Files; equipment; data and procedures available for use in the event of a failure or loss; if the originals are destroyed or out of service






5. A system's level of resilience to seamlessly react from hardware and/or software failure






6. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.






7. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of






8. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules






9. An individual who attempts to gain unauthorized access to a computer system






10. The portion of a security policy that states the general process that will be performed to accomplish a security goal






11. A set of protocols developed by the IETF to support the secure exchange of packets






12. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;






13. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.






14. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system






15. Processes certified as supporting a security goal






16. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links






17. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions






18. A program that processes actions upon business data; such as data entry; update or query. It contrasts with systems program; such as an operating system or network control program; and with utility programs; such as copy or sort.






19. In broadband; multiple channels are formed by dividing the transmission medium into discrete frequency segments. It generally requires the use of a modem.






20. A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need






21. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules






22. Computer programs provided by a computer hardware manufacturer or software vendor and used in running the system. This technique can be used to examine processing activities; to test programs; system activities and operational procedures; to evaluate






23. Unusual or statistically rare






24. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences






25. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers






26. The name given to a class of algorithms that repeatedly try all possible combinations until a solution is found






27. The process of actually entering transactions into computerized or manual files. Such transactions might immediately update the master files or may result in memo posting; in which the transactions are accumulated over a period of time; then applied






28. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes






29. An automated detail report of computer system activity






30. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.






31. Asoftware testing technique whereby the internal workings of the item being tested are not known by the tester. For example - in a black box test on a software design the tester only knows the inputs and what the expected outcomes should be and not h






32. An international standard that defines information confidentiality; integrity and availability controls






33. In a passive assault; intruders attempt to learn some characteristic of the data being transmitted. They may be able to read the contents of the data so the privacy of the data is violated. Alternatively; although the content of the data itself may r






34. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.






35. A hierarchical database that is distributed across the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail servers






36. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is






37. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.






38. An exception report is generated by a program that identifies transactions or data that appear to be incorrect. These items may be outside a predetermined range or may not conform to specified criteria.






39. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements






40. A communications channel over which data can be sent and received simultaneously






41. Provide verification that all transmitted data are read and processed






42. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t






43. The forms used to record data that have been captured. A source document may be a piece of paper; a turnaround document or an image displayed for online data input.






44. With respect to security; a special type of virus that does not attach itself to programs; but rather spreads via other methods such as e-mail (also see virus)






45. Source lines of code are often used in deriving single-point software-size estimations.






46. A program written in a portable; platform independent computer language; such as Java. It is usually embedded in an HTML page and then executed by a browser. Applets can only perform a restricted set of operations; thus preventing; or at least minimi






47. A destructive computer program that spreads from computer to computer using a range of methods; including infecting floppy disks and other programs. Viruses typically attach themselves to a program and modify it so that the virus code runs when the p






48. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.






49. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.






50. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an