Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A method of user authentication. Challenge response authentication is carried out through use of the Challenge Handshake Authentication Protocol (CHAP). When a user tries to log into the server; the server sends the user a ''challenge;'' which is a r






2. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).






3. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint






4. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function






5. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim






6. A deficiency in the design or operation of a control procedure. Control weaknesses can potentially result in risks relevant to the area of activity not being reduced to an acceptable level (relevant risks are those that threaten achievement of the ob






7. The interface between the user and the system






8. Group of people responsible for a project; whose terms of reference may include the development; acquisition; implementation or maintenance of an application system. The team members may include line management; operational line staff; external contr






9. Detects line errors by retransmitting data back to the sending device for comparison with the original transmission






10. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.






11. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe






12. A list of retracted certificates






13. The router at the extreme edge of the network under control; usually connected to an ISP or other service provider; also known as border router






14. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking






15. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically






16. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof






17. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.






18. A set of communications protocols that encompasses media access; packet transport; session communications; file transfer; electronic mail; terminal emulation; remote file access and network management. TCP/IP provides the basis for the Internet.






19. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems






20. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the






21. Analysis that is performed in real time or in continuous form






22. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.






23. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers






24. A popular local area network operating system developed by the Novell Corp.






25. A document which defines the IS audit function's responsibility; authority and accountability






26. Programmed checking of data validity in accordance with predetermined criteria






27. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.






28. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.






29. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to






30. A private key cryptosystem published by the National Bureau of Standards (NBS); the predecessor of the US National Institute of Standards and Technology (NIST). DES has been used commonly for data encryption in the forms of software and hardware impl






31. A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations






32. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries






33. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.






34. A third party that provides organizations with a variety of Internet; and Internet-related services






35. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)






36. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication






37. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange






38. A device that forwards packets between LAN devices or segments. LANs that use switches are called switched LANs.






39. A debit or credit to a general ledger account. See also manual journal entry.






40. The portion of a security policy that states the general process that will be performed to accomplish a security goal






41. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.






42. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.






43. A protocol used for transmitting data between two ends of a connection






44. Analysis that is performed on a continuous basis; with results gained in time to alter the run-time system






45. A small electronic device that contains electronic memory; and possibly an embedded integrated circuit. It can be used for a number of purposes including the storage of digital certificates or digital cash; or it can be used as a token to authenticat






46. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea






47. The potential loss to an area due to the occurrence of an adverse event






48. Memory chips with embedded program code that hold their content when power is turned off






49. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).






50. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules