SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A set of communications protocols that encompasses media access; packet transport; session communications; file transfer; electronic mail; terminal emulation; remote file access and network management. TCP/IP provides the basis for the Internet.
Interface testing
Uninterruptible power supply (UPS)
Man-in-the-middle attack
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
2. The organization providing the outsourced service
world wide web (WWW)
Continuity
Addressing
Service provider
3. Processes certified as supporting a security goal
Benchmark
Trusted processes
Edit controls
Integrated test facilities (ITF)
4. Weaknesses in systems that can be exploited in ways that violate security policy
Service user
Vulnerabilities
Data Encryption Standard (DES)
General computer controls
5. Programs that are used to process live or actual data that were received as input into the production environment.
Privacy
Production programs
Shell
Exception reports
6. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m
price risk
Masking
Application system
Integrated test facilities (ITF)
7. This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer.
Checkpoint restart procedures
Continuous auditing approach
Control perimeter
Log
8. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key
Security administrator
Private key
SYN (synchronize)
Regression testing
9. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function
Internal storage
Budget hierarchy
Communications controller
X.25 interface
10. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch
Fail-over
Audit trail
Indexed sequential access method (ISAM)
Spanning port
11. An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions
Compensating control
Untrustworthy host
Journal entry
Function point analysis
12. An international standard that defines information confidentiality; integrity and availability controls
Independent attitude
ISO17799
Monetary unit sampling
Posting
13. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.
Anonymity
Static analysis
Production software
Control Objectives for Enterprise Governance
14. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population
Security testing
Discovery sampling
Reasonableness check
Electronic cash
15. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances
Record
Trap door
Audit authority
Due professional care
16. The risk of errors occurring in the area being audited
Modulation
Port
Error risk
Cross-certification
17. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial
price risk
Filtering router
Enterprise resource planning
Editing
18. A method used in the information processing facility (IPF) to determine and establish the sequence of computer job processing
Synchronous transmission
System software
ASP/MSP (application or managed service provider)
Scheduling
19. A biometric device that is used to authenticate a user through palm scans
Handprint scanner
Finger
Reliable audit evidence
Internet Engineering Task Force (IETF)
20. The roles; scope and objectives documented in the service level agreement between management and audit
Parity check
Judgment sampling
Data analysis
Audit responsibility
21. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.
Application programming
Batch processing
Masking
NAT (Network Address Translation)
22. A telecommunications carrier's facilities in a local area in which service is provided where local service is switched to long distance
Non-intrusive monitoring
Central office (CO)
Regression testing
Application program
23. The process of taking an unencrypted message (plaintext); applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)
RFC (request for comments)
Encryption
Independent appearance
Useful audit evidence
24. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.
Rootkit
Unit testing
Machine language
Biometrics
25. Analysis that is performed on a continuous basis; with results gained in time to alter the run-time system
Data dictionary
UDP (User Datagram Protocol)
Performance testing
Real-time analysis
26. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))
Security software
Web Services Description Language (WSDL)
Unit testing
Online data processing
27. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system
Components (as in component-based development)
Local loop
Communications controller
IDS (intrusion detection system)
28. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.
File layout
Salami technique
Sequential file
Recovery time objective (RTO)
29. Checks that data are entered correctly
Echo checks
Trap door
Verification
Application maintenance review
30. A printed machine-readable code that consists of parallel bars of varied width and spacing
Baseband
Fail-over
Bar code
Independent attitude
31. A fail-over process; which is basically a two-way idle standby: two servers are configured so that both can take over the other node's resource group. Both must have enough CPU power to run both applications with sufficient speed; or performance loss
Mutual takeover
Anonymity
Blackbox testing
ACK (acknowledgement)
32. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d
Integrated services digital network (ISDN)
Availability
Bridge
Protocol
33. Files; equipment; data and procedures available for use in the event of a failure or loss; if the originals are destroyed or out of service
PPP (point-to-point protocol)
Object-oriented system development
File layout
Backup
34. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.
Modem (modulator-demodulator)
X.25 interface
Service level agreement (SLA)
Internal control
35. Programmed checking of data validity in accordance with predetermined criteria
Checkpoint restart procedures
Bar case
Coverage
Validity check
36. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint
Registration authority (RA)
Application maintenance review
Biometrics
Detailed IS ontrols
37. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems
Operating system
Exception reports
Telecommunications
Security testing
38. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.
Wide area network (WAN)
Access path
Sniffing
Web site
39. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity
Half duplex
False negative
Editing
Data Encryption Standard (DES)
40. A report that identifies the elapsed time when a computer is not operating correctly because of machine failure
Credentialed analysis
Downtime report
Business impact analysis (BIA)
Sampling risk
41. Applications that detect; prevent and possibly remove all known viruses from files located in a microcomputer hard drive
Business impact analysis (BIA)
Antivirus software
virtual organizations
Nonrepudiable trnasactions
42. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)
Application implementation review
Rapid application development
Systems development life cycle (SDLC)
Uploading
43. Programs and supporting documentation that enable and facilitate use of the computer. Software controls the operation of the hardware.
Black box testing
Circular routing
Business process reengineering (BPR)
Software
44. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission
Record; screen and report layouts
Telecommunications
SYN (synchronize)
Availability
45. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm
HTTPS (hyper text transfer protocol secure)
Systems development life cycle (SDLC)
Backup
Field
46. A permanent connection between hosts in a packet switched network
Teleprocessing
HTTP (hyper text transfer protocol)
TACACS+ (terminal access controller access control system plus)
Permanent virtual circuit (PVC)
47. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an
Anomaly detection
Run-to-run totals
Untrustworthy host
Shell
48. Impartial point of view which allows the IS auditor to act objectively and with fairness
Worm
Electronic cash
Independent attitude
IT governance
49. A sub-network of the Internet through which information is exchanged by text; graphics; audio and video.
RADIUS
Independent appearance
Downtime report
world wide web (WWW)
50. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac
Data leakage
Systems acquisition process
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Adjusting period
