SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C
Object Management Group (OMG)
world wide web (WWW)
implementation life cycle review
Spoofing
2. A card reader that reads cards with a magnetizable surface on which data can be stored and retrieved
Magnetic card reader
Piggy backing
Run-to-run totals
Detective controls
3. The act of transferring computerized information from one computer to another computer
Dial-back
L2TP (Layer 2 tunneling protocol)
Comprehensive audit
Downloading
4. This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer.
Continuous auditing approach
Alpha
Manual journal entry
Application programming interface (API)
5. The level of trust with which a system object is imbued
Peripherals
Privilege
Security perimeter
Test programs
6. Way of thinking; behaving; feeling; etc.
Information engineering
Hierarchical database
Attitude
Black box testing
7. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec
Engagement letter
Local area network (LAN)
Sampling risk
X.25
8. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.
Digital certificate
Top-level management
Security software
System testing
9. Used to electronically scan and input written information from a source document
Optical character recognition
Frame relay
Misuse detection
Recovery testing
10. The physical layout of how computers are linked together. Examples include ring; star and bus.
Twisted pairs
Active response
Topology
Reengineering
11. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is
Logoff
Voice mail
Vaccine
Expert systems
12. A process involving the extraction of components from existing systems and restructuring these components to develop new systems or to enhance the efficiency of existing systems. Existing software systems thus can be modernized to prolong their funct
Reengineering
Internal control structure
Downtime report
Reverse engineering
13. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department
Operational audit
Bar case
Taps
Half duplex
14. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.
Asymmetric key (public key)
Technical infrastructure security
Components (as in component-based development)
Run-to-run totals
15. A communications channel over which data can be sent and received simultaneously
Fail-safe
Reasonableness check
Full duplex
Address space
16. A group of items that is waiting to be serviced or processed
PPTP (point-to-point tunneling protocol)
World Wide Web Consortium (W3C)
Integrated test facilities (ITF)
Queue
17. The risk that activities will include deliberate circumvention of controls with the intent to conceal the perpetuation of irregularities. The unauthorized use of assets or services and abetting or helping to conceal.
General computer controls
Random access memory (RAM)
Machine language
Fraud risk
18. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme
Run-to-run totals
X.25 interface
Database specifications
Public key
19. ATM is a high-bandwidth low-delay switching and multiplexing technology. It is a data link layer protocol. This means that it is a protocol-independent transport mechanism. ATM allows integration of real-time voice and video as well as data. ATM allo
Audit sampling
Asynchronous Transfer Mode (ATM)
Security software
Anomaly
20. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently
Parallel simulation
Residual risk
Information processing facility (IPF)
Concurrent access
21. The process of determining what types of activities are permitted. Ordinarily; authorisation is in the context of authentication: once you have authenticated a user; he/she may be authorised to perform different types of access or activity
Electronic funds transfer (EFT)
Authorization
Criteria
Verification
22. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population
Audit sampling
Interface testing
Business impact analysis (BIA)
Piggy backing
23. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof
Dial-back
Computationally greedy
Security testing
Audit expert systems
24. A set of protocols developed by the IETF to support the secure exchange of packets
Accountability
Irregularities
E-mail/interpersonal messaging
IPSec (Internet protocol security)
25. The relationships among files in a database and among data items within each file
Data structure
Exception reports
External router
Security software
26. The rules by which a network operates and controls the flow and priority of transmissions
Middleware
Symmetric key encryption
Data custodian
Protocol
27. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur
Signatures
Reverse engineering
Client-server
Benchmark
28. Program flowcharts show the sequence of instructions in a single program or subroutine. The symbols used should be the internationally accepted standard. Program flowcharts should be updated when necessary.
RSA
Encryption key
Program flowcharts
UDDI
29. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users
Split DNS
Dial-in access controls
Personal identification number (PIN)
Allocation entry
30. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.
Fourth generation language (4GL)
Nonrepudiation
Modem (modulator-demodulator)
External router
31. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically
Link editor (linkage editor)
Independent appearance
Judgment sampling
Integrated services digital network (ISDN)
32. A fail-over process in which there are two nodes (as in idle standby but without priority). The node that enters the cluster first owns the resource group; and the second will join as a standby node.
Degauss
Rotating standby
False negative
Promiscuous mode
33. A networking device that can send (route) data packets from one local area network (LAN) or wide area network (WAN) to another; based on addressing at the network layer (Layer 3) in the OSI model. Networks connected by routers can use different or si
Router
Fault tolerance
Protocol stack
Waterfall development
34. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking
Electronic cash
Optical scanner
Record; screen and report layouts
Decryption key
35. The transmission of more than one signal across a physical channel
Multiplexing
Software
Permanent virtual circuit (PVC)
Alpha
36. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.
Logon
Spanning port
Dumb terminal
Internal control
37. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.
Test programs
Electronic funds transfer (EFT)
Real-time processing
Decentralization
38. The process of creating and managing duplicate versions of a database. Replication not only copies a database but also synchronizes a set of replicas so that changes made to one replica are reflected in all the others. The beauty of replication is th
Data security
Numeric check
Database replication
Professional competence
39. Computer programs provided by a computer hardware manufacturer or software vendor and used in running the system. This technique can be used to examine processing activities; to test programs; system activities and operational procedures; to evaluate
Surge suppressor
Utility software
Buffer
Criteria
40. A testing technique that is used to evaluate output from one application; while the information is sent as input to another application
Interface testing
Coaxial cable
Link editor (linkage editor)
SYN (synchronize)
41. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.
Fail-over
Bus
Access path
Database specifications
42. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context
Budget
Firewall
Materiality
Virus
43. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig
Data leakage
Application maintenance review
Bridge
Fiber optic cable
44. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management
implementation life cycle review
Database administrator (DBA)
Cathode ray tube (CRT)
DNS (domain name system)
45. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei
Components (as in component-based development)
Bus topology
Project sponsor
Echo checks
46. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function
Split DNS
Communications controller
Source code
Data communications
47. A telecommunications carrier's facilities in a local area in which service is provided where local service is switched to long distance
General computer controls
Central office (CO)
Service bureau
Data dictionary
48. A testing approach that uses knowledge of a program/module's underlying implementation and code intervals to verify its expected behavior.
Star topology
Interface testing
Finger
Whitebox testing
49. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making
Management information system (MIS)
DNS (domain name system)
Asynchronous transmission
Validity check
50. Source lines of code are often used in deriving single-point software-size estimations.
Source lines of code (SLOC)
Authentication
Source code
Protocol stack