SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A group of computers connected by a communications network; where the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server but it
Monitor
Systems development life cycle (SDLC)
Redundancy check
Client-server
2. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain
Split data systems
X.25 interface
Budget organization
Digital signature
3. Standard that defines how global directories should be structured. X.500 directories are hierarchical with different levels for each category of information; such as country; state and city.
Cohesion
Hexadecimal
X.500
Web site
4. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user
Public key cryptosystem
Coaxial cable
Arithmetic-logic unit (ALU)
Cold site
5. The process of electronically inputting source documents by taking an image of the document; thereby eliminating the need for key entry
Image processing
Telecommunications
Application implementation review
Packet filtering
6. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b
Reputational risk
Integrated test facilities (ITF)
System software
Logon
7. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.
Data-oriented systems development
Information processing facility (IPF)
DoS (denial-of-service) attack
Budget organization
8. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.
Electronic signature
Program narratives
Brouters
Uninterruptible power supply (UPS)
9. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti
Intrusion
Man-in-the-middle attack
Finger
Electronic vaulting
10. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Object code
Normalization
Netware
Record; screen and report layouts
11. Diligence which a person would exercise under a given set of circumstances
Audit sampling
Addressing
Due care
Internal storage
12. A statement of the position within the organization; including lines of reporting and the rights of access
Normalization
Operating system audit trails
Bar code
Audit authority
13. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer
Source documents
Executable code
Ciphertext
Control section
14. Provide verification that all transmitted data are read and processed
System software
Baseband
Logoff
Run-to-run totals
15. Range checks ensure that data fall within a predetermined range (also see limit checks).
Tuple
Internet banking
Decryption key
Range check
16. Error control deviations (compliance testing) or misstatements (substantive testing)
Error
Indexed sequential file
Asynchronous transmission
Middleware
17. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically
Initial program load (IPL)
False positive
Application maintenance review
Judgment sampling
18. A fail-over process; which is basically a two-way idle standby: two servers are configured so that both can take over the other node's resource group. Both must have enough CPU power to run both applications with sufficient speed; or performance loss
Port
Mutual takeover
Network administrator
Materiality
19. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of
DMZ (demilitarized zone)
Degauss
Access path
Brute force
20. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system
Datagram
Central processing unit (CPU)
Password
Integrated test facilities (ITF)
21. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)
Database replication
Bandwidth
Uploading
Mapping
22. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.
Teleprocessing
Computer sequence checking
Repudiation
Edit controls
23. The machine language code that is generally referred to as the object or load module
Batch processing
Finger
Peripherals
Executable code
24. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network
ASP/MSP (application or managed service provider)
Link editor (linkage editor)
Piggy backing
Detailed IS ontrols
25. The organization using the outsourced service
Service user
Integrated services digital network (ISDN)
Edit controls
Voice mail
26. An interface between data terminal equipment (DTE) and data circuit-terminating equipment (DCE) for terminals operating in the packet mode on some public data networks
Privacy
Consumer
Symmetric key encryption
X.25 interface
27. Data unit that is routed from source to destination in a packet-switched network. A packet contains both routing information and data. Transmission control protocol/Internet protocol (TCP/IP) is such a packet-switched network.
Symmetric key encryption
Recovery time objective (RTO)
Packet
Utility programs
28. A telecommunications traffic controlling methodology in which a complete message is sent to a concentration point and stored until the communications path is established
Abend
Audit charter
Privilege
Message switching
29. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system
Compliance testing
Untrustworthy host
Split data systems
IDS (intrusion detection system)
30. Faking the sending address of a transmission in order to gain illegal entry into a secure system
Spoofing
Intranet
Fscal year
Monitoring policy
31. A resource whose loss will result in the loss of service or production
Auditability
Application proxy
Geographic disk mirroring
Single point of failure
32. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su
Business impact analysis (BIA)
Sniff
Security perimeter
Interface testing
33. A card reader that reads cards with a magnetizable surface on which data can be stored and retrieved
Screening routers
Payment system
Misuse detection
Magnetic card reader
34. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.
Downtime report
Trap door
Client-server
Bus
35. Relates to the technical and physical features of the computer
Hash function
Corrective controls
Third-party review
Hardware
36. A destructive computer program that spreads from computer to computer using a range of methods; including infecting floppy disks and other programs. Viruses typically attach themselves to a program and modify it so that the virus code runs when the p
Asynchronous Transfer Mode (ATM)
Source lines of code (SLOC)
Business process reengineering (BPR)
Virus
37. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.
Credit risk
Comprehensive audit
Ciphertext
Database management system (DBMS)
38. Detection on the basis of whether the system activity matched that defined as abnormal
Digital certification
Attribute sampling
Table look-ups
Anomaly detection
39. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm
UDP (User Datagram Protocol)
Scure socket layer (SSL)
Asymmetric key (public key)
Intranet
40. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is
Computer sequence checking
Ciphertext
Expert systems
Budget formula
41. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product
Ethernet
Request for proposal (RFP)
Control group
Rootkit
42. The proportion of known attacks detected by an intrusion detection system
False negative
TCP (transmission control protocol)
End-user computing
Coverage
43. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.
Software
TCP (transmission control protocol)
Compensating control
Components (as in component-based development)
44. The act of connecting to the computer. It typically requires entry of a user ID and password into a computer terminal.
Service level agreement (SLA)
Logon
Default password
ASCII (American Standard Code for Information Interchange)
45. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.
Systems acquisition process
Terms of reference
Business-to-consumer e-commerce (B2C)
ASP/MSP (application or managed service provider)
46. The process of taking an unencrypted message (plaintext); applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)
Encryption
Edit controls
Worm
L2TP (Layer 2 tunneling protocol)
47. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file
Access rights
Standing data
Datagram
System testing
48. A methodology that enables organisations to develop strategically important systems faster; while reducing development costs and maintaining quality by using a series of proven application development techniques; within a well-defined methodology.
Rapid application development
Warm-site
Duplex routing
RADIUS
49. An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions
Inherent risk
Logical access controls
Compensating control
Compiler
50. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research (can be alpha or numeric and usually utilizes a key field)
Run instructions
Concurrent access
Sequence check
Relevant audit evidence