Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The relationships among files in a database and among data items within each file






2. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.






3. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






4. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof






5. The act of verifying the identity of a system entity (e.g.; a user; a system; a network node) and the entity's eligibility to access computerized information. Designed to protect against fraudulent logon activity. Authentication can also refer to the






6. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto






7. Any intentional violation of the security policy of a system






8. A report that identifies the elapsed time when a computer is not operating correctly because of machine failure






9. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl






10. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.






11. A set of metrics designed to measure the extent to which performance objectives are being achieved on an on-going basis. They can include service level agreements; critical success factors; customer satisfaction ratings; internal or external benchmar






12. Used in data encryption; it uses a secret key to encrypt the plaintext to the ciphertext. It also uses the same key to decrypt the ciphertext to the corresponding plaintext. In this case; the key is symmetric such that the encryption key is equivalen






13. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator






14. Unusual or statistically rare






15. These are the requirements for establishing a database application. They include field definitions; field requirements and reporting requirements for the individual information in the database.






16. A document that confirms the client's and the IS auditor's acceptance of a review assignment






17. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain






18. Error control deviations (compliance testing) or misstatements (substantive testing)






19. An interface point between the CPU and a peripheral device






20. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm






21. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.






22. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.






23. An interface between data terminal equipment (DTE) and data circuit-terminating equipment (DCE) for terminals operating in the packet mode on some public data networks






24. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne






25. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and






26. Specifies the format of packets and the addressing scheme






27. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack






28. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis






29. The process of actually entering transactions into computerized or manual files. Such transactions might immediately update the master files or may result in memo posting; in which the transactions are accumulated over a period of time; then applied






30. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system






31. Detection on the basis of whether the system activity matched that defined as abnormal






32. A networking device that can send (route) data packets from one local area network (LAN) or wide area network (WAN) to another; based on addressing at the network layer (Layer 3) in the OSI model. Networks connected by routers can use different or si






33. Universal Description; Discovery and Integration






34. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature






35. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development






36. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus






37. The specific information subject to the IS auditor's report and related procedures which can include things such as the design or operation of internal controls and compliance with privacy practices or standards or specified laws and regulations.






38. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).






39. Risks that could impact the organization's ability to perform business or provide a service. They can be financial; regulatory or control oriented.






40. Disconnecting from the computer






41. General controls which are designed to manage and monitor the IS environment and which; therefore; affect all IS-related activities






42. An attack capturing sensitive pieces of information; such as passwords; passing through the network






43. A measurement of the point prior to an outage to which data are to be restored






44. A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements






45. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules






46. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making






47. A language; which enables electronic documents that present information that can be connected together by links instead of being presented sequentially; as is the case with normal text.






48. A type of service providing an authentication and accounting system often used for dial-up and remote access security






49. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim






50. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.